diff --git a/Emby.Server.Implementations/HttpServer/Security/AuthorizationContext.cs b/Emby.Server.Implementations/HttpServer/Security/AuthorizationContext.cs index 0f8011495f..74a678aa62 100644 --- a/Emby.Server.Implementations/HttpServer/Security/AuthorizationContext.cs +++ b/Emby.Server.Implementations/HttpServer/Security/AuthorizationContext.cs @@ -265,7 +265,7 @@ namespace Emby.Server.Implementations.HttpServer.Security // Remove uptil the first space authorizationHeader = parts[1]; - parts = authorizationHeader.Split("\","); + parts = GetParts(authorizationHeader); var result = new Dictionary(StringComparer.OrdinalIgnoreCase); @@ -274,7 +274,7 @@ namespace Emby.Server.Implementations.HttpServer.Security var param = item.Trim().Split('=', 2); var value =param[1].Trim('"'); - result[param[0]] = value; + result[param[0]] = NormalizeValue(value); } return result; @@ -284,5 +284,46 @@ namespace Emby.Server.Implementations.HttpServer.Security { return string.IsNullOrEmpty(value) ? value : WebUtility.UrlDecode(value); } + + public static string[] GetParts(string authtorizationHeader) + { + var result = new List(); + var escapeChars = new[] {'"', ','}; + var escaped = false; + var authtorizationHeaderChars = authtorizationHeader.ToCharArray(); + var value = new List(); + + for(var i = 0; i < authtorizationHeaderChars.Length; i++) + { + if(!escapeChars.Contains(authtorizationHeaderChars[i])) + { + value = value.Append(authtorizationHeaderChars[i]).ToList(); + } + else + { + escaped = (!escaped) == (authtorizationHeaderChars[i] == '"'); + if(authtorizationHeaderChars[i] == ',') + { + if(escaped) + { + value = value.Append(authtorizationHeaderChars[i]).ToList(); + } + else + { + result.Add(new string(value.ToArray())); + value = new List(); + } + } + else + { + value = value.Append(authtorizationHeaderChars[i]).ToList(); + } + } + } + // Add last value + result.Add(new string(value.ToArray())); + + return result.ToArray(); + } } }