Merge pull request #170 from bytefire/master

URL-decode user password before adding to authorization header.
2016-04-12 09:28:27 -03:00 · 2016-04-12 09:28:27 -03:00 · 6a0506ca44
parent 23ce5aeaa2 b9f6fd215a
commit 6a0506ca44
2 changed files with 5 additions and 4 deletions
--- a/src/http.lua
+++ b/src/http.lua
@ -222,7 +222,8 @@ local function adjustheaders(reqt)
    -- if we have authentication information, pass it along
    if reqt.user and reqt.password then
        lower["authorization"] =
-            "Basic " ..  (mime.b64(reqt.user .. ":" .. reqt.password))
+            "Basic " ..  (mime.b64(reqt.user .. ":" ..
+		url.unescape(reqt.password)))
    end
    -- if we have proxy authentication information, pass it along
    local proxy = reqt.proxy or _M.PROXY
--- a/src/url.lua
+++ b/src/url.lua
@ -64,11 +64,11 @@ local function protect_segment(s)
 end

 -----------------------------------------------------------------------------
-- Encodes a string into its escaped hexadecimal representation
+-- Unencodes a escaped hexadecimal string into its binary representation
 -- Input
--   s: binary string to be encoded
+--   s: escaped hexadecimal string to be unencoded
 -- Returns
--   escaped representation of string binary
+--   unescaped binary representation of escaped hexadecimal  binary
 -----------------------------------------------------------------------------
 function _M.unescape(s)
    return (string.gsub(s, "%%(%x%x)", function(hex)