From 9804f5a25489f058ac0d4c22826acf4f2ddf136c Mon Sep 17 00:00:00 2001
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
Date: Sat, 22 Dec 2018 02:38:09 +0100
Subject: html: double escape literal + in URLs

It's unclear whether this is correct or whether my server is double
decoding.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
---
 html.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/html.c b/html.c
index 7f81965..bbc2dc0 100644
--- a/html.c
+++ b/html.c
@@ -17,7 +17,7 @@ static const char* url_escape_table[256] = {
 	"%10", "%11", "%12", "%13", "%14", "%15", "%16", "%17",
 	"%18", "%19", "%1a", "%1b", "%1c", "%1d", "%1e", "%1f",
 	"%20", NULL,  "%22", "%23", NULL,  "%25", "%26", "%27",
-	NULL,  NULL,  NULL,  "%2b", NULL,  NULL,  NULL,  NULL,
+	NULL,  NULL,  NULL,  "%252b", NULL,  NULL,  NULL,  NULL,
 	NULL,  NULL,  NULL,  NULL,  NULL,  NULL,  NULL,  NULL,
 	NULL,  NULL,  NULL,  NULL,  "%3c", "%3d", "%3e", "%3f",
 	NULL,  NULL,  NULL,  NULL,  NULL,  NULL,  NULL,  NULL,
@@ -200,7 +200,7 @@ void html_url_path(const char *txt)
 	while (t && *t) {
 		unsigned char c = *t;
 		const char *e = url_escape_table[c];
-		if (e && c != '+' && c != '&') {
+		if (e && c != '&') {
 			html_raw(txt, t - txt);
 			html(e);
 			txt = t + 1;
-- 
cgit v1.2.3-56-ge451