Tags:
create new tag
, view all tags

Bug: TWiki::handleUrlEncode does not protect all reserved and unsafe characters

At several places (e.g., parameters to oops) text may be passed to the URL which contains either reserved or unsafe characters. handleUrlEncode is supposed to protect those by encoding them, but not all problematic characters are handled. I ran into this when text I passed contained a hash character.

I have attached a patch which covers all the problematic characters. There is one thing I am not sure about which is the percent sign, that should be encoded as \%25. However, if the string passed already contains an encoded character, this would mess it up. I am not sure whether there are any rules that would allow me to recognize that an encoded character was in the string, rather than just a percent sign followed by two hex digits.

Test case

Paste the text contained in this file into the browser address, taking care to change the URL to refer to your own TWiki installation.

Environment

TWiki version: Beijing
TWiki plugins: Standard
Server OS: All
Web server: Apache
Perl version: 5.6.1
Client OS: All
Web Browser: IE 6.0

-- ThomasWeigert - 12 Apr 2003

Follow up

There is another patch needed to fix <br /> encoding, noted on MinorXHTMLNonComplianceInTemplates.

Fix record

Topic attachments
I Attachment History Action Size Date Who Comment
Unknown file formatdiff TWiki.pm.diff r1 manage 1.6 K 2003-04-12 - 22:03 ThomasWeigert Patch to TWiki.pm
Texttxt TestURL.txt r1 manage 0.7 K 2003-04-12 - 21:59 ThomasWeigert Testcase
Edit | Attach | Watch | Print version | History: r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r2 - 2003-04-26 - SimonClift
 
  • Learn about TWiki  
  • Download TWiki
This site is powered by the TWiki collaboration platform Powered by Perl Hosted by OICcam.com Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.
Copyright © 1999-2017 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.