Confirmation strings are now invariant under URL-encoding. They are still

[disorder] / server / server.c

diff --git a/server/server.c b/server/server.c
index a7fad016992e5be6508b7184c8dbf42ed5f127d3..1e7c22fcc88d0166d71507c299833152130d61f0 100644 (file)
--- a/server/server.c
+++ b/server/server.c
@@ -1154,6 +1154,16 @@ static int c_users(struct conn *c,
   return 1;                            /* completed */
 }
 
+/** @brief Base64 mapping table for confirmation strings
+ *
+ * This is used with generic_to_base64() and generic_base64().  We cannot use
+ * the MIME table as that contains '+' and '=' which get quoted when
+ * URL-encoding.  (The CGI still does the URL encoding but it is desirable to
+ * avoid it being necessary.)
+ */
+static const char confirm_base64_table[] =
+  "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789/.*";
+
 static int c_register(struct conn *c,
                      char **vec,
                      int attribute((unused)) nvec) {
@@ -1166,7 +1176,8 @@ static int c_register(struct conn *c,
   buf = xmalloc_noptr(bufsize);
   offset = byte_snprintf(buf, bufsize, "%s;", vec[0]);
   gcry_randomize(buf + offset, CONFIRM_SIZE, GCRY_STRONG_RANDOM);
-  cs = mime_to_base64((uint8_t *)buf, offset + CONFIRM_SIZE);
+  cs = generic_to_base64((uint8_t *)buf, offset + CONFIRM_SIZE,
+                        confirm_base64_table);
   if(trackdb_adduser(vec[0], vec[1], config->default_rights, vec[2], cs))
     sink_writes(ev_writer_sink(c->w), "550 Cannot create user\n");
   else
@@ -1187,7 +1198,7 @@ static int c_confirm(struct conn *c,
     sink_writes(ev_writer_sink(c->w), "530 Authentication failure\n");
     return 1;
   }
-  if(!(user = mime_base64(vec[0], &nuser))
+  if(!(user = generic_base64(vec[0], &nuser, confirm_base64_table))
      || !(sep = memchr(user, ';', nuser))) {
     sink_writes(ev_writer_sink(c->w), "550 Malformed confirmation string\n");
     return 1;