Bug: TWiki::handleUrlEncode does not protect all reserved and unsafe characters
At several places (e.g., parameters to oops) text may be passed to the URL which contains either reserved or unsafe characters.handleUrlEncode is supposed to protect those by encoding them, but not all problematic characters are handled. I ran into this when text I passed contained a hash character.
I have attached a patch which covers all the problematic characters. There is one thing I am not sure about which is the percent sign, that should be encoded as \%25. However, if the string passed already contains an encoded character, this would mess it up. I am not sure whether there are any rules that would allow me to recognize that an encoded character was in the string, rather than just a percent sign followed by two hex digits.
Test case
Paste the text contained in this file into the browser address, taking care to change the URL to refer to your own TWiki installation.Environment
| TWiki version: | Beijing |
| TWiki plugins: | Standard |
| Server OS: | All |
| Web server: | Apache |
| Perl version: | 5.6.1 |
| Client OS: | All |
| Web Browser: | IE 6.0 |
Follow up
There is another patch needed to fix <br /> encoding, noted on MinorXHTMLNonComplianceInTemplates.Fix record
| I | Attachment | History | Action | Size | Date | Who | Comment |
|---|---|---|---|---|---|---|---|
 diff |
TWiki.pm.diff | r1 | manage | 1.6 K | 2003-04-12 - 22:03 | UnknownUser | Patch to TWiki.pm |
 txt |
TestURL.txt | r1 | manage | 0.7 K | 2003-04-12 - 21:59 | UnknownUser | Testcase |
Edit | Attach | Topic revision: r2 - 2003-04-26 - SimonClift
Site map
Blog web
Create New Topic
Index
Search
Advanced search
My topics of interest
Changes
Major changes only
All tags
Notifications
RSS Feed
Statistics
Preferences
Community 
Readme first
Developers News
How you can help
Community roles
#twiki IRC
Lima Release
Feature Proposals
Bugs Changes
Categories 
Account 
Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.Copyright © 1999-2026 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.