Defect #100
When SimplePie lowercases the URLs, it lowercases the passwords too
| Status: | Fixed | Start: | 2008-10-06 | |
| Priority: | Release Critical | Due date: | ||
| Assigned to: | - | % Done: | 0% |
|
| Category: | IRI Handling | |||
| Target version: | 1.2 | |||
| Affected Version: | 1.1.3 |
PHP Version: | 5.2.6 |
|
| mbstring enabled: | No |
iconv enabled: | No |
|
| cURL enabled: | Yes |
zlib enabled: | No |
|
Description
I'm using basic http authentication, so my URL looks like http://username:PaSSwOrd@site.com/feed.
In the normalize_url() function, SimplePie extracts the domain name in $url['authority'] and lowercases it. By doing so, it lowercases my password too !
The attached patch fixes it.
History
Updated by Geoffrey Sneddon 660 days ago
- Category set to IRI Handling
- Status changed from Unconfirmed to New
- Target version set to 1.2
There are actually other bugs in that too, not least it should actually be US-ASCII only lowercasing, and not locale dependant. As for your patch, it needs to be the strrpos and not strpos. The patch also isn't really valid for 1.2 per #6 (I think the version of the IRI class within SP contains the bug, but the http://hg.gsnedders.com/iri/ version does not — but that is currently PHP5 only and has other bugs, but will eventually be ported to PHP4 once it works for SP).
Updated by Geoffrey Sneddon 620 days ago
- Affected Version changed from 1.1.1 to 1.1.2
Updated by Geoffrey Sneddon 586 days ago
- Affected Version changed from 1.1.2 to 1.1.3
Updated by Geoffrey Sneddon 579 days ago
Does this even exist in trunk? As far as I can see it shouldn't exist anymore.
Updated by Geoffrey Sneddon 522 days ago
- Priority changed from Medium to Release Critical
Yes, it does.