summaryrefslogtreecommitdiff
path: root/external
diff options
context:
space:
mode:
authorStephan Bergmann <sbergman@redhat.com>2018-09-04 16:45:00 +0200
committerStephan Bergmann <sbergman@redhat.com>2018-09-04 20:00:38 +0200
commit33f7485dedea90e0f80c6348fa8ac5f27c5052e0 (patch)
treeddccd791593e733ebd5bc3148283cf95c7bc2a71 /external
parent7e7a1ff3926e86705199aa9814089e90f01c02ed (diff)
Properly encode OAuth2 credentials
Change-Id: Ic3edeae035262309e91fb01e3aca5c2f905bc3e5 Reviewed-on: https://gerrit.libreoffice.org/59986 Tested-by: Jenkins Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
Diffstat (limited to 'external')
-rw-r--r--external/libcmis/UnpackedTarball_libcmis.mk1
-rw-r--r--external/libcmis/xwwwformurlencoded.patch.059
2 files changed, 60 insertions, 0 deletions
diff --git a/external/libcmis/UnpackedTarball_libcmis.mk b/external/libcmis/UnpackedTarball_libcmis.mk
index 0ec8f5182edc..8944fc024bc6 100644
--- a/external/libcmis/UnpackedTarball_libcmis.mk
+++ b/external/libcmis/UnpackedTarball_libcmis.mk
@@ -22,6 +22,7 @@ $(eval $(call gb_UnpackedTarball_add_patches,libcmis, \
external/libcmis/libcmis-fix-error-handling.patch \
external/libcmis/c++17.patch.0 \
external/libcmis/boost-1.68.patch.0 \
+ external/libcmis/xwwwformurlencoded.patch.0 \
))
ifeq ($(OS),WNT)
diff --git a/external/libcmis/xwwwformurlencoded.patch.0 b/external/libcmis/xwwwformurlencoded.patch.0
new file mode 100644
index 000000000000..b9f779cc6e80
--- /dev/null
+++ b/external/libcmis/xwwwformurlencoded.patch.0
@@ -0,0 +1,59 @@
+--- src/libcmis/oauth2-providers.cxx
++++ src/libcmis/oauth2-providers.cxx
+@@ -26,6 +26,8 @@
+ * instead of those above.
+ */
+
++#include <cassert>
++
+ #include <libxml/HTMLparser.h>
+ #include <libxml/xmlreader.h>
+
+@@ -45,6 +47,29 @@
+ #define HTML_PARSE_RECOVER 0
+ #endif
+
++namespace {
++
++// See <https://url.spec.whatwg.org/#concept-urlencoded-byte-serializer>:
++void addXWwwFormUrlencoded(std::string * buffer, std::string const & data) {
++ assert(buffer);
++ for (string::const_iterator i = data.begin(); i != data.end(); ++i) {
++ unsigned char c = static_cast<unsigned char>(*i);
++ if (c == ' ' || c == '*' || c == '-' || c == '.' || (c >= '0' && c <= '9')
++ || (c >= 'A' && c <= 'Z') || c == '_' || (c >= 'a' && c <= 'z'))
++ {
++ *buffer += static_cast<char>(c);
++ } else {
++ static const char hex[16] = {
++ '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F'};
++ *buffer += '%';
++ *buffer += hex[c >> 4];
++ *buffer += hex[c & 0xF];
++ }
++ }
++}
++
++}
++
+ string OAuth2Providers::OAuth2Gdrive( HttpSession* session, const string& authUrl,
+ const string& username, const string& password )
+ {
+@@ -97,7 +120,7 @@
+ return string( );
+
+ loginEmailPost += "Email=";
+- loginEmailPost += string( username );
++ addXWwwFormUrlencoded(&loginEmailPost, username);
+
+ istringstream loginEmailIs( loginEmailPost );
+ string loginEmailRes;
+@@ -119,7 +142,7 @@
+ return string( );
+
+ loginPasswdPost += "Passwd=";
+- loginPasswdPost += string( password );
++ addXWwwFormUrlencoded(&loginPasswdPost, password);
+
+ istringstream loginPasswdIs( loginPasswdPost );
+ string loginPasswdRes;