function to url decode a string

Re: function to url decode a string

"Ramprasad A Padmanabhan" <myname@netcore .co.in> wrote in message
news:3F1E7330.E 39D0DF7@netcore .co.in...[color=blue]
> Hello,
>
> Can anyone tell me where Can I find a function that can decode a url
> encoded string
>
> like
> ram%40domain.tl d ==> ram@domain.tld
>[/color]

Write one, isn't that what a programmer is being?
strip off the "%", then take the next 2 characters and convert them from
ascii-hex to ascii.

Re: function to url decode a string



Ramprasad A Padmanabhan wrote:[color=blue]
>
> Hello,
>
> Can anyone tell me where Can I find a function that can decode a url
> encoded string[/color]


This is a very common thing. Do a google search for cgi utilities
written in C.



Brian Rodenborn

Re: function to url decode a string


Ramprasad A Padmanabhan <myname@netcore .co.in> wrote in message
news:3F1E7330.E 39D0DF7@netcore .co.in...[color=blue]
> Hello,
>
> Can anyone tell me where Can I find a function that can decode a url
> encoded string
>
> like
> ram%40domain.tl d ==> ram@domain.tld[/color]


/* (no error checking included) */

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

void cvt(char *dest, const char *src)
{
const char *p = src;
char code[3] = {0};
unsigned long ascii = 0;
char *end = NULL;

while(*p)
{
if(*p == '%')
{
memcpy(code, ++p, 2);
ascii = strtoul(code, &end, 16);
*dest++ = (char)ascii;
p += 2;
}
else
*dest++ = *p++;
}
}

int main()
{
char in[] = "ram%40domain.t ld";
char out[sizeof in] = {0};
cvt(out, in);
printf("in == %s\nout == %s\n", in, out);
return 0;
}

-Mike

Re: function to url decode a string

On Wed, 23 Jul 2003 18:48:10 -0400, Mike Wahler wrote:[color=blue]
>
> /* (no error checking included) */
>[/color]
<snip>[color=blue]
> while(*p)
> {[/color]

This function should be called 'bugtraq'.

Mike

Re: function to url decode a string

Michael B Allen wrote:[color=blue]
>
> On Wed, 23 Jul 2003 18:48:10 -0400, Mike Wahler wrote:[color=green]
> >
> > /* (no error checking included) */
> >[/color]
> <snip>[color=green]
> > while(*p)
> > {[/color]
>
> This function should be called 'bugtraq'.
>
> Mike[/color]

Thanks , But I am not worried about any security risk in the function.
The function caller will do all the checking.

I am not a great programming expert and just a beginner with c But IMHO
it is not worth trying to trap all overflows in all functions and in the
end making the code very Heavy

If the this function is called *only* from my own script and I know
exactly what I am doing then i think it still will do

Thanks
Ram

Re: function to url decode a string


Michael B Allen <mba2000@ioplex .com> wrote in message
news:pan.2003.0 7.24.05.33.44.6 87436.21498@iop lex.com...[color=blue]
> On Wed, 23 Jul 2003 18:48:10 -0400, Mike Wahler wrote:[color=green]
> >
> > /* (no error checking included) */
> >[/color]
> <snip>[color=green]
> > while(*p)
> > {[/color]
>
> This function should be called 'bugtraq'.[/color]

It's a non-production *example*. I included a caveat
about no error checking. Call it what you will.

-Mike

Re: function to url decode a string

Ramprasad A Padmanabhan wrote:
[color=blue]
> Can anyone tell me where Can I find a function that can decode
> a url encoded string like ram%40domain.tl d ==> ram@domain.tld[/color]

Ram...

The code at http://www.iedu.com/mrd/c/kvp.c contains a function
to do the decoding you want. I'm sure that you can find much more
(and possibly much better code) with a Google search.
--
Morris Dovey
West Des Moines, Iowa USA
C links at http://www.iedu.com/c

Re: function to url decode a string

On Thu, 24 Jul 2003 18:29:29 +0530, Ramprasad A Padmanabhan wrote:
[color=blue]
> Michael B Allen wrote:[color=green]
>>
>> On Wed, 23 Jul 2003 18:48:10 -0400, Mike Wahler wrote:[color=darkred]
>> >
>> > /* (no error checking included) */
>> >[/color]
>> <snip>[color=darkred]
>> > while(*p)
>> > {[/color]
>>
>> This function should be called 'bugtraq'.
>>
>> Mike[/color]
>
> Thanks , But I am not worried about any security risk in the function.
> The function caller will do all the checking.[/color]

This isn't likely IMO. Given an interface like the above, it's much hard
to check that the arguments are good to use.
Personally I'd recommend looking at a real string API
http://www.and.org/vstr/comparison.html ... the first on the list has
uri encode/decode functions.

If you want to pretend you don't need one then the libclc function
discussed a couple of days ago, in this very group, would be a better
starting point.
[color=blue]
> I am not a great programming expert and just a beginner with c But IMHO
> it is not worth trying to trap all overflows in all functions and in the
> end making the code very Heavy[/color]

This is a misconception due to your inexperience, stopping errors
_always_ needs to be done and if done properly doesn't make the code any
heavier.

--
James Antill -- james@and.org
Need an efficent and powerful string library for C?

Re: function to url decode a string

On Wed, 23 Jul 2003 18:48:10 -0400, Mike Wahler wrote:
[color=blue]
> If the this function is called *only* from my own script and I know
> exactly what I am doing then i think it still will do[/color]

A URL is something that is almost invariably supplied by a user or suppied
by a program. In both cases unless *you* are always the one typing in the
URL your code must consider errnoeous input. Poor URL processing is a
favorite target of crackers.

The below code should be correct and safe although I have only tested
it with the one input.

Mike

--8<--

#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <ctype.h>
#include <stdio.h>

int
url_decode(cons t char *src, const char *slim, char *dst, char *dlim)
{
int state = 0, code;
char *start = dst;

if (dst >= dlim) {
return 0;
}
dlim--; /* ensure spot for '\0' */

while (src < slim && dst < dlim) {
switch (state) {
case 0:
if (*src == '%') {
state = 1;
} else {
*dst++ = *src;
}
break;
case 1:
code = *src - 48;
case 2:
if (isdigit(*src) == 0) {
errno = EILSEQ;
return -1;
}
if (state == 2) {
*dst++ = (code * 16) + *src - 48;
state = 0;
} else {
state = 2;
}
break;
}
src++;
}
*dst = '\0'; /* I'll be back */

return dst - start;
}

int main()
{
const char *src = "ram%40domain.t ld/a/b/c%40d/%24%40%24abc";
char dst[1024];

if (url_decode(src , src + strlen(src), dst, dst + 1024) == -1) {
perror("url_dec ode");
return EXIT_FAILURE;
}
puts(src);
puts(dst);

return EXIT_SUCCESS;
}

Re: function to url decode a string

James Antill wrote:[color=blue]
>
> On Thu, 24 Jul 2003 18:29:29 +0530, Ramprasad A Padmanabhan wrote:
>[color=green]
> > Michael B Allen wrote:[color=darkred]
> >>
> >> On Wed, 23 Jul 2003 18:48:10 -0400, Mike Wahler wrote:
> >> >
> >> > /* (no error checking included) */
> >> >
> >> <snip>
> >> > while(*p)
> >> > {
> >>
> >> This function should be called 'bugtraq'.
> >>
> >> Mike[/color]
> >
> > Thanks , But I am not worried about any security risk in the function.
> > The function caller will do all the checking.[/color]
>
> This isn't likely IMO. Given an interface like the above, it's much hard
> to check that the arguments are good to use.
> Personally I'd recommend looking at a real string API
> http://www.and.org/vstr/comparison.html ... the first on the list has
> uri encode/decode functions.
>
> If you want to pretend you don't need one then the libclc function
> discussed a couple of days ago, in this very group, would be a better
> starting point.
>[color=green]
> > I am not a great programming expert and just a beginner with c But IMHO
> > it is not worth trying to trap all overflows in all functions and in the
> > end making the code very Heavy[/color]
>
> This is a misconception due to your inexperience, stopping errors
> _always_ needs to be done and if done properly doesn't make the code any
> heavier.[/color]

Why not ? I just want to get my fundamentals clear and not argue that I
am right

If a string is used in function A() and within A() in B() and within B()
in C()
Then If I check the string( for some error condition ) I will do it only
only A() because B() and C() are not exposed at all directly

If I include the check in B() and in C() then there are more if's and
else's in my function then how can that be a better code

Ram

Re: function to url decode a string

On Thu, 24 Jul 2003 16:19:49 -0400, Michael B Allen wrote:
[color=blue]
> On Wed, 23 Jul 2003 18:48:10 -0400, Mike Wahler wrote:
>[color=green]
>> If the this function is called *only* from my own script and I know
>> exactly what I am doing then i think it still will do[/color]
>
> A URL is something that is almost invariably supplied by a user or
> suppied by a program. In both cases unless *you* are always the one
> typing in the URL your code must consider errnoeous input. Poor URL
> processing is a favorite target of crackers.
>
> The below code should be correct and safe although I have only tested it
> with the one input.[/color]

And thus it did not convert all hex digits correctly. See the state
machine example on the homepage for an updated version.



Mike