tor 2010-06-10 klockan 17:26 +0200 skrev Luciano Mannucci:
> ftpSendPass() function in ftp.c this way:
>
> static void
> ftpSendPass(FtpStateData * ftpState)
> {
> char *my_str_ptr;
> my_str_ptr = xstrdup(ftpState->password);
> rfc1738_unescape(my_str_ptr);
> /*
> snprintf(cbuf, 1024, "PASS %s\r\n", ftpState->password);
> */
Then your client is sending the data doubly-escaped.
Squid is already urldecoding the login & password once when populating
ftpState.
Regards
Henrik
