From 412e2cc17c1661bd0b86c7bc9d2c8956dd130616 Mon Sep 17 00:00:00 2001
From: Jacob Reid <jreid@iteris.com>
Date: Thu, 30 Jul 2020 15:27:53 -0500
Subject: [PATCH] Use a more resilient technique for parsing GET and POST

The original method could be broken and forced into an infinite loop by
some strings containing an '!' character.
---
 cgi-bin/httputils | 49 +++++++++++++++++------------------------------
 1 file changed, 18 insertions(+), 31 deletions(-)

diff --git a/cgi-bin/httputils b/cgi-bin/httputils
index ec2e2b3..de0fc16 100755
--- a/cgi-bin/httputils
+++ b/cgi-bin/httputils
@@ -10,41 +10,28 @@ read_POST_vars() {
 }
 
 parse_POST_params() {
-  local q p k v
 
-  if [[ ! "${QUERY_STRING_POST}" ]]; then
-    return
-  fi
-
-  q="${QUERY_STRING_POST}&"
-
-  while [[ ! -z "$q" ]]; do
-    p="${q%%&*}"  # get first part of query string
-    k="${p%%=*}"  # get the key (variable name) from it
-    v="${p#*=}"   # get the value from it
-    q="${q#$p&*}" # strip first part from query string
-
-    POST_PARAMS["${k}"]="${v}"
-  done
+saveIFS=$IFS
+IFS='=&'
+parm=($QUERY_STRING_POST)
+IFS=$saveIFS
+for ((i=0; i<${#parm[@]}; i+=2))
+do
+    POST_PARAMS[${parm[i]}]=${parm[i+1]}
+done
+return
 }
 
 parse_GET_params() {
-  local q p k v
-
-  if [[ ! "${QUERY_STRING}" ]]; then
-    return
-  fi
-
-  q="${QUERY_STRING}&"
-
-  while [[ ! -z "$q" ]]; do
-    p="${q%%&*}"  # get first part of query string
-    k="${p%%=*}"  # get the key (variable name) from it
-    v="${p#*=}"   # get the value from it
-    q="${q#$p&*}" # strip first part from query string
-
-    GET_PARAMS["${k}"]="${v}"
-  done
+saveIFS=$IFS
+IFS='=&'
+parm=($QUERY_STRING)
+IFS=$saveIFS
+for ((i=0; i<${#parm[@]}; i+=2))
+do
+    GET_PARAMS[${parm[i]}]=${parm[i+1]}
+done
+return
 }
 
 read_POST_vars