From 42ad93d1f6e7dbca2264c2cf62db3b8c79a5120b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=EA=A6=8C=EA=A6=AB=EA=A6=B6=EA=A6=8F=EA=A7=80=EA=A6=A6?=
 =?UTF-8?q?=EA=A6=BF=EA=A6=A7=EA=A6=AE=EA=A6=91=EA=A6=A9=EA=A6=AD=EA=A7=80?=
 <erik@darapsa.co.id>
Date: Mon, 15 May 2023 10:43:46 +0800
Subject: POST copies contents so quantity doesn't leak

---
 request.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'request.c')

diff --git a/request.c b/request.c
index 32e46f0..2ab8fc4 100644
--- a/request.c
+++ b/request.c
@@ -134,6 +134,8 @@ void request(void (*handler)(interchange_response *), void (*callback)(void *),
 			if (i)
 				strcat(post, "&");
 			sprintf(post, "%s%s=%s", post, pair.key, pair.value);
+			if (!strncmp(pair.key, "quantity", 8))
+				free(pair.value);
 		}
 		strcpy(attr.requestMethod, "POST");
 		static const char *headers[] = { "Content-Type",
@@ -173,7 +175,11 @@ void request(void (*handler)(interchange_response *), void (*callback)(void *),
 			struct pair pair = body->pairs[i];
 			if (!pair.value)
 				continue;
-			curl_formadd(&post, &last, CURLFORM_COPYNAME, pair.key, CURLFORM_PTRCONTENTS, pair.value, CURLFORM_END);
+			curl_formadd(&post, &last, CURLFORM_COPYNAME, pair.key,
+					CURLFORM_COPYCONTENTS, pair.value,
+					CURLFORM_END);
+			if (!strncmp(pair.key, "quantity", 8))
+				free(pair.value);
 		}
 		last = NULL;
 		curl_easy_setopt(curl, CURLOPT_HTTPPOST, post);
-- 
cgit v1.2.3