Closed Bug 333391 Opened 19 years ago Closed 19 years ago

install.php does not accept certain characters in URI argument

Categories

(addons.mozilla.org Graveyard :: Public Pages, defect, P1)

Product:
addons.mozilla.org Graveyard
Component:
Public Pages
Type:
defect

Tracking

(Not tracked)

Status:
VERIFIED FIXED

People

(Reporter: bugzilla-mozilla-20000923, Assigned: morgamic)

References

(
URL
)

Details

Attachments

(1 file)

Reject extension versions from install.rdf that contain spaces
1.43 KB, patch
Details | Diff | Splinter Review
This is a bug on behalf of AdvancedDork on IRC. It appears that the download count for the Advanced Dork extension is refusing to budge. As best I can tell, this is becuase it is failing to match the download URI with that in the DB. The URL for counting the download returns "nope": https://addons.mozilla.org/install.php?uri=http://releases.mozilla.org/pub/mozilla.org/extensions/advanced_dork_/advanced_dork_-2.0%20beta-fx.xpi There's at least two things I can think of that might be affecting this: - the colon in the name, although this has been here since before - the version number is "2.0 Beta" According to imperical evidence, the download count stopped going up around the same time version 2.0 Beta was approved.
Status: NEW → ASSIGNED
Priority: -- → P1
Target Milestone: 1.0 → 2.0
Updating title -- this is not specific to one extension.
Summary: Download count not working for Advanced Dork extension → install.php does not accept certain characters in URI argument
I found that the problem exists in the developer control panel, where additem.php and approval.php manipulate and create filename strings. Versions were assumed to be numeric, so the space screws things up -- since the URL is not decoded/encoded in install.php due to those assumptions. See: http://lxr.mozilla.org/update1.0/source/developers/additem.php#683 So -- the fix has multiple parts: * Fix the preg_replace() to work on the entire string, not just parts of it. * Fix install.php to accomodate the bug (in case older entries still have it). * Fix additem.php to reject versions that have non-numeric strings? How does that sound?
I believe alpha characters in versions are allowed by Firefox 1.5, although I'm less certain that spaces should be accepted.
Okay -- been staring at this for a while and here is what I found: (In reply to comment #2)s: > * Fix the preg_replace() to work on the entire string, not just parts of it. This is not ideal, so this won't happen. > * Fix install.php to accomodate the bug (in case older entries still have it). This also will not happen, because we can't differentiate between the \s, + or %20 between apps and the one found in the version. If we scrubbed for %20 --> + then our query would still fail. urlrawdecode() also would not work. > * Fix additem.php to reject versions that have non-numeric strings? This is the proper fix, so I will modify additem.php (sad face) so that versions for extensions cannot contain spaces. If a developer submits an extension with a space in the version, it will be rejected.
Patch in additem.php to reject improper versions that would break their install URI's. Addons up to this point that have had spaces in their versions should resubmit versions without spaces. There is no short-term dirty hack fix for this, since the +'s in the URI will conflict with any changes we could make to install.php itself -- see previous comments.
Sounds good. The Advanced Dork extension has been resubmitted/admin-edited to have no space in the version, and it is now counting downloads happily.
So, erm, shouldn't this be marked FIXED?
*** Bug 290637 has been marked as a duplicate of this bug. ***
Severity: major → critical
Yeah, FIXED.
Status: ASSIGNED → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
Status: RESOLVED → VERIFIED
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: