[jira] Updated: (EXLBR-15) In org.apache.excalibur.source.impl.FTPSource, URL.getXYZ() results must be URL-decoded

[Nico Verwer (JIRA)]

     [ http://issues.apache.org/jira/browse/EXLBR-15?page=history ]

Nico Verwer updated EXLBR-15:
-----------------------------

    Attachment: FTPSource.java

Fixed code for FTPSource, which does proper URL decoding.

> In org.apache.excalibur.source.impl.FTPSource, URL.getXYZ() results must be 
> URL-decoded
> ---------------------------------------------------------------------------------------
>
>          Key: EXLBR-15
>          URL: http://issues.apache.org/jira/browse/EXLBR-15
>      Project: Excalibur Components
>         Type: Bug
>   Components: SourceResolver
>     Versions: 1.1.1
>  Environment: Windows XP, Unix, J2SE 1.4.2
>     Reporter: Nico Verwer
>  Attachments: FTPSource.java
>
> The getXYZ() methods in java.net.URL give results which are URL-encoded, if 
> the URL was constructed from a String (which must be URL-encoded). This may 
> be considered a bug in java.net.URL, but it is the way it is.
> In order to get the right URL-components (path, userinfo, etc.),  the method 
> java.net.URLDecoder.decode() must be applied to the result of 
> java.net.URL.getXYZ(). The result of getUserInfo must first be split (on ':') 
> before decoding is applied.
> Example of how this affects functionality of FTPSource:
> URLs for FTP may contain a password:
>   ftp://user:[EMAIL PROTECTED]/path
> If the password contains the '@' character, like
>   ftp://user:[EMAIL PROTECTED]@host/path
> this will be interpreted as user 'user' with password 'p' and host '[EMAIL 
> PROTECTED]', which is wrong. In order to allow reserved characters in URL's, 
> URL-encoding is used (see RFC 1738 for this particular case, and others). For 
> instance, '@' would be encoded by '%40' in the string-representation of the 
> URL.
> Because URL-components are not decoded in FTPSource, it is impossible to use 
> a password containing '@', or other parts of the URL that contain reserved 
> characters.
> This problem is easy to fix using URLDecoder.
> I'll see if I can attach the code for this fix.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
If you want more information on JIRA, or have a bug to report see:
   http://www.atlassian.com/software/jira


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Apache Excalibur Project -- URL: http://excalibur.apache.org/