1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
|
$NetBSD: patch-aa,v 1.4 2006/11/29 22:21:30 mjl Exp $
--- auction.c.orig Wed Oct 19 13:37:59 2005
+++ auction.c
@@ -28,6 +28,7 @@
#include "buffer.h"
#include "http.h"
#include <ctype.h>
+#include <curl/curl.h>
#include <limits.h>
#include <stdio.h>
#include <stdlib.h>
@@ -1189,7 +1190,7 @@ ebayLogin(auctionInfo *aip)
char *url, *logUrl;
pageInfo_t *pp;
int ret = 0;
- char *password;
+ char *password, *escapedPassword;
if (!(mp = httpGet(LOGIN_1_URL, NULL)))
return httpError(aip);
@@ -1198,11 +1199,18 @@ ebayLogin(auctionInfo *aip)
urlLen = sizeof(LOGIN_2_URL) + strlen(options.username);
password = getPassword();
- url = malloc(urlLen + strlen(password));
+ if ((escapedPassword = curl_escape(password, strlen(password))) == NULL) {
+ log(("ebayLogin(): Could not URL-encode the password"));
+ freePassword(password);
+ return 1;
+ }
+ freePassword(password);
+
+ url = malloc(urlLen + strlen(escapedPassword));
logUrl = malloc(urlLen + 5);
- sprintf(url, LOGIN_2_URL, options.username, password);
- freePassword(password);
+ sprintf(url, LOGIN_2_URL, options.username, escapedPassword);
+ curl_free(escapedPassword);
sprintf(logUrl, LOGIN_2_URL, options.username, "*****");
mp = httpGet(url, logUrl);
|