From 2739ff3a7d0b87156183872c99c72f23f50068a7 Mon Sep 17 00:00:00 2001
From: Kawe Mazidjatari <48657826+Mauler125@users.noreply.github.com>
Date: Mon, 12 Jun 2023 20:06:31 +0200
Subject: [PATCH] Fix 'CVE-2018-1000120'

Merge: curl/curl@535432c0adb62fe167ec09621500
---
 r5dev/thirdparty/curl/ftp.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/r5dev/thirdparty/curl/ftp.c b/r5dev/thirdparty/curl/ftp.c
index bbbc01fc..c3c5007b 100644
--- a/r5dev/thirdparty/curl/ftp.c
+++ b/r5dev/thirdparty/curl/ftp.c
@@ -3236,7 +3236,7 @@ static CURLcode ftp_done(struct connectdata *conn, CURLcode status,
 
   if(!result)
     /* get the "raw" path */
-    result = Curl_urldecode(data, path_to_use, 0, &path, NULL, FALSE);
+    result = Curl_urldecode(data, path_to_use, 0, &path, NULL, TRUE);
   if(result) {
     /* We can limp along anyway (and should try to since we may already be in
      * the error path) */
@@ -4240,7 +4240,7 @@ CURLcode ftp_parse_url_path(struct connectdata *conn)
       result = Curl_urldecode(conn->data, slash_pos ? cur_pos : "/",
                               slash_pos ? dirlen : 1,
                               &ftpc->dirs[0], NULL,
-                              FALSE);
+                              TRUE);
       if(result) {
         freedirs(ftpc);
         return result;
@@ -4347,7 +4347,7 @@ CURLcode ftp_parse_url_path(struct connectdata *conn)
     size_t dlen;
     char *path;
     CURLcode result =
-      Curl_urldecode(conn->data, data->state.path, 0, &path, &dlen, FALSE);
+      Curl_urldecode(conn->data, data->state.path, 0, &path, &dlen, TRUE);
     if(result) {
       freedirs(ftpc);
       return result;