From 4b3c5dfcb42e1a802e730847ae5eb220dd8e55f7 Mon Sep 17 00:00:00 2001
From: nnposter <nnposter@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Sun, 10 Feb 2019 22:53:58 +0000
Subject: [PATCH] Forces escape/unescape to return only one value Otherwise
 secondary values from string.gsub were leaking over, causing issues with code
 constructs like { url.escape(str) }

---
 nselib/url.lua | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/nselib/url.lua b/nselib/url.lua
index 00dbe3aca..fd95ff0f8 100644
--- a/nselib/url.lua
+++ b/nselib/url.lua
@@ -115,9 +115,10 @@ end
 -- @return Escaped representation of string.
 -----------------------------------------------------------------------------
 function escape(s)
-  return string.gsub(s, "([^A-Za-z0-9_.~-])", function(c)
+  local ret = string.gsub(s, "([^A-Za-z0-9_.~-])", function(c)
     return string.format("%%%02x", string.byte(c))
   end)
+  return ret
 end
 
 
@@ -127,9 +128,10 @@ end
 -- @return Decoded string.
 -----------------------------------------------------------------------------
 function unescape(s)
-  return string.gsub(s, "%%(%x%x)", function(hex)
+  local ret = string.gsub(s, "%%(%x%x)", function(hex)
     return string.char(base.tonumber(hex, 16))
   end)
+  return ret
 end