Overview
| SHA1 Hash: | 7100babda6b44844c5da6bcfaa9e6ef4cd3a90dd |
|---|---|
| Date: | 2009-09-21 16:14:33 |
| User: | drh |
| Comment: | Improved handling of spaces in usernames and passwords. |
| Timelines: | ancestors | descendants | both | trunk |
| Other Links: | files | ZIP archive | manifest |
Tags And Properties
- branch=trunk inherited from [a28c83647d]
- sym-trunk inherited from [a28c83647d]
Changes
[hide diffs]Modified src/url.c from [c5cf8d9b2a] to [118ae7487c].
@@ -65,12 +65,14 @@
}
for(i=iStart; (c=zUrl[i])!=0 && c!='/' && c!='@'; i++){}
if( c=='@' ){
for(j=iStart; j<i && zUrl[j]!=':'; j++){}
g.urlUser = mprintf("%.*s", j-iStart, &zUrl[iStart]);
+ dehttpize(g.urlUser);
if( j<i ){
g.urlPasswd = mprintf("%.*s", i-j-1, &zUrl[j+1]);
+ dehttpize(g.urlPasswd);
}
for(j=i+1; (c=zUrl[j])!=0 && c!='/' && c!=':'; j++){}
g.urlName = mprintf("%.*s", j-i-1, &zUrl[i+1]);
i = j;
}else{
Modified src/xfer.c from [0008bf7842] to [05ae6aecee].
@@ -383,17 +383,19 @@
** http_exchange() routine.
*/
void check_login(Blob *pLogin, Blob *pNonce, Blob *pSig){
Stmt q;
int rc = -1;
+ char *zLogin = blob_terminate(pLogin);
+ defossilize(zLogin);
db_prepare(&q,
"SELECT pw, cap, uid FROM user"
- " WHERE login=%B"
+ " WHERE login=%Q"
" AND login NOT IN ('anonymous','nobody','developer','reader')"
" AND length(pw)>0",
- pLogin
+ zLogin
);
if( db_step(&q)==SQLITE_ROW ){
Blob pw, combined, hash;
blob_zero(&pw);
db_ephemeral_blob(&q, 0, &pw);