From a0d23e1603b9f7e358aa230f2434d0e93d590a2d Mon Sep 17 00:00:00 2001
From: Dominika Liberda <ja@sdomi.pl>
Date: Fri, 2 Apr 2021 20:05:20 +0200
Subject: [PATCH] * html_encode bugfix, changed default URL decode algorithm

---
 src/misc.sh   |  2 +-
 src/server.sh | 18 +++++++++---------
 2 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/src/misc.sh b/src/misc.sh
index 15dd988..f6516a1 100755
--- a/src/misc.sh
+++ b/src/misc.sh
@@ -39,7 +39,7 @@ function post_dump() {
 
 # html_encode(string)
 function html_encode() {
-	sed 's/</\&#60;/g;s/>/\&#62;/g;s/%/\&#37;/g;s/\//\&#47;/g;s/\\/\&#92;/g;s/'"'"'/\&#39;/g;s/"/\&#34;/g;s/`/\&#96;/g;s/?/\&#63;/g;s/\&/\&amp;/g' <<< "$1"
+	sed 's/\&/\&amp;/g;s/</\&#60;/g;s/>/\&#62;/g;s/%/\&#37;/g;s/\//\&#47;/g;s/\\/\&#92;/g;s/'"'"'/\&#39;/g;s/"/\&#34;/g;s/`/\&#96;/g;s/?/\&#63;/g;' <<< "$1"
 }
 
 # url_encode(string)
diff --git a/src/server.sh b/src/server.sh
index 96d2437..7405fd1 100755
--- a/src/server.sh
+++ b/src/server.sh
@@ -58,10 +58,10 @@ while read -r param; do
 	elif [[ "$param_l" == *"sec-websocket-key:"* ]]; then
 		r[websocket_key]="$(sed 's/Sec-WebSocket-Key: //i;s/\r//' <<< "$param")"
 		
-	elif [[ "$param_l" == *"authorization: Basic"* ]]; then
+	elif [[ "$param_l" == *"authorization: basic"* ]]; then
 		login_simple "$param"
 		
-	elif [[ "$param_l" == *"authorization: Bearer"* ]]; then
+	elif [[ "$param_l" == *"authorization: bearer"* ]]; then
 		r[authorization]="$(sed 's/Authorization: Bearer //i;s/\r//' <<< "$param")"
 
 	elif [[ "$param_l" == *"cookie: "* ]]; then
@@ -73,20 +73,20 @@ while read -r param; do
 		done
 		
 	elif [[ "$param" == *"GET "* ]]; then
-		r[url]="$(echo -ne "$(sed -E 's/GET //;s/HTTP\/[0-9]+\.[0-9]+//;s/ //g;s/\%/\\x/g;s/\/*\r//g;s/\/\/*/\//g' <<< "$param")")"
+		r[url]="$(echo -ne "$(url_decode "$(sed -E 's/GET //;s/HTTP\/[0-9]+\.[0-9]+//;s/ //g;s/\/*\r//g;s/\/\/*/\//g' <<< "$param")")")"
 		data="$(echo ${r[url]} | sed -E 's/^(.*)\?//;s/\&/ /g')"
 		if [[ "$data" != "${r[url]}" ]]; then
 			data="$(echo ${r[url]} | sed -E 's/^(.*)\?//')"
 			IFS='&'
 			for i in $data; do
-				name="$(echo $i | sed -E 's/\=(.*)$//')"
-				value="$(echo $i | sed "s/$name\=//")"
+				name="$(sed -E 's/\=(.*)$//' <<< "$i")"
+				value="$(sed "s/$name\=//" <<< "$i")"
 				get_data[$name]="$value"
 			done
 		fi
 		
 	elif [[ "$param" == *"POST "* ]]; then
-		r[url]="$(echo -ne "$(sed -E 's/POST //;s/HTTP\/[0-9]+\.[0-9]+//;s/ //g;s/\%/\\x/g;s/\/*\r//g;s/\/\/*/\//g' <<< "$param")")"
+		r[url]="$(echo -ne "$(url_decode "$(sed -E 's/POST //;s/HTTP\/[0-9]+\.[0-9]+//;s/ //g;s/\/*\r//g;s/\/\/*/\//g' <<< "$param")")")"
 		r[post]=true
 		# below shamelessly copied from GET, should be moved to a function
 		data="$(sed -E 's/^(.*)\?//;s/\&/ /g' <<< "${r[url]}")"
@@ -94,9 +94,9 @@ while read -r param; do
 			data="$(sed -E 's/^(.*)\?//' <<< "${r[url]}")"
 			IFS='&'
 			for i in $data; do
-				name="$(echo $i | sed -E 's/\=(.*)$//')"
-				value="$(echo $i | sed "s/$name\=//")"
-				get_data[$name]="$value"
+				name="$(sed -E 's/\=(.*)$//' <<< "$i")"
+				value="$(sed "s/$name\=//" <<< "$i")"
+				post_data[$name]="$value"
 			done
 		fi		
 	fi