- if( c < 32 || strchr( "()<>@,;:\\\"[]?={}", c ) )
- *p = '_'; /* remove potentially harmful characters */
+ if (comment_level == 0)
+ {
+ if( c < 32 || strchr( ")<>@,;:\\\"[]?={}", c ) )
+ *p = '_'; /* remove potentially harmful characters */
+ }
+ else
+ {
+ if (c == ')')
+ comment_level--;
+ else if( c < 32 && strchr( "\t\r\n", c ) == NULL)
+ *p = '_'; /* remove potentially harmful characters */
+ }
+ if (c == '(')
+ {
+ if (comment_level == UINT_MAX)
+ break;
+ comment_level++;
+ }
+ }
+ /* truncate evil unclosed comments */
+ if (comment_level > 0)
+ {
+ char *p = strchr(p_sys->psz_user_agent, '(');
+ *p = '\0';