httpush loses URL encoding of POST body

Status: Beta

Brought to you by: jfs

#2 httpush loses URL encoding of POST body

Status: open

Owner: nobody

Labels: None

Priority: 5

Updated: 2003-06-06

Created: 2003-06-06

Creator: Colin Phipps

Private: No

httpush unescaped the urlencoded string that makes up
the body of a POST.

But if the body of a POST request contains characters
that must be URL escaped - notable "=", "+", "&" - then
this will break the content. You can't unescape an
urlencoded string without splitting it into its constituent
parts; otherwise you lose information. This, for example,
breaks some sites that use a base64-encoded sessionid
in a hidden form field, because the field may contain
"+", and this will be unescaped from %2b to + by
httpush, so the server will see it as a " ".

The attached patch stops the POST body being
unescaped. There's no need to unescape it.

Presumably the same bug would break non-urlencoded
request bodies as well.

Discussion

Colin Phipps - 2003-06-06

Patch to disable url-unescaping in request body

httpush-content-url-escaping.diff

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

httpush loses URL encoding of POST body

Group

Searches

Help

#2 httpush loses URL encoding of POST body

Discussion