From: Kristiyan Tsaklev Date: Sat, 7 Oct 2017 14:47:11 +0000 (+0300) Subject: curl: don't pass semicolons when parsing Content-Disposition X-Git-Tag: curl-7_56_1~42 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=c95c92da7584483368c8761c8cca276b5401530c;p=curl curl: don't pass semicolons when parsing Content-Disposition Test 1422 updated to verify. Closes #1964 --- diff --git a/src/tool_cb_hdr.c b/src/tool_cb_hdr.c index bb982d2e4..7f2181f40 100644 --- a/src/tool_cb_hdr.c +++ b/src/tool_cb_hdr.c @@ -161,8 +161,13 @@ static char *parse_filename(const char *ptr, size_t len) else stop = ';'; + /* scan for the end letter and stop there */ + q = strchr(p, stop); + if(q) + *q = '\0'; + /* if the filename contains a path, only use filename portion */ - q = strrchr(copy, '/'); + q = strrchr(p, '/'); if(q) { p = q + 1; if(!*p) { @@ -183,14 +188,6 @@ static char *parse_filename(const char *ptr, size_t len) } } - /* scan for the end letter and stop there */ - for(q = p; *q; ++q) { - if(*q == stop) { - *q = '\0'; - break; - } - } - /* make sure the file name doesn't end in \r or \n */ q = strchr(p, '\r'); if(q) diff --git a/tests/data/test1422 b/tests/data/test1422 index 9b436cc4e..df9d750dd 100644 --- a/tests/data/test1422 +++ b/tests/data/test1422 @@ -16,7 +16,7 @@ Server: test-server/fake Content-Length: 0 Connection: close Content-Type: text/html -Content-Disposition: filename=name1422; charset=funny; option=strange +Content-Disposition: filename=name1422; charset=funny; option=str//nge