Page MenuHomePhabricator

Escape forward slashes in URI usernames/passwords properly
ClosedPublic

Authored by epriestley on Jun 2 2016, 1:51 PM.
Tags
None
Referenced Files
F14113890: D16009.diff
Thu, Nov 28, 6:42 AM
Unknown Object (File)
Sun, Nov 17, 9:29 PM
Unknown Object (File)
Wed, Nov 13, 11:10 PM
Unknown Object (File)
Sun, Nov 10, 10:16 PM
Unknown Object (File)
Sun, Nov 10, 5:09 AM
Unknown Object (File)
Sun, Nov 10, 1:09 AM
Unknown Object (File)
Sat, Nov 9, 11:59 PM
Unknown Object (File)
Sat, Nov 9, 10:47 PM
Subscribers
None

Details

Summary

Fixes T11079. We currently un-escape / in phutil_escape_uri() because it is safe to leave unescaped in paths and an awful UX to escape, but it must be escaped in usernames/passwords.

Test Plan
  • Added failing unit test.
  • Fixed test.
  • Created a credential with username and password containing a slash.
  • Set this credential on an observation URI for a repository.
  • Used bin/repository update R... to pull the repostiory.
  • Before patch, got an error about a malfored URI.
  • After patch, things worked properly.
Cloning into bare repository '/Users/epriestley/dev/core/repo/local/55'...
fatal: unable to access 'https://slash/slash:slash/slash@github.com/epriestley/poems.git/': Could not resolve host: slash

Diff Detail

Repository
rPHU libphutil
Branch
uri1
Lint
Lint Passed
Unit
Tests Passed
Build Status
Buildable 12405
Build 15706: Run Core Tests
Build 15705: arc lint + arc unit

Event Timeline

epriestley retitled this revision from to Escape forward slashes in URI usernames/passwords properly.
epriestley updated this object.
epriestley edited the test plan for this revision. (Show Details)
epriestley added a reviewer: chad.
chad edited edge metadata.
This revision is now accepted and ready to land.Jun 2 2016, 1:52 PM
This revision was automatically updated to reflect the committed changes.