Page MenuHomePhabricator
Differential D16009

Escape forward slashes in URI usernames/passwords properly
ClosedPublic
Actions

Authored by epriestley on Jun 2 2016, 1:51 PM.
Tags
None
Referenced Files
F19813517: D16009.diff
Wed, Mar 4, 9:40 AM
F19799602: D16009.id38530.diff
Sat, Feb 28, 12:17 AM
F19756863: D16009.diff
Feb 17 2026, 7:24 PM
F19533525: D16009.id.diff
Jan 20 2026, 6:13 PM
F19304652: D16009.id38529.diff
Dec 24 2025, 2:21 PM
F19088622: D16009.id.diff
Dec 3 2025, 4:35 AM
F19082707: D16009.diff
Dec 2 2025, 12:07 PM
F18828372: D16009.diff
Oct 24 2025, 3:56 PM
View All Files
Subscribers
None

Details

Reviewers
chad
Maniphest Tasks
T11079: URI usernames and passwords containing forward slashes are not fully escaped
Commits
rPHU4a2238fc8605: Escape forward slashes in URI usernames/passwords properly
Summary

Fixes T11079. We currently un-escape / in phutil_escape_uri() because it is safe to leave unescaped in paths and an awful UX to escape, but it must be escaped in usernames/passwords.

Test Plan
  • Added failing unit test.
  • Fixed test.
  • Created a credential with username and password containing a slash.
  • Set this credential on an observation URI for a repository.
  • Used bin/repository update R... to pull the repostiory.
  • Before patch, got an error about a malfored URI.
  • After patch, things worked properly.
Cloning into bare repository '/Users/epriestley/dev/core/repo/local/55'...
fatal: unable to access 'https://slash/slash:slash/slash@github.com/epriestley/poems.git/': Could not resolve host: slash

Diff Detail

Repository
rPHU libphutil
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

epriestley updated this revision to Diff 38529.Jun 2 2016, 1:51 PM
epriestley retitled this revision from to Escape forward slashes in URI usernames/passwords properly.
epriestley updated this object.
epriestley edited the test plan for this revision. (Show Details)
epriestley added a reviewer: chad.
epriestley added a task: T11079: URI usernames and passwords containing forward slashes are not fully escaped.
chad accepted this revision.Jun 2 2016, 1:52 PM
chad edited edge metadata.
This revision is now accepted and ready to land.Jun 2 2016, 1:52 PM
Closed by commit rPHU4a2238fc8605: Escape forward slashes in URI usernames/passwords properly (authored by epriestley, committed by epriestley). · Explain WhyJun 2 2016, 1:53 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

PathSize
src/
parser/
6 lines
__tests__/
5 lines

Diff 38530

View Options

src/parser/PhutilURI.php

Loading...
View Options

src/parser/__tests__/PhutilURITestCase.php

Loading...
Phabricator · Built by Phacility