From d249f225bae154ef0d777561f4c0ecc57d3083a4 Mon Sep 17 00:00:00 2001
From: Dominika Liberda <ja@sdomi.pl>
Date: Wed, 2 Jun 2021 00:19:14 +0200
Subject: [PATCH] * even better sanitization in proxy

---
 src/response/proxy.sh | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/response/proxy.sh b/src/response/proxy.sh
index 178e246..755557a 100755
--- a/src/response/proxy.sh
+++ b/src/response/proxy.sh
@@ -9,11 +9,14 @@ host="$(sed -E 's@http(s|)://@@;s@/.*@@' <<< "$url")"
 proxy_url="$(sed -E 's/\?.*//g' <<< "${r[url]}")"
 headers="$(tr '\r' '\n' <<< "${r[req_headers]}")"
 headers+=$'\n'
+#params=()
 
 while read line; do
 	if [[ "$line" != "GET"* && "$line" != "Host:"* && "$line" != '' ]]; then
-		params+="-H '$line' "
+		args+=('-H')
+		args+=("$line")
 	fi
 done <<< "$headers"
 
-curl -v --http1.1 "$url" "$params" -D /dev/stdout | grep -aiv "Transfer-Encoding: chunked" | sed -E '/Location/s/\?/%3f/g;/Location/s/\&/%26/g;s@Location: @Location: '"$proxy_url"'?'"${cfg[proxy_param]}"'=@'
+curl --http1.1 "$url" "${args[@]}" -D /dev/stdout | grep -aiv "Transfer-Encoding: chunked" | sed -E '/Location/s/\?/%3f/g;/Location/s/\&/%26/g;/Location/s/\:/%3a/g;/Location/s@/@%2f@g;s@Location%3a @Location: '"$proxy_url"'?'"${cfg[proxy_param]}"'=@'
+