On 28.10.2014 18:29, Christian Stroehmeier wrote: > Hi everyone, > > I recently discovered that a '?' in your password will cause the > password to be displayed in plain text during imgfetch. After looking > into core/uri.c what was causing this I think the same is true for '#' > and '@'. The parsing simply assumes these characters server their usual > purpose when occurring in an URI. > > I tried working around that issue, but I am undecided how to do this > correctly. First thing that comes to mind is starting at the end of the > string searching backwards. Are there any drawbacks on this? If not I > would implement it and send the patch.
This is most likely a regression from the refactoring/rewrite of the URL parser from earlier this year (discussed on IRC 2014-03-03). I mentioned some other issues back then that were causing issues, and this might just be another one. To my knowledge these bugs have not been fixed yet. I have a test case on https://gist.github.com/robinsmidsrod/9326960 that you might want to look more carefully at to see how your issue might be similar. -- Robin _______________________________________________ ipxe-devel mailing list [email protected] https://lists.ipxe.org/mailman/listinfo.cgi/ipxe-devel
