From 4b8952e438da8e57d6442a0b7451dac8060f154b Mon Sep 17 00:00:00 2001
From: Alexander Harkness <me@bearbin.net>
Date: Mon, 23 Aug 2021 09:35:03 +0100
Subject: Use more URL-Encoding when sending API requests.

---
 src/Protocol/Authenticator.cpp |  4 ++--
 src/Protocol/MojangAPI.cpp     |  2 +-
 src/StringUtils.cpp            | 12 +++++++++++-
 src/StringUtils.h              |  3 +++
 4 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/src/Protocol/Authenticator.cpp b/src/Protocol/Authenticator.cpp
index 8b536d4e1..6233ddb32 100644
--- a/src/Protocol/Authenticator.cpp
+++ b/src/Protocol/Authenticator.cpp
@@ -144,8 +144,8 @@ bool cAuthenticator::AuthWithYggdrasil(AString & a_UserName, const AString & a_S
 
 	// Create the GET request:
 	AString ActualAddress = m_Address;
-	ReplaceString(ActualAddress, "%USERNAME%", a_UserName);
-	ReplaceString(ActualAddress, "%SERVERID%", a_ServerId);
+	ReplaceURL(ActualAddress, "%USERNAME%", a_UserName);
+	ReplaceURL(ActualAddress, "%SERVERID%", a_ServerId);
 
 	AString Request;
 	Request += "GET " + ActualAddress + " HTTP/1.0\r\n";
diff --git a/src/Protocol/MojangAPI.cpp b/src/Protocol/MojangAPI.cpp
index 244052a36..6b8999216 100644
--- a/src/Protocol/MojangAPI.cpp
+++ b/src/Protocol/MojangAPI.cpp
@@ -783,7 +783,7 @@ void cMojangAPI::QueryUUIDToProfile(const cUUID & a_UUID)
 {
 	// Create the request address:
 	AString Address = m_UUIDToProfileAddress;
-	ReplaceString(Address, "%UUID%", a_UUID.ToShortString());
+	ReplaceURL(Address, "%UUID%", a_UUID.ToShortString());
 
 	// Create the HTTP request:
 	AString Request;
diff --git a/src/StringUtils.cpp b/src/StringUtils.cpp
index c55456e24..436eeccbb 100644
--- a/src/StringUtils.cpp
+++ b/src/StringUtils.cpp
@@ -365,6 +365,16 @@ void ReplaceString(AString & iHayStack, const AString & iNeedle, const AString &
 
 
 
+void ReplaceURL(AString & iHayStack, const AString & iNeedle, const AString & iReplaceWith)
+{
+	auto ReplaceWith = URLEncode(iReplaceWith);
+	ReplaceString(iHayStack, iNeedle, ReplaceWith);
+}
+
+
+
+
+
 AString & RawBEToUTF8(const char * a_RawData, size_t a_NumShorts, AString & a_UTF8)
 {
 	a_UTF8.clear();
@@ -817,7 +827,7 @@ AString URLEncode(const AString & a_Text)
 	AString res;
 	auto len = a_Text.size();
 	res.reserve(len);
-	static const char HEX[] = "0123456789abcdef";
+	static const char HEX[] = "0123456789ABCDEF";
 	for (size_t i = 0; i < len; ++i)
 	{
 		if (isalnum(a_Text[i]))
diff --git a/src/StringUtils.h b/src/StringUtils.h
index 94e44c3f6..cd232bb68 100644
--- a/src/StringUtils.h
+++ b/src/StringUtils.h
@@ -90,6 +90,9 @@ extern size_t RateCompareString(const AString & s1, const AString & s2);
 /** Replaces each occurence of iNeedle in iHayStack with iReplaceWith */
 extern void ReplaceString(AString & iHayStack, const AString & iNeedle, const AString & iReplaceWith);  // tolua_export
 
+/** Replaces each occurence of iNeedle in iHayStack with iReplaceWith, after URL-encoding iReplaceWith */
+extern void ReplaceURL(AString & iHayStack, const AString & iNeedle, const AString & iReplaceWith);
+
 /** Converts a stream of BE shorts into UTF-8 string; returns a_UTF8. */
 extern AString & RawBEToUTF8(const char * a_RawData, size_t a_NumShorts, AString & a_UTF8);
 
-- 
cgit v1.2.3