DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=38791>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=38791 Summary: unescaping of escaped percent (%25) fails Product: Security Version: unspecified Platform: PC OS/Version: Windows Server 2003 Status: NEW Severity: major Priority: P2 Component: C++ Signature AssignedTo: security-dev@xml.apache.org ReportedBy: [EMAIL PROTECTED] The C++ XML-Security library version 1.2 has a bug in XSECDOMUtils.cpp that causes it to unescape already unescaped percent characters. The bug can be reproduced with any xml file that contains an URI with an escaped percent character (%25). File Version is: $Id: XSECDOMUtils.cpp,v 1.26 2005/02/03 13:53:54 milan Exp $ The error happens in line 684. There the starting index for the new percent search isn't incremented, thus causing it to find the just unescaped percent character. a simple changed from percentIndex = XMLString::indexOf(retPath, chPercent, percentIndex); to percentIndex = XMLString::indexOf(retPath, chPercent, ++percentIndex); fixes this problem. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
