diff options
author | Vincent Ambo <tazjin@gmail.com> | 2017-02-13T08·55+0100 |
---|---|---|
committer | Vincent Ambo <tazjin@gmail.com> | 2017-02-13T08·55+0100 |
commit | 6dcb0f4b2bddc583212995397d6c6e1ec14adc58 (patch) | |
tree | 2f52e57fd1f64a36bb21dc5c56581e9a1c649e42 | |
parent | 7824e0e7e34a4b5245f817fb70da53d4bcd707c7 (diff) |
fix urls: Escape values in URLs
For usernames and passwords containing special characters the URL parameters must be escaped. Because the entire URI is just query parameters I've opted for using net/url.Values for the entire URI. Fixes #1
-rw-r--r-- | main.go | 1 | ||||
-rw-r--r-- | urls.go | 30 |
2 files changed, 25 insertions, 6 deletions
diff --git a/main.go b/main.go index fd74e8b457fe..a7ab65d3d196 100644 --- a/main.go +++ b/main.go @@ -62,6 +62,7 @@ func readCredentials() (string, string, error) { fmt.Printf("Password: ") password, err := terminal.ReadPassword(syscall.Stdin) + fmt.Println() // If an error occured, I don't care about which one it is. return strings.TrimSpace(username), strings.TrimSpace(string(password)), err diff --git a/urls.go b/urls.go index a1fd825f578c..37f65e0faef4 100644 --- a/urls.go +++ b/urls.go @@ -1,19 +1,37 @@ package main -import "fmt" +import ( + "fmt" + "net/url" + "strconv" +) const urlFormat string = "https://%s%s" -const triggerChallengeUri = "/?action=sslvpn_logon&fw_username=%s&fw_password=%s&style=fw_logon_progress.xsl&fw_logon_type=logon&fw_domain=Firebox-DB" -const responseUri = "/?action=sslvpn_logon&style=fw_logon_progress.xsl&fw_logon_type=response&response=%s&fw_logon_id=%d" +const uriFormat = "/?%s" func templateChallengeTriggerUri(username *string, password *string) string { - return fmt.Sprintf(triggerChallengeUri, *username, *password) + v := url.Values{} + v.Set("action", "sslvpn_logon") + v.Set("style", "fw_logon_progress.xsl") + v.Set("fw_logon_type", "logon") + v.Set("fw_domain", "Firebox-DB") + v.Set("fw_username", *username) + v.Set("fw_password", *password) + + return fmt.Sprintf(uriFormat, v.Encode()) } func templateResponseUri(logonId int, token *string) string { - return fmt.Sprintf(responseUri, *token, logonId) + v := url.Values{} + v.Set("action", "sslvpn_logon") + v.Set("style", "fw_logon_progress.xsl") + v.Set("fw_logon_type", "response") + v.Set("response", *token) + v.Set("fw_logon_id", strconv.Itoa(logonId)) + + return fmt.Sprintf(uriFormat, v.Encode()) } func templateUrl(baseUrl *string, uri string) string { - return fmt.Sprintf("https://%s%s", *baseUrl, uri) + return fmt.Sprintf(urlFormat, *baseUrl, uri) } |