about InetGetSize,InetRead......

[184661031@…]

For examples:
$test= InetGetSize("​http://hong:~/hong@test.com.cn/exchweb/img/outbox.gif",1)
MsgBox(64,"$test",$test)
$test1= InetGetSize("​http://test:test@test.com.cn/exchweb/img/outbox.gif",1)
MsgBox(64,"$test1",$test1)
$test= InetRead("​http://hong:~/hong@test.com.cn/exchweb/img/outbox.gif",1)
MsgBox(64,"$testInetRead",$test)
$test1= InetRead("​http://test:test@test.com.cn/exchweb/img/outbox.gif",1)
MsgBox(64,"$test1InetRead",$test1)

If the user's password contains "\ "@"", would be wrong!

[anonymous]

If the user's password contains "/" or "@"", would be wrong!

[Jpm]

How browsers are handling such situation?
I would think they can't
true?

[Jpm]

no answer I will close it

[anonymous]

Replying to Jpm:

How browsers are handling such situation?
I would think they can't
true?

If the user's password contains "/"or"@", InetGetSize,InetRead......will return 0 and set @error to non-zero

thank you~

[anonymous]

The user's password is really the password. Also: a user's password settings are "/" or "@" in line with the password strength requirements
Hope you can improve, thanks!

[jchd]

The RFCs are very unclear about precisely what should happen in the general case. See ​http://www.faqs.org/rfcs/rfc1738.html and ​http://www.blooberry.com/indexdot/html/topics/urlencoding.htm. All seem to be OK as long as both login and password are representable in ISO-8859-1 (ISO-Latin) using the following code:

Local $url = "www.autoit.com/index.html"
Local $login = "I/am_user_%123@456"
Local $pwd = "I've a p@thologic p@ßwÔrd @2€.33 with ::\spÊçial\/characters/::"

Local $LoginURL = 'http://' & _HTTP_EscapeLogPwd($login) & ':' & _HTTP_EscapeLogPwd($pwd) & '@' & $url

ConsoleWrite($LoginURL & @LF)

Func _HTTP_EscapeLogPwd($str)
	Return Execute('"' & StringRegExpReplace($str, '(?i)([\x00-\x20%/:\x7F-\x9F])', '%" & Hex(Asc("$1"), 2) & "') & '"')
EndFunc

However the RFC do not specify at all how should be encoded the login /password part when it contains Unicode characters (or even ANSI characters not in ISO-8859-1 (ISO-Latin).
Worst: while it's obviously expected that more and more servers will handle html 4 (which introduces Unicode characters in URLs) no encoding seem to have been currently officially specified. See ​http://www.rfc-editor.org/rfc/rfc2396.txt esp. last § of section 2.1

The code above will escape (i.e. transform into an '%xx' sequence) any character in the non-representable range and use Asc() [notice: '''not''' AscW()] to transform the Unicode character into ANSI system codepage. I'm aware that could break if the system codepage isn't Latin-1, but that's the "less unsatisfatory" solution I could think of.

Could a competent webmaster help by pointing out how to deal with characters in login/password which are not mappable into ISO-Latin?

[Jpm]

As I understand [ ​http://www.faqs.org/rfcs/rfc1738.html ] in 3.1

The user name (and password), if present, 
are followed by a commercial at-sign "@".
 Within the user and password field, 
any ":", "@", or "/" must be encoded.

So it is the user responsability to encode "/" or "@". It cannot be done inside InetGetSize/Read.
So this ticket can be closed with NO Bug. Right ?

[jchd]

After looking at various RFCs, there doesn't seem to be an official way to encode non ISO-Latin (ISO 8859-1) characters that might appear in the user/password part.
The same encoding solution should be useable for HTTP and FTP (as well as other protocols, but I doubt they are much in use today) for any function establishing a connection. Therefore I suggest the following code so that users may have the auto-logon URL properly setup and ready to send.

Local $url = "www.google.com"
Local $user = "I/am_user_%123@456"
Local $password = "I've a p@thologic p@ßwÔrd" & @LF & "@2€.33 with" & @TAB & ":\spÊçial\/characters/:"

Local $httpAutoLogon = _Http_EncodeCredentials($url, $user, $password)
MsgBox(0, "http auto-logon URL", $httpAutoLogon)

Local $ftpAutoLogon = _Ftp_EncodeCredentials($url, $user, $password)
MsgBox(0, "ftp auto-logon URL", $ftpAutoLogon)

Func _Http_EncodeCredentials($sUrl, $sUser, $sPwd)
	Return 'http://' & __EncodeCredential($sUser) & ':' & __EncodeCredential($sPwd) & '@' & $sUrl
EndFunc

Func _Ftp_EncodeCredentials($sUrl, $sUser, $sPwd)
	Return 'ftp://' & __EncodeCredential($sUser) & ':' & __EncodeCredential($sPwd) & '@' & $sUrl
EndFunc

Func __EncodeCredential($sUserOrPassword)
	Return Execute('"' & StringRegExpReplace($sUserOrPassword, '([\x00-\x20%/:\x7F-\xA0])', '%" & Hex(Asc("$1"), 2) & "') & '"')
EndFunc

I believe the code works correctly but point out problems.

JPM, you can probably close this ticket. You decide.

[anonymous]

thank you.