Closed
Bug 905536
Opened 12 years ago
Closed 12 years ago
Bad URL encoding sometimes mis-encodes some characters
Categories
(Marketplace Graveyard :: Consumer Pages, defect, P2)
Tracking
(Not tracked)
RESOLVED
FIXED
2013-08-20
People
(Reporter: basta, Assigned: basta)
Details
(Whiteboard: [qa-])
Sometimes we see user tokens in log output, especially when there's plus characters in the user's email address. At some point in the process, the user token is being improperly encoded (or decoded) such that the plus is not being converted to %2B. This has a number of side effects:
- User token in some logs
- Request caching does not work sometimes
- Cache rewriting does not work sometimes
For users with these email addresses, this causes a pretty significant perf hit. In the past, this has also resulted in certain features not working for these users (due to other bugs which were exposed by the issue).
This bug affects Commonplace code.
Comment 1•12 years ago
|
||
This also affects testing since we see weird behavior when logged in with an email id with + in it. These email ids are used often to verify a new user behavior.
Assignee | ||
Comment 2•12 years ago
|
||
https://github.com/mozilla/fireplace/commit/6bc72a5793f69310dfdb920429b279082985562f
https://github.com/mozilla/fireplace/commit/55924d58ad7680d73da363dc35a4777e2fdbb50e
https://github.com/mozilla/commonplace/commit/9f817bac9750f7438e73347c992edb11c33d1aac
This fixes the issue. We were un-escaping spaces (+) after we were doing a decodeURIComponent. It should have been the other way around.
Commonplace projects will receive the update in version 0.1.0 or 0.0.12 (whichever is released first).
Assignee | ||
Updated•12 years ago
|
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Target Milestone: --- → 2013-08-20
Assignee | ||
Comment 3•12 years ago
|
||
Marking qa- since the STR are very obscure and you need a specially-crafted email to reproduce. If you want to test that it's working, run the following in your console:
require('utils').decodeURIComponent('foo%2Bbar')
On affected sites (presently prod/stage), you'll see "foo bar".
On patched sites (presently just -dev), you'll see "foo+bar", the correct value.
Whiteboard: [qa-]
You need to log in
before you can comment on or make changes to this bug.
Description
•