Modify

Opened 9 years ago

Closed 9 years ago

#1591 closed Bug (No Bug)

about InetGetSize,InetRead......

Reported by: 184661031@… Owned by:
Milestone: Component: AutoIt
Version: 3.3.6.0 Severity: None
Keywords: Cc:

Description

For examples:
$test= InetGetSize("http://hong:~/hong@test.com.cn/exchweb/img/outbox.gif",1)
MsgBox(64,"$test",$test)
$test1= InetGetSize("http://test:test@test.com.cn/exchweb/img/outbox.gif",1)
MsgBox(64,"$test1",$test1)
$test= InetRead("http://hong:~/hong@test.com.cn/exchweb/img/outbox.gif",1)
MsgBox(64,"$testInetRead",$test)
$test1= InetRead("http://test:test@test.com.cn/exchweb/img/outbox.gif",1)
MsgBox(64,"$test1InetRead",$test1)

If the user's password contains "\ "@"", would be wrong!

Attachments (0)

Change History (10)

comment:1 Changed 9 years ago by anonymous

If the user's password contains "/" or "@"", would be wrong!

comment:2 follow-up: Changed 9 years ago by Jpm

How browsers are handling such situation?
I would think they can't
true?

comment:3 Changed 9 years ago by Jpm

no answer I will close it

comment:4 in reply to: ↑ 2 Changed 9 years ago by anonymous

Replying to Jpm:

How browsers are handling such situation?
I would think they can't
true?

If the user's password contains "/"or"@", InetGetSize,InetRead......will return 0 and set @error to non-zero

thank you~

comment:5 Changed 9 years ago by anonymous

The user's password is really the password. Also: a user's password settings are "/" or "@" in line with the password strength requirements
Hope you can improve, thanks!

comment:6 Changed 9 years ago by jchd

The RFCs are very unclear about precisely what should happen in the general case. See http://www.faqs.org/rfcs/rfc1738.html and http://www.blooberry.com/indexdot/html/topics/urlencoding.htm. All seem to be OK as long as both login and password are representable in ISO-8859-1 (ISO-Latin) using the following code:

Local $url = "www.autoit.com/index.html"
Local $login = "I/am_user_%123@456"
Local $pwd = "I've a p@thologic p@ßwÔrd @2€.33 with ::\spÊçial\/characters/::"

Local $LoginURL = 'http://' & _HTTP_EscapeLogPwd($login) & ':' & _HTTP_EscapeLogPwd($pwd) & '@' & $url

ConsoleWrite($LoginURL & @LF)

Func _HTTP_EscapeLogPwd($str)
	Return Execute('"' & StringRegExpReplace($str, '(?i)([\x00-\x20%/:\x7F-\x9F])', '%" & Hex(Asc("$1"), 2) & "') & '"')
EndFunc

However the RFC do not specify at all how should be encoded the login /password part when it contains Unicode characters (or even ANSI characters not in ISO-8859-1 (ISO-Latin).
Worst: while it's obviously expected that more and more servers will handle html 4 (which introduces Unicode characters in URLs) no encoding seem to have been currently officially specified. See http://www.rfc-editor.org/rfc/rfc2396.txt esp. last § of section 2.1

The code above will escape (i.e. transform into an '%xx' sequence) any character in the non-representable range and use Asc() [notice: '''not''' AscW()] to transform the Unicode character into ANSI system codepage. I'm aware that could break if the system codepage isn't Latin-1, but that's the "less unsatisfatory" solution I could think of.

Could a competent webmaster help by pointing out how to deal with characters in login/password which are not mappable into ISO-Latin?

comment:7 Changed 9 years ago by Jpm

As I understand [ http://www.faqs.org/rfcs/rfc1738.html ] in 3.1

The user name (and password), if present, 
are followed by a commercial at-sign "@".
 Within the user and password field, 
any ":", "@", or "/" must be encoded.

So it is the user responsability to encode "/" or "@". It cannot be done inside InetGetSize/Read.
So this ticket can be closed with NO Bug. Right ?

comment:8 Changed 9 years ago by jchd

After looking at various RFCs, there doesn't seem to be an official way to encode non ISO-Latin (ISO 8859-1) characters that might appear in the user/password part.
The same encoding solution should be useable for HTTP and FTP (as well as other protocols, but I doubt they are much in use today) for any function establishing a connection. Therefore I suggest the following code so that users may have the auto-logon URL properly setup and ready to send.

Local $url = "www.google.com"
Local $user = "I/am_user_%123@456"
Local $password = "I've a p@thologic p@ßwÔrd" & @LF & "@2€.33 with" & @TAB & ":\spÊçial\/characters/:"

Local $httpAutoLogon = _Http_EncodeCredentials($url, $user, $password)
MsgBox(0, "http auto-logon URL", $httpAutoLogon)

Local $ftpAutoLogon = _Ftp_EncodeCredentials($url, $user, $password)
MsgBox(0, "ftp auto-logon URL", $ftpAutoLogon)

Func _Http_EncodeCredentials($sUrl, $sUser, $sPwd)
	Return 'http://' & __EncodeCredential($sUser) & ':' & __EncodeCredential($sPwd) & '@' & $sUrl
EndFunc

Func _Ftp_EncodeCredentials($sUrl, $sUser, $sPwd)
	Return 'ftp://' & __EncodeCredential($sUser) & ':' & __EncodeCredential($sPwd) & '@' & $sUrl
EndFunc

Func __EncodeCredential($sUserOrPassword)
	Return Execute('"' & StringRegExpReplace($sUserOrPassword, '([\x00-\x20%/:\x7F-\xA0])', '%" & Hex(Asc("$1"), 2) & "') & '"')
EndFunc

I believe the code works correctly but point out problems.

JPM, you can probably close this ticket. You decide.

comment:9 in reply to: ↑ description Changed 9 years ago by anonymous

thank you.

comment:10 Changed 9 years ago by Jpm

  • Resolution set to No Bug
  • Status changed from new to closed

Guidelines for posting comments:

  • You cannot re-open a ticket but you may still leave a comment if you have additional information to add.
  • In-depth discussions should take place on the forum.

For more information see the full version of the ticket guidelines here.

Add Comment

Modify Ticket

Action
as closed The ticket will remain with no owner.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.