From: Darren S. <li...@yo...> - 2008-06-17 15:36:31
|
# HG changeset patch # User Darren Salt <li...@yo...> # Date 1213714198 -3600 # Node ID ea67909236aad27da5c206244787589f3efb2694 # Parent 92ad7eeb66f5df7e56ae843fdacc3aa8d4f9f557 Properly encode name & password for HTTP authentication. diff -r ea67909236aad27da5c206244787589f3efb2694 -r 92ad7eeb66f5df7e56ae843fdacc3aa8d4f9f557 ChangeLog --- a/ChangeLog Tue Jun 17 15:49:58 2008 +0100 +++ b/ChangeLog Tue Jun 17 14:47:19 2008 +0100 @@ -1,6 +1,7 @@ 0.5.904: 2008/??/?? 0.5.904: 2008/??/?? * Add a lock to avoid a race which can cause GTK crashes when updating the console log window. + * Properly encode name & password for HTTP auth. (xine-lib 1.2) 0.5.903: 2008/06/12 * Apply auto-detection of DVD and VCD images to files & directories diff -r ea67909236aad27da5c206244787589f3efb2694 -r 92ad7eeb66f5df7e56ae843fdacc3aa8d4f9f557 src/playlist.c --- a/src/playlist.c Tue Jun 17 15:49:58 2008 +0100 +++ b/src/playlist.c Tue Jun 17 14:47:19 2008 +0100 @@ -1623,17 +1623,25 @@ static void play_next (void) } #ifdef XINE_MSG_AUTHENTICATION_NEEDED -static gboolean auth_validate (const char *text) -{ - if (!text || !*text) - return FALSE; +static char *auth_escape (GtkEntry *entry) +{ + const char *text = gtk_entry_get_text (entry); + char *dest = malloc (strlen (text) * 3 + 1); + char *ptr = dest; + while (*text) { unsigned char c = (unsigned char) *text++; - if (c < 33 || c == '/' || c == ':' || c == '@') - return FALSE; - } - return TRUE; + if (c < 33 || c == '/' || c == ':' || c == '@' || c > '~') + { + sprintf (ptr, "%%%02X", c); + ptr += 3; + } + else + *ptr++ = c; + } + *ptr = 0; + return dest; } static int display_auth (int args, const char *mrl) @@ -1657,13 +1665,8 @@ static int display_auth (int args, const if (gtk_dialog_run (auth.dbox) == GTK_RESPONSE_OK) { - const char *name = gtk_entry_get_text (auth.name); - const char *pass = gtk_entry_get_text (auth.pass); - if (!auth_validate (name) || !auth_validate (pass)) - { - display_error (FROM_GXINE, "%s", _("Authentication data contains invalid characters.")); - goto ret; - } + char *name = auth_escape (auth.name); + char *pass = auth_escape (auth.pass); host += 3; const char *at = strchr (host, '@'); @@ -1681,6 +1684,9 @@ static int display_auth (int args, const txt = g_strdup_printf ("%.*s%s:%s%s", (int)(host - mrl), mrl, name, pass, at); else txt = g_strdup_printf ("%.*s%s:%s@%s", (int)(host - mrl), mrl, name, pass, host); + + free (name); + free (pass); play_item_t *play_item; int pos; |