From 55228cf69fb27bab7f3c1525ed02a2cec2a88861 Mon Sep 17 00:00:00 2001
From: Jeremy Tan <jeremy@jx.tan.fake>
Date: Sun, 27 Oct 2013 15:45:46 +0800
Subject: [PATCH] Disallow control codes in urldecode

---
 server/fastcgi.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/server/fastcgi.c b/server/fastcgi.c
index 94742bd..c246781 100644
--- a/server/fastcgi.c
+++ b/server/fastcgi.c
@@ -548,7 +548,7 @@ char *FCGI_EscapeText(char *buf)
 char *FCGI_URLDecode(char *buf)
 {
 	char *head = buf, *tail = buf;
-	char hex[3] = {0};
+	char val, hex[3] = {0};
 
 	while (*tail) {
 		if (*tail == '%') { //%hh hex to char
@@ -556,7 +556,9 @@ char *FCGI_URLDecode(char *buf)
 			if (isxdigit(*tail) && isxdigit(*(tail+1))) {
 				hex[0] = *tail++;
 				hex[1] = *tail++;
-				*head++ = (char)strtol(hex, NULL, 16);
+				char val = (char)strtol(hex, NULL, 16);
+				//Control codes --> Space character
+				*head++ = (val < 0x20) ? 0x20 : val;
 			} else { //Not valid format; keep original
 				head++;
 			}
-- 
2.20.1