From b56ffb88ec33bc28869b6a68031a3a5175d852cc Mon Sep 17 00:00:00 2001 From: Packit Date: Aug 20 2020 10:49:09 +0000 Subject: Apply patch 0001-Properly-encode-OAuth2-credentials.patch patch_name: 0001-Properly-encode-OAuth2-credentials.patch location_in_specfile: 10 present_in_specfile: true --- diff --git a/src/libcmis/oauth2-providers.cxx b/src/libcmis/oauth2-providers.cxx index 68a6aa5..e01a8a6 100644 --- a/src/libcmis/oauth2-providers.cxx +++ b/src/libcmis/oauth2-providers.cxx @@ -26,6 +26,8 @@ * instead of those above. */ +#include + #include #include @@ -34,6 +36,29 @@ using namespace std; +namespace { + +// See : +void addXWwwFormUrlencoded(std::string * buffer, std::string const & data) { + assert(buffer); + for (string::const_iterator i = data.begin(); i != data.end(); ++i) { + unsigned char c = static_cast(*i); + if (c == ' ' || c == '*' || c == '-' || c == '.' || (c >= '0' && c <= '9') + || (c >= 'A' && c <= 'Z') || c == '_' || (c >= 'a' && c <= 'z')) + { + *buffer += static_cast(c); + } else { + static const char hex[16] = { + '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F'}; + *buffer += '%'; + *buffer += hex[c >> 4]; + *buffer += hex[c & 0xF]; + } + } +} + +} + string OAuth2Providers::OAuth2Gdrive( HttpSession* session, const string& authUrl, const string& username, const string& password ) { @@ -71,7 +96,7 @@ string OAuth2Providers::OAuth2Gdrive( HttpSession* session, const string& authUr return string( ); loginEmailPost += "Email="; - loginEmailPost += string( username ); + addXWwwFormUrlencoded(&loginEmailPost, username); istringstream loginEmailIs( loginEmailPost ); string loginEmailRes; @@ -91,7 +116,7 @@ string OAuth2Providers::OAuth2Gdrive( HttpSession* session, const string& authUr return string( ); loginPasswdPost += "Passwd="; - loginPasswdPost += string( password ); + addXWwwFormUrlencoded(&loginPasswdPost, password); istringstream loginPasswdIs( loginPasswdPost ); string loginPasswdRes;