History | Log In     View a printable version of the current page.  
Issue Details (XML | Word | Printable)

Key: QB-2555
Type: Bug Bug
Status: Closed Closed
Resolution: Won't Fix
Priority: Minor Minor
Assignee: Steve Luo
Reporter: Tim Earle
Votes: 0
Watchers: 0

If you were logged in you would be able to see more operations.

HTTP basic auth information not URI encoded when cloning repository

Created: 07/Oct/15 12:49 PM   Updated: 19/Oct/15 11:14 PM
Component/s: None
Affects Version/s: 5.1.35
Fix Version/s: 6.0.0

Original Estimate: 1 hour Remaining Estimate: 1 hour Time Spent: Unknown

 Description  « Hide
The user and password information is not URI encoded when the request is made.

The easiest scenario is as follows:
Some SCM management systems allow a username to be a password (GitLab is one, RhodeCode as well if memory serves). It's also possible to have special characters in passwords (enforced in many cases as well).

Create a username with an {{@}} symbol in it and attempt to clone a repository. Git will return an error saying that it's not a valid Git path.
Replace the {{@}} in the username with {{%40}}.

{{http://user@example.com:password@gitlabhost.com/path/to/repo.git}} = error
{{http://user%40example.com:password@gitlabhost.com/path/to/repo.git}} = success

 All   Comments   Work Log   Change History      Sort Order:
Change by Robin Shen [08/Oct/15 12:39 AM]
Field Original Value New Value
Assignee Robin Shen [ robinshine ] Steve Luo [ steve ]

Change by Steve Luo [19/Oct/15 11:14 PM]
Status Open [ 1 ] Closed [ 6 ]