deblan/journalduhacker
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Sponge: keep user-supplied headers separate

Browse source 
when doing redirections, continue with the user-supplied headers,
not the ones we've been accumulating

fixes the problem of sending the wrong Host header to a redirection
This commit is contained in:
joshua stein 2014-07-02 09:58:52 -05:00
parent 416a5de6e4
commit 6174573fbe
1 changed files with 10 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
extras/sponge.rb
View file

@ -124,23 +124,25 @@ class Sponge
host.verify_mode = OpenSSL::SSL::VERIFY_NONE
end
send_headers = headers.dup
path = (uri.path == "" ? "/" : uri.path)
if uri.query
path += "?" + uri.query
elsif method == :get && raw_post_data
path += "?" + URI.encode(raw_post_data)
headers["Content-type"] = "application/x-www-form-urlencoded"
send_headers["Content-type"] = "application/x-www-form-urlencoded"
end
if method == :post
if raw_post_data
post_data = raw_post_data
headers["Content-type"] = "application/x-www-form-urlencoded"
send_headers["Content-type"] = "application/x-www-form-urlencoded"
else
post_data = fields.map{|k,v| "#{k}=#{v}" }.join("&")
end
headers["Content-Length"] = post_data.length.to_s
send_headers["Content-Length"] = post_data.length.to_s
end
path.gsub!(/^\/\//, "/")
@ -149,23 +151,23 @@ class Sponge
uri.user + "/" + ("*" * uri.password.length) + " " : "") +
"by #{method} with cookies #{cookies(uri.host)}"
headers = {
send_headers = {
"Host" => uri.host,
"Cookie" => cookies(uri.host),
"Referer" => url.to_s,
"User-Agent" => "Mozilla/5.0 (compatible)",
}.merge(headers || {})
}.merge(send_headers || {})
if uri.user
headers["Authorization"] = "Basic " +
send_headers["Authorization"] = "Basic " +
["#{uri.user}:#{uri.password}"].pack('m').delete("\r\n")
end
res = nil
if method == :post
res = host.post(path, post_data, headers)
res = host.post(path, post_data, send_headers)
else
res = host.get(path, headers)
res = host.get(path, send_headers)
end
if res.get_fields("Set-Cookie")