hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 28728] - HttpUrl does not accept unescaped passwords
Date Wed, 08 Sep 2004 11:44:21 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=28728>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=28728

HttpUrl does not accept unescaped passwords

ib@fiz-chemie.de changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |REOPENED
         Resolution|FIXED                       |



------- Additional Comments From ib@fiz-chemie.de  2004-09-08 11:44 -------
The userinfo is still not quite escaped correctly. Last time there were more and
more reports of users that tried to use e-mail addresses as usernames and
therefore had a problem with the '@' character.

I have attached a patch for HttpURL that should solve that problem. A similar
patch is however needed for HttpsURL as well. Note that I have removed duplicate
checkValid() calls and deprecated the constructors that take a userinfo as an
argument, because you cannot determine from that whether a colon is within a
username or password or serves to separate these two components.

---------------------------------------------------------------------
To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org


Mime
View raw message