Bug 1622: Slashes in SHA-256 fingerprints are not encoded in generated URLs

https://winscp.net/tracker/1622
(cherry picked from commit f7540230acaa1e401fde92d0c88ff2e637f6173b)

Source commit: f3be008a49c47288f8cfa055a04cbfadbcb80c0e

dotnet/SessionOptions.cs

@@ -208,6 +208,7 @@ namespace WinSCP
                 {
                     string parameter = CutToChar(ref parameters, ';');
                     string parameterName = CutToChar(ref parameter, '=');
+                    parameter = UriUnescape(parameter);
                     if (parameterName.Equals("fingerprint", StringComparison.OrdinalIgnoreCase))
                     {
                         SshHostKeyFingerprint = parameter;

source/core/SessionData.cpp

@@ -1923,7 +1923,7 @@ bool __fastcall TSessionData::ParseUrl(UnicodeString Url, TOptions * Options,
         UnicodeString ConnectionParamName = CutToChar(ConnectionParam, UrlParamValueSeparator, false);
         if (SameText(ConnectionParamName, UrlHostKeyParamName))
         {
-          HostKey = ConnectionParam;
+          HostKey = DecodeUrlChars(ConnectionParam);
           FOverrideCachedHostKey = false;
         }
       }
@@ -2916,9 +2916,20 @@ UnicodeString __fastcall TSessionData::GenerateSessionUrl(unsigned int Flags)
 
     if (FLAGSET(Flags, sufHostKey) && !HostKey.IsEmpty())
     {
+      UnicodeString S = NormalizeFingerprint(HostKey);
+      // Many SHA-256 fingeprints end with an equal sign and we do not really need it to be encoded, so avoid that.
+      if (EndsStr(L"=", S))
+      {
+        S = EncodeUrlString(S.SubString(1, S.Length() - 1)) + L"=";
+      }
+      else
+      {
+        S = EncodeUrlString(S);
+      }
+
       Url +=
         UnicodeString(UrlParamSeparator) + UrlHostKeyParamName +
-        UnicodeString(UrlParamValueSeparator) + NormalizeFingerprint(HostKey);
+        UnicodeString(UrlParamValueSeparator) + S;
     }
 
     Url += L"@";