From 33f7485dedea90e0f80c6348fa8ac5f27c5052e0 Mon Sep 17 00:00:00 2001 From: Stephan Bergmann Date: Tue, 4 Sep 2018 16:45:00 +0200 Subject: Properly encode OAuth2 credentials Change-Id: Ic3edeae035262309e91fb01e3aca5c2f905bc3e5 Reviewed-on: https://gerrit.libreoffice.org/59986 Tested-by: Jenkins Reviewed-by: Stephan Bergmann --- a/src/libcmis/oauth2-providers.cxx +++ b/src/libcmis/oauth2-providers.cxx @@ -26,6 +26,8 @@ * instead of those above. */ +#include + #include #include @@ -45,6 +47,29 @@ #define HTML_PARSE_RECOVER 0 #endif +namespace { + +// See : +void addXWwwFormUrlencoded(std::string * buffer, std::string const & data) { + assert(buffer); + for (string::const_iterator i = data.begin(); i != data.end(); ++i) { + unsigned char c = static_cast(*i); + if (c == ' ' || c == '*' || c == '-' || c == '.' || (c >= '0' && c <= '9') + || (c >= 'A' && c <= 'Z') || c == '_' || (c >= 'a' && c <= 'z')) + { + *buffer += static_cast(c); + } else { + static const char hex[16] = { + '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F'}; + *buffer += '%'; + *buffer += hex[c >> 4]; + *buffer += hex[c & 0xF]; + } + } +} + +} + string OAuth2Providers::OAuth2Gdrive( HttpSession* session, const string& authUrl, const string& username, const string& password ) { @@ -97,7 +120,7 @@ return string( ); loginEmailPost += "Email="; - loginEmailPost += string( username ); + addXWwwFormUrlencoded(&loginEmailPost, username); istringstream loginEmailIs( loginEmailPost ); string loginEmailRes; @@ -119,7 +142,7 @@ return string( ); loginPasswdPost += "Passwd="; - loginPasswdPost += string( password ); + addXWwwFormUrlencoded(&loginPasswdPost, password); istringstream loginPasswdIs( loginPasswdPost ); string loginPasswdRes;