Passwords with url escaped characters were parsed incorrectly. The
variable used for iterating over `url` should be `i`, not `pos`. This
patch fixes the problem.
---
src/html.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/html.c b/src/html.c
index a573702..d433093 100644
--- a/src/html.c
+++ b/src/html.c
@@ -86,8 +86,8 @@ char *unescape_url(void *pool, const char *url, unsigned len, unsigned *out_len)
char b[3];
unsigned int u;
- b[0] = url[pos + 1];
- b[1] = url[pos + 2];
+ b[0] = url[i + 1];
+ b[1] = url[i + 2];
b[2] = 0;
if (sscanf(b, "%02x", &u) <= 0) {
--
2.0.0
