[erlang-patches] problem with ":" in http passwords

Michael Santos michael.santos@REDACTED
Tue May 18 16:56:30 CEST 2010


On Tue, May 18, 2010 at 03:42:11PM +0200, David Welton wrote:
> Hi,
> 
> I was trying to do something along the lines of
> 
> http:request("http://foo:bar:bee:bop@dedasys.com"), where, in theory,
> 'foo' is the username, and the rest is a password, but that causes
> problems - try it for yourself and see what sort of headers it
> generates.

Looking at RFC 1738:

The user name (and password), if present, are followed by a commercial
at-sign "@". Within the user and password field, any ":", "@", or "/"
must be encoded.

See: http://www.faqs.org/rfcs/rfc1738.html

Maybe try:

    edoc_lib:escape_uri("my:pass").


> This patch seems to fix it, but I can't be 100% sure since doing make
> release_tests "doesn't work" (doesn't even start running tests) here.
> It should be pretty simple to ascertain, though.
> 
>  lib/inets/src/http_client/httpc_request.erl |    4 ++--
>  1 files changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/lib/inets/src/http_client/httpc_request.erl
> b/lib/inets/src/http_client/httpc_request.erl
> index 55e0af4..e64d87a 100644
> --- a/lib/inets/src/http_client/httpc_request.erl
> +++ b/lib/inets/src/http_client/httpc_request.erl
> @@ -236,8 +236,8 @@ handle_user_info([], Headers) ->
>      Headers;
>  handle_user_info(UserInfo, Headers) ->
>      case string:tokens(UserInfo, ":") of
> -	[User, Passwd] ->
> -	    UserPasswd = base64:encode_to_string(User ++ ":" ++ Passwd),
> +	[User | Rest] ->
> +	    UserPasswd = base64:encode_to_string(User ++ ":" ++
> string:join(Rest, ":")),
>  	    Headers#http_request_h{authorization = "Basic " ++ UserPasswd};
>  	[User] ->
>  	    UserPasswd = base64:encode_to_string(User ++ ":"),
> -- 
> 1.6.3.3
> 
> 
> Thanks,
> -- 
> David N. Welton
> 
> http://www.welton.it/davidw/
> 
> http://www.dedasys.com/
> 
> ________________________________________________________________
> erlang-patches (at) erlang.org mailing list.
> See http://www.erlang.org/faq.html
> To unsubscribe; mailto:erlang-patches-unsubscribe@REDACTED
> 


More information about the erlang-patches mailing list