[#QB-2247] HTTP basic auth information not URI encoded when cloning repository

<< Back to previous view

[QB-2247] HTTP basic auth information not URI encoded when cloning repository Created: 19/Nov/14 Updated: 07/Oct/15
Status:	Resolved
Project:	QuickBuild
Component/s:	None
Affects Version/s:	5.1.35
Fix Version/s:	6.0.0

Type:

Bug

Priority:

Minor

Reporter:

Tim Earle

Assigned To:

Robin Shen

Resolution:

Fixed

Votes:

Remaining Estimate:

1 hour

Time Spent:

Unknown

Original Estimate:

1 hour

Description

The user and password information is not URI encoded when the request is made.

The easiest scenario is as follows:
Some SCM management systems allow a username to be a password (GitLab is one, RhodeCode as well if memory serves). It's also possible to have special characters in passwords (enforced in many cases as well).

Create a username with an {{@}} symbol in it and attempt to clone a repository. Git will return an error saying that it's not a valid Git path.
Replace the {{@}} in the username with {{%40}}.

{{http://user@example.com:password@gitlabhost.com/path/to/repo.git}} = error
{{http://user%40example.com:password@gitlabhost.com/path/to/repo.git}} = success

Comments

Comment by Tim Earle [ 07/Oct/15 12:48 PM ]

This issue is still occurring with Mercurial in version 6.0.4

Generated at Fri May 17 12:27:13 UTC 2024 using JIRA 189.

[QB-2247] HTTP basic auth information not URI encoded when cloning repository Created: 19/Nov/14 Updated: 07/Oct/15

[QB-2247] HTTP basic auth information not URI encoded when cloning repository
Created: 19/Nov/14 Updated: 07/Oct/15