From 7b2d037d62dc46c3c5941eb6a9db5ac0fd41f9ac Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Antonio=20Ca=C3=B1as=20Vargas?= <acanas@ugr.es>
Date: Thu, 7 Apr 2016 23:35:47 +0200
Subject: [PATCH] Version 15.187

---
 swad_action.c    |   2 +-
 swad_changelog.h |   3 +-
 swad_parameter.c |   3 +
 swad_string.c    | 156 ++++++++++++++++++++++++++++++++++++++---------
 4 files changed, 132 insertions(+), 32 deletions(-)

diff --git a/swad_action.c b/swad_action.c
index b407a587..f8cea160 100644
--- a/swad_action.c
+++ b/swad_action.c
@@ -4416,7 +4416,7 @@ static void Act_FormStartInternal (Act_Action_t NextAction,bool PutParameterLoca
 	}
       if (Act_Actions[NextAction].ContentType == Act_CONTENT_DATA)
 	 fprintf (Gbl.F.Out," enctype=\"multipart/form-data\"");
-      fprintf (Gbl.F.Out,">");
+      fprintf (Gbl.F.Out," accept-charset=\"windows-1252\">");
 
       /* Put basic form parameters */
       Act_SetParamsForm (Params,NextAction,PutParameterLocationIfNoSesion);
diff --git a/swad_changelog.h b/swad_changelog.h
index 6f3b34d8..4a13b878 100644
--- a/swad_changelog.h
+++ b/swad_changelog.h
@@ -132,13 +132,14 @@
 /****************************** Public constants *****************************/
 /*****************************************************************************/
 
-#define Log_PLATFORM_VERSION	"SWAD 15.186 (2016-04-07)"
+#define Log_PLATFORM_VERSION	"SWAD 15.187 (2016-04-07)"
 #define CSS_FILE		"swad15.186.css"
 #define JS_FILE			"swad15.186.js"
 
 // Number of lines (includes comments but not blank lines) has been got with the following command:
 // nl swad*.c swad*.h css/swad*.css py/swad*.py js/swad*.js soap/swad*.h sql/swad*.sql | tail -1
 /*
+        Version 15.187:   Apr 07, 2016	Fixed bug in forms sent using content type multipart/form-data. (198938 lines)
         Version 15.186:   Apr 07, 2016	Changes in edition of a test question. (198840 lines)
         Version 15.185.4: Apr 07, 2016	Changes in edition of a test question. (198832 lines)
         Version 15.185.3: Apr 07, 2016	Changed icons to expand / contract. (198801 lines)
diff --git a/swad_parameter.c b/swad_parameter.c
index 6baebf92..9d906185 100644
--- a/swad_parameter.c
+++ b/swad_parameter.c
@@ -919,6 +919,9 @@ unsigned Par_GetParAndChangeFormat (const char *ParamName,char *ParamValue,size_
   {
    unsigned NumTimes = Par_GetParameter (Par_PARAM_SINGLE,ParamName,
                                          ParamValue,MaxBytes,NULL);
+
+   // Lay_ShowAlert (Lay_ERROR,ParamValue); !!!!!!!!!!!!
+
    Str_ChangeFormat (Str_FROM_FORM,ChangeTo,
                      ParamValue,MaxBytes,RemoveLeadingAndTrailingSpaces);
    return NumTimes;
diff --git a/swad_string.c b/swad_string.c
index 84913471..45c6e3dd 100644
--- a/swad_string.c
+++ b/swad_string.c
@@ -969,50 +969,146 @@ void Str_ChangeFormat (Str_ChangeFrom_t ChangeFrom,Str_ChangeTo_t ChangeTo,
          switch (ChangeFrom)
            {
             case Str_FROM_FORM:
-               switch ((unsigned char) *PtrSrc)
-                 {
-                  case '+':        /***** Change every '+' to a space *****/
-                     IsSpecialChar = true;
-                     LengthSpecStrSrc = 1;
-                     SpecialChar = 0x20;
-                     break;
-                  case '%':        /***** Change "%XX" --> "&#decimal_number;" *****/
-                     IsSpecialChar = true;
-                     sscanf (PtrSrc+1,"%2X",&SpecialChar);
-                     LengthSpecStrSrc = 3;
-                     break;
-                  case '\'':       /***** Change "'" --> "&#39;" to avoid SQL code injection *****/
-                     IsSpecialChar = true;
-                     LengthSpecStrSrc = 1;
-                     SpecialChar = 0x27;
-                     break;
-                  case '\\':
-                     IsSpecialChar = true;
-                     LengthSpecStrSrc = 1;
-                     SpecialChar = 0x5C;
-                     break;
-                  default:
-                     IsSpecialChar = false;
-                     NumPrintableCharsFromReturn++;
-                     ThereIsSpaceChar = false;
-                     break;
+               if (Gbl.ContentReceivedByCGI == Act_CONTENT_DATA)
+        	 {
+        	  // The form contained data and was sent with content type multipart/form-data
+		  switch ((unsigned char) *PtrSrc)
+		    {
+		     case 0x20:	/* Space */
+			IsSpecialChar = true;
+			LengthSpecStrSrc = 1;
+			SpecialChar = 0x20;
+			break;
+		     case 0x22:	/* Change double comilla --> "&#34;" */
+			IsSpecialChar = true;
+			LengthSpecStrSrc = 1;
+			SpecialChar = 0x22;
+			break;
+		     case 0x23:	/* '#' */
+			IsSpecialChar = true;
+			LengthSpecStrSrc = 1;
+			SpecialChar = 0x23;
+			break;
+		     case 0x26:	/* Change '&' --> "&#38;" */
+			IsSpecialChar = true;
+			LengthSpecStrSrc = 1;
+			SpecialChar = 0x26;
+			break;
+		     case 0x27:	/* Change single comilla --> "&#39;" to avoid SQL code injection */
+			IsSpecialChar = true;
+			LengthSpecStrSrc = 1;
+			SpecialChar = 0x27;
+			break;
+		     case 0x2C:	/* ',' */
+			IsSpecialChar = true;
+			LengthSpecStrSrc = 1;
+			SpecialChar = 0x2C;
+			break;
+		     case 0x2F:	/* '/' */
+			IsSpecialChar = true;
+			LengthSpecStrSrc = 1;
+			SpecialChar = 0x2F;
+			break;
+		     case 0x3A:	/* ':' */
+			IsSpecialChar = true;
+			LengthSpecStrSrc = 1;
+			SpecialChar = 0x3A;
+			break;
+		     case 0x3B:	/* ';' */
+			IsSpecialChar = true;
+			LengthSpecStrSrc = 1;
+			SpecialChar = 0x3B;
+			break;
+		     case 0x3C:	/* '<' --> "&#60;" */
+			IsSpecialChar = true;
+			LengthSpecStrSrc = 1;
+			SpecialChar = 0x3C;
+			break;
+		     case 0x3E:	/* '>' --> "&#62;" */
+			IsSpecialChar = true;
+			LengthSpecStrSrc = 1;
+			SpecialChar = 0x3E;
+			break;
+		     case 0x3F:	/* '?' */
+			IsSpecialChar = true;
+			LengthSpecStrSrc = 1;
+			SpecialChar = 0x3F;
+			break;
+		     case 0x40:	/* '@' */
+			IsSpecialChar = true;
+			LengthSpecStrSrc = 1;
+			SpecialChar = 0x40;
+			break;
+		     case 0x5C:	/* '\\' */
+			IsSpecialChar = true;
+			LengthSpecStrSrc = 1;
+			SpecialChar = 0x5C;
+			break;
+		     default:
+			if ((unsigned char) *PtrSrc < 0x20 ||
+			    (unsigned char) *PtrSrc > 0x7F)
+			  {
+			   IsSpecialChar = true;
+			   LengthSpecStrSrc = 1;
+			   SpecialChar = (unsigned int) (unsigned char) *PtrSrc;
+			  }
+			else
+			  {
+			   IsSpecialChar = false;
+			   NumPrintableCharsFromReturn++;
+			   ThereIsSpaceChar = false;
+			  }
+			break;
+		    }
+        	 }
+               else // Gbl.ContentReceivedByCGI == Act_CONTENT_NORM
+        	 {
+        	  // The form contained text and was sent with content type application/x-www-form-urlencoded
+		  switch ((unsigned char) *PtrSrc)
+		    {
+		     case '+':	/* Change every '+' to a space */
+			IsSpecialChar = true;
+			LengthSpecStrSrc = 1;
+			SpecialChar = 0x20;
+			break;
+		     case '%':	/* Change "%XX" --> "&#decimal_number;" */
+			IsSpecialChar = true;
+			sscanf (PtrSrc+1,"%2X",&SpecialChar);
+			LengthSpecStrSrc = 3;
+			break;
+		     case 0x27:	/* Change single comilla --> "&#39;" to avoid SQL code injection */
+			IsSpecialChar = true;
+			LengthSpecStrSrc = 1;
+			SpecialChar = 0x27;
+			break;
+		     case 0x5C:	/* '\\' */
+			IsSpecialChar = true;
+			LengthSpecStrSrc = 1;
+			SpecialChar = 0x5C;
+			break;
+		     default:
+			IsSpecialChar = false;
+			NumPrintableCharsFromReturn++;
+			ThereIsSpaceChar = false;
+			break;
+		    }
                  }
                break;
             case Str_FROM_HTML:
             case Str_FROM_TEXT:
                switch ((unsigned char) *PtrSrc)
                  {
-                  case 0x20:       /***** Change every ' ' to a space *****/
+                  case 0x20:	/* Space */
                      IsSpecialChar = true;
                      LengthSpecStrSrc = 1;
                      SpecialChar = 0x20;
                      break;
-                  case '\'':       /***** Change "'" --> "&#39;" to avoid SQL code injection *****/
+                  case 0x27:	/* Change single comilla --> "&#39;" to avoid SQL code injection */
                      IsSpecialChar = true;
                      LengthSpecStrSrc = 1;
                      SpecialChar = 0x27;
                      break;
-                  case '\\':
+                  case 0x5C:	/* '\\' */
                      IsSpecialChar = true;
                      LengthSpecStrSrc = 1;
                      SpecialChar = 0x5C;