aniani/elinks
1
0
Fork 0
mirror of https://github.com/rkd77/elinks.git synced 2024-11-04 08:17:17 -05:00
Code

follow_url: do not pass POST requests to scripts

Browse Source 
In follow_url, do not call the follow-url hook if the URI encodes a POST
request.  If scripts try to change such a URI, they can corrupt it and
cause problems later on.

This change can be reverted later when the URI structure is changed not
to store the POST data in the URI string.
This commit is contained in:
Miciah Dashiel Butler Masters 2011-10-27 19:56:59 +00:00
parent 3d4fe9c4d2
commit 56f1b5d834
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/session/task.c
View File

@ -646,8 +646,14 @@ follow_url(struct session *ses, struct uri *uri, unsigned char *target,
{
#ifdef CONFIG_SCRIPTING
static int follow_url_event_id = EVENT_NONE;
unsigned char *uristring = uri ? get_uri_string(uri, URI_BASE | URI_FRAGMENT) : NULL;
unsigned char *uristring;
uristring = uri && !uri->post ? get_uri_string(uri, URI_BASE | URI_FRAGMENT)
: NULL;
/* Do nothing if we do not have a URI or if it is a POST request
* because scripts can corrupt POST requests leading to bad
* things happening later on. */
if (!uristring) {
do_follow_url(ses, uri, target, task, cache_mode, referrer);
return;