Closed Bug 779750 Opened 13 years ago Closed 7 years ago

Hotfix update URL isn't properly escaped

Categories

(Toolkit :: Add-ons Manager, defect)

Product:
Toolkit
Component:
Add-ons Manager
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: Unfocused, Unassigned)

Details

Just noticed the following URL being requested for the hotfix update check: LOG addons.updates: Requesting https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=2&id=firefox-hotfix@mozilla.org&version=&maxAppVersion=%ITEM_MAXAPPVERSION%&status=userEnabled,incompatible&appID={ec8030f7-c20a-464f-9b0e-13a3a9e97384}&appVersion=17.0a1&appOS=WINNT&appABI=x86-msvc&locale=en-US&currentAppVersion=17.0a1&updateType=%UPDATE_TYPE%&compatMode=%COMPATIBILITY_MODE% We're missing some things there :\ escapeAddonURI() in XPIProvider.jsm normally handles those extra tokens, so they're missed when we do the special hotfix update check in AddonManagerInternal.backgroundUpdateCheck(). Thankfully, I don't think that has any practical consequences... but it should still be fixed.
Yeah I should have filed this when I did the hotfix work. I verified at the time that it wasn't a problem for AMO's service but certainly worth fixing nonetheless.
hotfix has been removed
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.