From 92f4d5076e0f2cda4e71c7866f9958ece97c5716 Mon Sep 17 00:00:00 2001
From: Daniel Lenski <daniel.lenski@finalphasesystems.com>
Date: Fri, 12 Jan 2018 19:41:52 -0800
Subject: [PATCH] Correctly unescape '+' in URLs and decimal escapes in XML
 (e.g. '&#32;' instead of '&#x20;')

This patch changes only URL/XML unescaping, not escaping--changing escaping
would remove the reversibility of the tests.

I've been meaning to submit this ever since
http://lists.infradead.org/pipermail/openconnect-devel/2016-October/004042.html
but didn't have a particularly good reason.

However, I recently ran into a (weirdly-customized) version of AnyConnect which
actually sends '+' in one of the authentication forms. So this should improve
AnyConnect compatibility in some corner cases.
---
 src/html.c | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/src/html.c b/src/html.c
index f38a5b27..75481ef9 100644
--- a/src/html.c
+++ b/src/html.c
@@ -64,13 +64,18 @@ char *unescape_html(void *pool, const char *html, unsigned len, unsigned *out_le
 			} else if (!c_strncasecmp(&html[i], "&apos;", 6)) {
 				msg[pos++] = '\'';
 				i += 6;
-			} else if (!strncmp(&html[i], "&#x", 3)) {
+			} else if (!strncmp(&html[i], "&#", 2)) {
 				const char *p = &html[i];
 				char *endptr = NULL;
 				long val;
 
-				p+=3;
-				val = strtol(p, &endptr, 16);
+				if (p[2]=='x') {
+					p += 3;
+					val = strtol(p, &endptr, 16);
+				} else {
+					p += 2;
+					val = strtol(p, &endptr, 10);
+				}
 				if (endptr == NULL || *endptr != ';' || val > WCHAR_MAX) {
 					/* skip */
 					msg[pos++] = html[i++];
@@ -134,6 +139,9 @@ char *unescape_url(void *pool, const char *url, unsigned len, unsigned *out_len)
 
 			msg[pos++] = u;
 			i += 3;
+		} else if (url[i] == '+') {
+			msg[pos++] = ' ';
+			i++;
 		} else
 			msg[pos++] = url[i++];
 	}