Bug in statuswml.cgi with Acknowledging Services

Jon Angliss jon at netdork.net
Sat Aug 23 18:42:08 CEST 2008


On Tue, 19 Aug 2008 18:39:52 -0400, Thomas Guyot-Sionnest
<dermoth at aei.ca> wrote:

>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>On 19/08/08 03:20 PM, Jon Angliss wrote:
>> On Thu, 14 Aug 2008 13:42:55 -0500, Jon Angliss <jon at netdork.net>
>> wrote:
>> 
>>> On Wed, 13 Aug 2008 11:27:12 +0200, Armin Wolfermann <aw at osn.de>
>>> wrote:
>>>
>>>> * Jon Angliss <jon at netdork.net> [12.08.2008 23:52]:
>>>>> I read the thread, and it looks like the variables are being double
>>>>> encoded, which is fine, but the issue here is that a variable being
>>>>> fed into url_encode is coming out as a different variable. 
>>>> Ok, now I see the problem. url_encode() uses a static buffer and calling
>>>> it twice in a row overwrites the first result. Half of a fix for this
>>>> problem was committed in May introducing a second buffer but the code is
>>>> only using the first.
>>> I figured it had something to do with that, but my C skills are rather
>>> rusty.
>>>
>>>> I attached a patch against current CVS using dynamic buffers like
>>>> html_encode() does. Lightly tested but works for me.
>>> Seems to work quite nicely against CVS HEAD from last night.
>> 
>> Partially mistaken here.  It seems the application doesn't handle the
>> encoded strings very well.  I have a space char in the description of
>> a service, and it's being posted as "Disk+D", and it throws the same
>> unauthorized message.  Otherwise it at least posts the service name
>> now.
>
>Disk+D is correct - the cgi should interpret it as a space.

Right, I know that, but it means the other end isn't decoding the
encoded string, and as such, throwing an error about not having
access.  If I remove the + (or url_encode), it works as designed.
-- 
Jon Angliss


-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/




More information about the Developers mailing list