Opened 15 years ago
Closed 14 years ago
#1591 closed Bug (No Bug)
about InetGetSize,InetRead......
Reported by: | 184661031@… | Owned by: | |
---|---|---|---|
Milestone: | Component: | AutoIt | |
Version: | 3.3.6.0 | Severity: | None |
Keywords: | Cc: |
Description
For examples:
$test= InetGetSize("http://hong:~/hong@test.com.cn/exchweb/img/outbox.gif",1)
MsgBox(64,"$test",$test)
$test1= InetGetSize("http://test:test@test.com.cn/exchweb/img/outbox.gif",1)
MsgBox(64,"$test1",$test1)
$test= InetRead("http://hong:~/hong@test.com.cn/exchweb/img/outbox.gif",1)
MsgBox(64,"$testInetRead",$test)
$test1= InetRead("http://test:test@test.com.cn/exchweb/img/outbox.gif",1)
MsgBox(64,"$test1InetRead",$test1)
If the user's password contains "\ "@"", would be wrong!
Attachments (0)
Change History (10)
comment:1 Changed 15 years ago by anonymous
comment:2 follow-up: ↓ 4 Changed 15 years ago by Jpm
How browsers are handling such situation?
I would think they can't
true?
comment:3 Changed 15 years ago by Jpm
no answer I will close it
comment:4 in reply to: ↑ 2 Changed 15 years ago by anonymous
Replying to Jpm:
How browsers are handling such situation?
I would think they can't
true?
If the user's password contains "/"or"@", InetGetSize,InetRead......will return 0 and set @error to non-zero
thank you~
comment:5 Changed 15 years ago by anonymous
The user's password is really the password. Also: a user's password settings are "/" or "@" in line with the password strength requirements
Hope you can improve, thanks!
comment:6 Changed 14 years ago by jchd
The RFCs are very unclear about precisely what should happen in the general case. See http://www.faqs.org/rfcs/rfc1738.html and http://www.blooberry.com/indexdot/html/topics/urlencoding.htm. All seem to be OK as long as both login and password are representable in ISO-8859-1 (ISO-Latin) using the following code:
Local $url = "www.autoit.com/index.html" Local $login = "I/am_user_%123@456" Local $pwd = "I've a p@thologic p@ßwÔrd @2€.33 with ::\spÊçial\/characters/::" Local $LoginURL = 'http://' & _HTTP_EscapeLogPwd($login) & ':' & _HTTP_EscapeLogPwd($pwd) & '@' & $url ConsoleWrite($LoginURL & @LF) Func _HTTP_EscapeLogPwd($str) Return Execute('"' & StringRegExpReplace($str, '(?i)([\x00-\x20%/:\x7F-\x9F])', '%" & Hex(Asc("$1"), 2) & "') & '"') EndFunc
However the RFC do not specify at all how should be encoded the login /password part when it contains Unicode characters (or even ANSI characters not in ISO-8859-1 (ISO-Latin).
Worst: while it's obviously expected that more and more servers will handle html 4 (which introduces Unicode characters in URLs) no encoding seem to have been currently officially specified. See http://www.rfc-editor.org/rfc/rfc2396.txt esp. last § of section 2.1
The code above will escape (i.e. transform into an '%xx' sequence) any character in the non-representable range and use Asc() [notice: '''not''' AscW()] to transform the Unicode character into ANSI system codepage. I'm aware that could break if the system codepage isn't Latin-1, but that's the "less unsatisfatory" solution I could think of.
Could a competent webmaster help by pointing out how to deal with characters in login/password which are not mappable into ISO-Latin?
comment:7 Changed 14 years ago by Jpm
As I understand [ http://www.faqs.org/rfcs/rfc1738.html ] in 3.1
The user name (and password), if present, are followed by a commercial at-sign "@". Within the user and password field, any ":", "@", or "/" must be encoded.
So it is the user responsability to encode "/" or "@". It cannot be done inside InetGetSize/Read.
So this ticket can be closed with NO Bug. Right ?
comment:8 Changed 14 years ago by jchd
After looking at various RFCs, there doesn't seem to be an official way to encode non ISO-Latin (ISO 8859-1) characters that might appear in the user/password part.
The same encoding solution should be useable for HTTP and FTP (as well as other protocols, but I doubt they are much in use today) for any function establishing a connection. Therefore I suggest the following code so that users may have the auto-logon URL properly setup and ready to send.
Local $url = "www.google.com" Local $user = "I/am_user_%123@456" Local $password = "I've a p@thologic p@ßwÔrd" & @LF & "@2€.33 with" & @TAB & ":\spÊçial\/characters/:" Local $httpAutoLogon = _Http_EncodeCredentials($url, $user, $password) MsgBox(0, "http auto-logon URL", $httpAutoLogon) Local $ftpAutoLogon = _Ftp_EncodeCredentials($url, $user, $password) MsgBox(0, "ftp auto-logon URL", $ftpAutoLogon) Func _Http_EncodeCredentials($sUrl, $sUser, $sPwd) Return 'http://' & __EncodeCredential($sUser) & ':' & __EncodeCredential($sPwd) & '@' & $sUrl EndFunc Func _Ftp_EncodeCredentials($sUrl, $sUser, $sPwd) Return 'ftp://' & __EncodeCredential($sUser) & ':' & __EncodeCredential($sPwd) & '@' & $sUrl EndFunc Func __EncodeCredential($sUserOrPassword) Return Execute('"' & StringRegExpReplace($sUserOrPassword, '([\x00-\x20%/:\x7F-\xA0])', '%" & Hex(Asc("$1"), 2) & "') & '"') EndFunc
I believe the code works correctly but point out problems.
JPM, you can probably close this ticket. You decide.
comment:9 in reply to: ↑ description Changed 14 years ago by anonymous
thank you.
comment:10 Changed 14 years ago by Jpm
- Resolution set to No Bug
- Status changed from new to closed
Guidelines for posting comments:
- You cannot re-open a ticket but you may still leave a comment if you have additional information to add.
- In-depth discussions should take place on the forum.
For more information see the full version of the ticket guidelines here.
If the user's password contains "/" or "@"", would be wrong!