Re: It seems LO doesn't handle correctly complex HTTP queries

Stephan Bergmann <sbergman -AT- redhat.com>
Mon, 24 Oct 2016 17:02:30 +0200

On 10/24/2016 03:19 PM, Giuseppe Castagno wrote:

working on bug
<https://bugs.documentfoundation.org/show_bug.cgi?id=99499>

I came across a couple of complex HTTP queries that IMHO LO doesn't
handle correctly.

One query full URI is:
<http://www.digikey.com/web%20export/common/mkt/en/help.png?requestedName=help?requestedName=help?requestedName=help?requestedName=help?requestedName=help>


while LO WebDAV percent-encodes into:
<http://www.digikey.com/web%20export/common/mkt/en/help.png%3FrequestedName=help%3FrequestedName=help%3FrequestedName=help%3FrequestedName=help?requestedName=help>


That is, LO detects a HTTP query start at the first '?' from the end of
the URI and not at the first '?' after the last segment of the path, as
it should be according to
<https://tools.ietf.org/html/rfc3986#section-3>, and
<https://tools.ietf.org/html/rfc3986#section-3.4>.

Furthermore, it doesn't seems to encode correctly the query body, but I
still have to dig deeper for that.

I think that the WebDAV UCP provider should not change the HTTP query it
receives, but the query should be correctly set and percent-encoded by
the client application (e.g. framework).

This means that the '?' character should be percent-encoded as %3F into
the path part of the URI before being presented to WebDAV provider, this
to prevent possibly wrong interpretation.

I'd like to change the way the WebDAV provider deals with HTTP query,
that implies the correct percent-encoding of '?' into %3F in UCB
provider clients.
The query re-encoding is done here:
<http://opengrok.libreoffice.org/xref/core/ucb/source/ucp/inc/urihelper.hxx#45>

ucb_impl::urihelper::encodeURI (ucb/source/ucp/inc/urihelper.hxx) indeedlooks very broken; it should not be used. (If there is real need to"fix" URIs, INetURLObject has capabilities that are probably less brokenthan those of this encodeURI.)

Apart from the use of encodeURI inucb/source/ucp/webdav-neon/NeonUri.cxx, the four uses inucb/source/ucp/webdav-neon/DAVTypes.cxx of the form


  ucb_impl::urihelper::encodeURI( NeonUri::unescape( rURL ) )

look especially worrying---NeonUri::unescape is apparently meant tounescape individual URL path segments; applying it to a complete URLbreaks things.

Context

It seems LO doesn't handle correctly complex HTTP queries · Giuseppe Castagno
- Re: It seems LO doesn't handle correctly complex HTTP queries · Stephan Bergmann

Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.