Re: [PATCH v2] imap-send: URI encode server folder

2017-12-18 Thread Eric Sunshine 
On Mon, Dec 18, 2017 at 1:25 PM, Kaartic Sivaraam
 wrote:
> From: Nicolas Morey-Chaisemartin 
> [...]
> resulted in the following error,

s/resulted/results/

> curl_easy_perform() failed: URL using bad/illegal format or missing URL
>
> That was a consequence of the not URI encoding the folder portion of

s/That was/This is/
s/the not/not/
s/URI encoding/URI-encoding/

> the URL which contained characters such as '[' which are not

s/contained/contains/

> allowed in a URI. According to RFC3986, these characters should be
> "URI encoded".
>
> So, URI encode the folder portion of the URL to ensure it doesn't
> contain characters that aren't allowed in a URI.
>
> Reported-by: Doron Behar 
> Signed-off-by: Nicolas Morey-Chaisemartin 
> ---
>
> I came across the same issue that lead to this patch recently and found
> that this patch didn't make it in. So, I thought I could help out and
> hence this v2.

Thanks for taking up the slack.

[PATCH v2] imap-send: URI encode server folder

2017-12-18 Thread Kaartic Sivaraam 
From: Nicolas Morey-Chaisemartin 

When trying to send a patch using 'imap-send' with 'curl' and the
following configuration:

[imap]
folder = "[Gmail]/Drafts"
host = imaps://imap.gmail.com
port = 993
sslverify = false

resulted in the following error,

curl_easy_perform() failed: URL using bad/illegal format or missing URL

That was a consequence of the not URI encoding the folder portion of
the URL which contained characters such as '[' which are not
allowed in a URI. According to RFC3986, these characters should be
"URI encoded".

So, URI encode the folder portion of the URL to ensure it doesn't
contain characters that aren't allowed in a URI.

Reported-by: Doron Behar 
Signed-off-by: Nicolas Morey-Chaisemartin 
---

I came across the same issue that lead to this patch recently and found
that this patch didn't make it in. So, I thought I could help out and
hence this v2.

Eric Sunshine  writes:
> For someone reading this commit message in the future -- someone who
> didn't follow the email thread which led to this patch -- "this fixes"
> doesn't say much about the actual problem being addressed. Can you
> expand the commit message a bit to make it more self-contained? At
> minimum, perhaps show the error message you were experiencing, and
> cite (as Daniel pointed out) RFC 3986 and the bit about a "legal" URL
> not containing brackets.

I guess I covered this part.


> Also, a natural question which pops into the head of someone reading
> this patch is whether other parts of the URL (host, user, etc.) also
> need to be handled similarly. It's possible that you audited the code
> and determined that they are handled fine already, but the reader of
> the commit message is unable to infer that. Consequently, it might be
> nice to have a sentence about that, as well ("other parts of the URL
> are already encoded, thus are fine" or "other parts of the URL are not
> subject to this problem because ...").

I'm not sure about this one. I guess the host and user don't need encoding
as I suspect they wouldn't contain characters that aren't allowed. I might
be wrong, though. Let me know if I'm missing something.


Thanks,
Kaartic

 imap-send.c | 8 +++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/imap-send.c b/imap-send.c
index 54e6a80fd..36c7c1b4f 100644
--- a/imap-send.c
+++ b/imap-send.c
@@ -1412,6 +1412,7 @@ static CURL *setup_curl(struct imap_server_conf *srvc, 
struct credential *cred)
 {
CURL *curl;
struct strbuf path = STRBUF_INIT;
+   char *uri_encoded_folder;
 
if (curl_global_init(CURL_GLOBAL_ALL) != CURLE_OK)
die("curl_global_init failed");
@@ -1429,7 +1430,12 @@ static CURL *setup_curl(struct imap_server_conf *srvc, 
struct credential *cred)
strbuf_addstr(, server.host);
if (!path.len || path.buf[path.len - 1] != '/')
strbuf_addch(, '/');
-   strbuf_addstr(, server.folder);
+
+   uri_encoded_folder = curl_easy_escape(curl, server.folder, 0);
+   if (!uri_encoded_folder)
+   die("failed to encode server folder");
+   strbuf_addstr(, uri_encoded_folder);
+   curl_free(uri_encoded_folder);
 
curl_easy_setopt(curl, CURLOPT_URL, path.buf);
strbuf_release();
-- 
2.15.1.620.gb9897f467