Date: prev next · Thread: first prev next last
2016 Archives by date, by thread · List index


On 10/24/2016 03:19 PM, Giuseppe Castagno wrote:
working on bug
<https://bugs.documentfoundation.org/show_bug.cgi?id=99499>

I came across a couple of complex HTTP queries that IMHO LO doesn't
handle correctly.

One query full URI is:
<http://www.digikey.com/web%20export/common/mkt/en/help.png?requestedName=help?requestedName=help?requestedName=help?requestedName=help?requestedName=help>


while LO WebDAV percent-encodes into:
<http://www.digikey.com/web%20export/common/mkt/en/help.png%3FrequestedName=help%3FrequestedName=help%3FrequestedName=help%3FrequestedName=help?requestedName=help>


That is, LO detects a HTTP query start at the first '?' from the end of
the URI and not at the first '?' after the last segment of the path, as
it should be according to
<https://tools.ietf.org/html/rfc3986#section-3>, and
<https://tools.ietf.org/html/rfc3986#section-3.4>.

Furthermore, it doesn't seems to encode correctly the query body, but I
still have to dig deeper for that.

I think that the WebDAV UCP provider should not change the HTTP query it
receives, but the query should be correctly set and percent-encoded by
the client application (e.g. framework).

This means that the '?' character should be percent-encoded as %3F into
the path part of the URI before being presented to WebDAV provider, this
to prevent possibly wrong interpretation.

I'd like to change the way the WebDAV provider deals with HTTP query,
that implies the correct percent-encoding of '?' into %3F in UCB
provider clients.
The query re-encoding is done here:
<http://opengrok.libreoffice.org/xref/core/ucb/source/ucp/inc/urihelper.hxx#45>

ucb_impl::urihelper::encodeURI (ucb/source/ucp/inc/urihelper.hxx) indeed looks very broken; it should not be used. (If there is real need to "fix" URIs, INetURLObject has capabilities that are probably less broken than those of this encodeURI.)

Apart from the use of encodeURI in ucb/source/ucp/webdav-neon/NeonUri.cxx, the four uses in ucb/source/ucp/webdav-neon/DAVTypes.cxx of the form

  ucb_impl::urihelper::encodeURI( NeonUri::unescape( rURL ) )

look especially worrying---NeonUri::unescape is apparently meant to unescape individual URL path segments; applying it to a complete URL breaks things.

Context


Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.