URL-decode user password before adding to authorization header.

2024-09-28 22:56:39 +02:00 · 2016-04-12 00:04:21 +01:00 · 2016-04-12 00:04:21 +01:00 · b9f6fd215a
commit b9f6fd215a
parent 9984741d94
1 changed files with 2 additions and 1 deletions
--- a/src/http.lua
+++ b/src/http.lua
@ -222,7 +222,8 @@ local function adjustheaders(reqt)
    -- if we have authentication information, pass it along
    if reqt.user and reqt.password then
        lower["authorization"] =
-            "Basic " ..  (mime.b64(reqt.user .. ":" .. reqt.password))
+            "Basic " ..  (mime.b64(reqt.user .. ":" ..
+		url.unescape(reqt.password)))
    end
    -- if we have proxy authentication information, pass it along
    local proxy = reqt.proxy or _M.PROXY