redirect: when following redirects to an absolute URL, URL encode it

bagder · bagder · commit c6f250c4d6a8 · 2019-10-02T07:53:32.000+02:00
... to make it handle for example (RFC violating) embeded spaces. Reported-by: momala454 on github Fixes #4445 Closes #4447
diff --git a/lib/transfer.c b/lib/transfer.c
@@ -1591,7 +1591,8 @@ CURLcode Curl_follow(struct Curl_easy *data,
 
   DEBUGASSERT(data->state.uh);
   uc = curl_url_set(data->state.uh, CURLUPART_URL, newurl,
-                    (type == FOLLOW_FAKE) ? CURLU_NON_SUPPORT_SCHEME : 0);
+                    (type == FOLLOW_FAKE) ? CURLU_NON_SUPPORT_SCHEME :
+                    ((type == FOLLOW_REDIR) ? CURLU_URLENCODE : 0) );
   if(uc) {
     if(type != FOLLOW_FAKE)
       return Curl_uc_to_curlcode(uc);
diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
@@ -84,6 +84,7 @@ test626 test627 test628 test629 test630 test631 test632 test633 test634 \
 test635 test636 test637 test638 test639 test640 test641 test642 \
 test643 test644 test645 test646 test647 test648 test649 test650 test651 \
 test652 test653 test654 test655 test656 test658 test659 test660 test661 \
+test662 \
 \
 test700 test701 test702 test703 test704 test705 test706 test707 test708 \
 test709 test710 test711 test712 test713 test714 test715 test716 test717 \
diff --git a/tests/data/test662 b/tests/data/test662
@@ -0,0 +1,75 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+HTTP GET
+followlocation
+</keywords>
+</info>
+#
+# Server-side
+<reply>
+<data>
+HTTP/1.1 302 OK
+Location: http://example.net/tes t case=/6620002
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+Content-Length: 0
+
+</data>
+<data2>
+HTTP/1.1 200 OK
+Location: this should be ignored
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+Content-Length: 5
+
+body
+</data2>
+<datacheck>
+HTTP/1.1 302 OK
+Location: http://example.net/tes t case=/6620002
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+Content-Length: 0
+
+HTTP/1.1 200 OK
+Location: this should be ignored
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+Content-Length: 5
+
+body
+</datacheck>
+</reply>
+
+#
+# Client-side
+<client>
+<server>
+http
+</server>
+ <name>
+HTTP redirect with whitespace in absolute Location: URL
+ </name>
+ <command>
+http://example.com/please/gimme/662 -L -x http://%HOSTIP:%HTTPPORT
+</command>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+<strip>
+^User-Agent:.*
+</strip>
+<protocol>
+GET http://example.com/please/gimme/662 HTTP/1.1
+Host: example.com
+Accept: */*
+Proxy-Connection: Keep-Alive
+
+GET http://example.net/tes%20t%20case=/6620002 HTTP/1.1
+Host: example.net
+Accept: */*
+Proxy-Connection: Keep-Alive
+
+</protocol>
+</verify>
+</testcase>

Original file line number	Diff line number	Diff line change
`@@ -84,6 +84,7 @@ test626 test627 test628 test629 test630 test631 test632 test633 test634 \`
`84`	`84`	`test635 test636 test637 test638 test639 test640 test641 test642 \`
`85`	`85`	`test643 test644 test645 test646 test647 test648 test649 test650 test651 \`
`86`	`86`	`test652 test653 test654 test655 test656 test658 test659 test660 test661 \`
	`87`	`+test662 \`
`87`	`88`	`\`
`88`	`89`	`test700 test701 test702 test703 test704 test705 test706 test707 test708 \`
`89`	`90`	`test709 test710 test711 test712 test713 test714 test715 test716 test717 \`