From: Daniel Stenberg <daniel@haxx.se>
Date: Tue, 1 Oct 2019 07:54:21 +0000 (+0200)
Subject: redirect: when following redirects to an absolute URL, URL encode it
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=c6f250c4d6a8964a24d99aaf0e0cb81ab9cb293f;p=curl

redirect: when following redirects to an absolute URL, URL encode it

... to make it handle for example (RFC violating) embeded spaces.

Reported-by: momala454 on github
Fixes #4445
Closes #4447
---

diff --git a/lib/transfer.c b/lib/transfer.c
index 44aa10971..421c8d2d0 100644
--- a/lib/transfer.c
+++ b/lib/transfer.c
@@ -1591,7 +1591,8 @@ CURLcode Curl_follow(struct Curl_easy *data,
 
   DEBUGASSERT(data->state.uh);
   uc = curl_url_set(data->state.uh, CURLUPART_URL, newurl,
-                    (type == FOLLOW_FAKE) ? CURLU_NON_SUPPORT_SCHEME : 0);
+                    (type == FOLLOW_FAKE) ? CURLU_NON_SUPPORT_SCHEME :
+                    ((type == FOLLOW_REDIR) ? CURLU_URLENCODE : 0) );
   if(uc) {
     if(type != FOLLOW_FAKE)
       return Curl_uc_to_curlcode(uc);
diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
index a4f06fd1f..7d237325d 100644
--- a/tests/data/Makefile.inc
+++ b/tests/data/Makefile.inc
@@ -84,6 +84,7 @@ test626 test627 test628 test629 test630 test631 test632 test633 test634 \
 test635 test636 test637 test638 test639 test640 test641 test642 \
 test643 test644 test645 test646 test647 test648 test649 test650 test651 \
 test652 test653 test654 test655 test656 test658 test659 test660 test661 \
+test662 \
 \
 test700 test701 test702 test703 test704 test705 test706 test707 test708 \
 test709 test710 test711 test712 test713 test714 test715 test716 test717 \
diff --git a/tests/data/test662 b/tests/data/test662
new file mode 100644
index 000000000..192338501
--- /dev/null
+++ b/tests/data/test662
@@ -0,0 +1,75 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+HTTP GET
+followlocation
+</keywords>
+</info>
+#
+# Server-side
+<reply>
+<data>
+HTTP/1.1 302 OK
+Location: http://example.net/tes t case=/6620002
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+Content-Length: 0
+
+</data>
+<data2>
+HTTP/1.1 200 OK
+Location: this should be ignored
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+Content-Length: 5
+
+body
+</data2>
+<datacheck>
+HTTP/1.1 302 OK
+Location: http://example.net/tes t case=/6620002
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+Content-Length: 0
+
+HTTP/1.1 200 OK
+Location: this should be ignored
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+Content-Length: 5
+
+body
+</datacheck>
+</reply>
+
+#
+# Client-side
+<client>
+<server>
+http
+</server>
+ <name>
+HTTP redirect with whitespace in absolute Location: URL
+ </name>
+ <command>
+http://example.com/please/gimme/662 -L -x http://%HOSTIP:%HTTPPORT
+</command>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+<strip>
+^User-Agent:.*
+</strip>
+<protocol>
+GET http://example.com/please/gimme/662 HTTP/1.1
+Host: example.com
+Accept: */*
+Proxy-Connection: Keep-Alive
+
+GET http://example.net/tes%20t%20case=/6620002 HTTP/1.1
+Host: example.net
+Accept: */*
+Proxy-Connection: Keep-Alive
+
+</protocol>
+</verify>
+</testcase>