From 9371dd1c6bc3110884cf658de3d070a914ebb79f Mon Sep 17 00:00:00 2001
From: nnposter <nnposter@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Tue, 17 Mar 2026 01:32:50 +0000
Subject: [PATCH] Simplify url.parse_query

---
 nselib/url.lua | 25 ++++---------------------
 1 file changed, 4 insertions(+), 21 deletions(-)

diff --git a/nselib/url.lua b/nselib/url.lua
index 2c233a5d2..7c5b6800c 100644
--- a/nselib/url.lua
+++ b/nselib/url.lua
@@ -388,33 +388,16 @@ local entities = {
 -- <code>table["name"]</code> = <code>value</code>.
 -----------------------------------------------------------------------------
 function parse_query(query)
-  local parsed = {}
-  local pos = 1
 
   -- TODO: https://github.com/nmap/nmap/issues/3324
   --       This opportunistic HTML decoding is problematic because
   --       it might accidentally decode what should not be decoded.
   query = string.gsub(query, "&([ampltg]+);", entities)
-  query = string.gsub(query, "%+", " ")
 
-  local function ginsert(qstr)
-    local pos = qstr:find("=", 1, true)
-    if pos then
-      parsed[unescape(qstr:sub(1, pos - 1))] = unescape(qstr:sub(pos + 1))
-    else
-      parsed[unescape(qstr)] = ""
-    end
-  end
-
-  while true do
-    local first, last = string.find(query, "&", pos, true)
-    if first then
-      ginsert(string.sub(query, pos, first-1));
-      pos = last+1
-    else
-      ginsert(string.sub(query, pos));
-      break;
-    end
+  local parsed = {}
+  for qseg in query:gsub(query, "%+", " "):gmatch("[^&]+") do
+    local k, v = qseg:match("^([^=]*)=?(.*)")
+    parsed[unescape(k)] = unescape(v)
   end
   return parsed
 end