History | Log In     View a printable version of the current page.  
   HOME       BROWSE PROJECT       FIND ISSUES   
    QUICK SEARCH:  
Issue Details (XML | Word | Printable)

Key: QB-2555
Type: Bug Bug
Status: Closed Closed
Resolution: Won't Fix
Priority: Minor Minor
Assignee: Steve Luo
Reporter: Tim Earle
Votes: 0
Watchers: 0
Operations

If you were logged in you would be able to see more operations.
QuickBuild

HTTP basic auth information not URI encoded when cloning repository

Created: 07/Oct/15 12:49 PM   Updated: 19/Oct/15 11:14 PM
Component/s: None
Affects Version/s: 5.1.35
Fix Version/s: 6.0.0

Original Estimate: 1 hour Remaining Estimate: 1 hour Time Spent: Unknown


 Description  « Hide
The user and password information is not URI encoded when the request is made.

The easiest scenario is as follows:
Some SCM management systems allow a username to be a password (GitLab is one, RhodeCode as well if memory serves). It's also possible to have special characters in passwords (enforced in many cases as well).

Create a username with an {{@}} symbol in it and attempt to clone a repository. Git will return an error saying that it's not a valid Git path.
Replace the {{@}} in the username with {{%40}}.

{{http://user@example.com:password@gitlabhost.com/path/to/repo.git}} = error
{{http://user%40example.com:password@gitlabhost.com/path/to/repo.git}} = success


 All   Comments   Work Log   Change History      Sort Order:
No work has yet been logged on this issue.

Powered by Atlassian JIRA™ the Professional Issue Tracker. (Standard Edition, Version: 3.7.4-#189) - Bug/feature request - Contact Administrators