[erlang-patches] problem with ":" in http passwords
Michael Santos
michael.santos@REDACTED
Tue May 18 16:56:30 CEST 2010
On Tue, May 18, 2010 at 03:42:11PM +0200, David Welton wrote:
> Hi,
>
> I was trying to do something along the lines of
>
> http:request("http://foo:bar:bee:bop@dedasys.com"), where, in theory,
> 'foo' is the username, and the rest is a password, but that causes
> problems - try it for yourself and see what sort of headers it
> generates.
Looking at RFC 1738:
The user name (and password), if present, are followed by a commercial
at-sign "@". Within the user and password field, any ":", "@", or "/"
must be encoded.
See: http://www.faqs.org/rfcs/rfc1738.html
Maybe try:
edoc_lib:escape_uri("my:pass").
> This patch seems to fix it, but I can't be 100% sure since doing make
> release_tests "doesn't work" (doesn't even start running tests) here.
> It should be pretty simple to ascertain, though.
>
> lib/inets/src/http_client/httpc_request.erl | 4 ++--
> 1 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/lib/inets/src/http_client/httpc_request.erl
> b/lib/inets/src/http_client/httpc_request.erl
> index 55e0af4..e64d87a 100644
> --- a/lib/inets/src/http_client/httpc_request.erl
> +++ b/lib/inets/src/http_client/httpc_request.erl
> @@ -236,8 +236,8 @@ handle_user_info([], Headers) ->
> Headers;
> handle_user_info(UserInfo, Headers) ->
> case string:tokens(UserInfo, ":") of
> - [User, Passwd] ->
> - UserPasswd = base64:encode_to_string(User ++ ":" ++ Passwd),
> + [User | Rest] ->
> + UserPasswd = base64:encode_to_string(User ++ ":" ++
> string:join(Rest, ":")),
> Headers#http_request_h{authorization = "Basic " ++ UserPasswd};
> [User] ->
> UserPasswd = base64:encode_to_string(User ++ ":"),
> --
> 1.6.3.3
>
>
> Thanks,
> --
> David N. Welton
>
> http://www.welton.it/davidw/
>
> http://www.dedasys.com/
>
> ________________________________________________________________
> erlang-patches (at) erlang.org mailing list.
> See http://www.erlang.org/faq.html
> To unsubscribe; mailto:erlang-patches-unsubscribe@REDACTED
>
More information about the erlang-patches
mailing list