Closed
Bug 804633
Opened 12 years ago
Closed 12 years ago
[socorro-crashstats] Double-encode special chars in middleware URLs
Categories
(Socorro :: Webapp, task)
Socorro
Webapp
Tracking
(Not tracked)
VERIFIED
FIXED
People
(Reporter: adrian, Assigned: adrian)
References
()
Details
We need to double-encode slashes and pluses in signatures in middleware URLs before calling them.
|
Assignee | |
Comment 1•12 years ago
|
||
|
|
Assignee | |
Comment 2•12 years ago
|
||
Test case for this is for example: http://crash-stats-new-dev.allizom.org/query/?query=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fboot.ini&query_type=simple
Or run any search containing a + or a / in the signature field.
|
||
Comment 3•12 years ago
|
||
Commits pushed to master at https://github.com/mozilla/socorro-crashstats
https://github.com/mozilla/socorro-crashstats/commit/6285cdf1ed74f1aa986003a770fc5e6334bf6f90
Fixes bug 804633 - Double-encode slashes and pluses in signature parameters in middleware URLs.
https://github.com/mozilla/socorro-crashstats/commit/be776ecb16e100ae7ddb744170378e79987a5ae0
Merge pull request #216 from AdrianGaudebert/804633-double-encode-signatures
Fixes bug 804633 - Double-encode slashes and pluses in signature paramet...
|
|
||
Updated•12 years ago
|
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
|
||
Comment 4•12 years ago
|
||
Verified FIXED:
[11:38:36.699] GET http://crash-stats-new-dev.allizom.org/query/?query=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fboot.ini&query_type=simple [HTTP/1.1 200 OK 2309ms]
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•