From f138ec95d9d2c9faba019e52467beeed2a73b4f5 Mon Sep 17 00:00:00 2001 From: janekptacijarabaci Date: Sun, 15 Apr 2018 08:09:17 +0200 Subject: moebius#131: URL parser - stop preserving empty passwords https://github.com/MoonchildProductions/moebius/issues/131 --- docshell/test/unit/test_nsDefaultURIFixup_search.js | 2 +- netwerk/base/nsStandardURL.cpp | 12 +++++++++--- netwerk/test/unit/test_URIs.js | 2 +- netwerk/test/unit/test_standardurl.js | 20 ++++++++++++++++++++ 4 files changed, 31 insertions(+), 5 deletions(-) diff --git a/docshell/test/unit/test_nsDefaultURIFixup_search.js b/docshell/test/unit/test_nsDefaultURIFixup_search.js index c00b6a85f..c84452b5d 100644 --- a/docshell/test/unit/test_nsDefaultURIFixup_search.js +++ b/docshell/test/unit/test_nsDefaultURIFixup_search.js @@ -74,7 +74,7 @@ var data = [ }, { wrong: 'user:@example.com:8080/this/is/a/test.html', - fixed: 'http://user:@example.com:8080/this/is/a/test.html', + fixed: 'http://user@example.com:8080/this/is/a/test.html', }, { wrong: '//user:pass@example.com:8080/this/is/a/test.html', diff --git a/netwerk/base/nsStandardURL.cpp b/netwerk/base/nsStandardURL.cpp index 983e938ca..21c4cf7fd 100644 --- a/netwerk/base/nsStandardURL.cpp +++ b/netwerk/base/nsStandardURL.cpp @@ -781,11 +781,13 @@ nsStandardURL::BuildNormalizedSpec(const char *spec) i = AppendSegmentToBuf(buf, i, spec, username, mUsername, &encUsername, useEncUsername, &diff); ShiftFromPassword(diff); - if (password.mLen >= 0) { + if (password.mLen > 0) { buf[i++] = ':'; i = AppendSegmentToBuf(buf, i, spec, password, mPassword, &encPassword, useEncPassword, &diff); ShiftFromHost(diff); + } else { + mPassword.mLen = -1; } buf[i++] = '@'; } @@ -1621,7 +1623,7 @@ nsStandardURL::SetUserPass(const nsACString &input) usernameLen), esc_Username | esc_AlwaysCopy, buf, ignoredOut); - if (passwordLen >= 0) { + if (passwordLen > 0) { buf.Append(':'); passwordLen = encoder.EncodeSegmentCount(userpass.get(), URLSegment(passwordPos, @@ -1629,6 +1631,8 @@ nsStandardURL::SetUserPass(const nsACString &input) esc_Password | esc_AlwaysCopy, buf, ignoredOut); + } else { + passwordLen = -1; } if (mUsername.mLen < 0) buf.Append('@'); @@ -1659,8 +1663,10 @@ nsStandardURL::SetUserPass(const nsACString &input) // update positions and lengths mUsername.mLen = usernameLen; mPassword.mLen = passwordLen; - if (passwordLen) + if (passwordLen > 0) { mPassword.mPos = mUsername.mPos + mUsername.mLen + 1; + } + return NS_OK; } diff --git a/netwerk/test/unit/test_URIs.js b/netwerk/test/unit/test_URIs.js index 5bc7fe432..1cad7768f 100644 --- a/netwerk/test/unit/test_URIs.js +++ b/netwerk/test/unit/test_URIs.js @@ -109,7 +109,7 @@ var gTests = [ nsIURL: true, nsINestedURI: false }, { spec: "ftp://foo:@ftp.mozilla.org:100/pub/mozilla.org/README", scheme: "ftp", - prePath: "ftp://foo:@ftp.mozilla.org:100", + prePath: "ftp://foo@ftp.mozilla.org:100", port: 100, username: "foo", password: "", diff --git a/netwerk/test/unit/test_standardurl.js b/netwerk/test/unit/test_standardurl.js index a1a320721..fa9ed6964 100644 --- a/netwerk/test/unit/test_standardurl.js +++ b/netwerk/test/unit/test_standardurl.js @@ -461,3 +461,23 @@ add_test(function test_invalidHostChars() { // hostname separators, so there is no way to set them and fail. run_next_test(); }); + +add_test(function test_emptyPassword() { + var url = stringToURL("http://a:@example.com"); + do_check_eq(url.spec, "http://a@example.com/"); + url.password = "pp"; + do_check_eq(url.spec, "http://a:pp@example.com/"); + url.password = ""; + do_check_eq(url.spec, "http://a@example.com/"); + url.userPass = "xxx:"; + do_check_eq(url.spec, "http://xxx@example.com/"); + url.password = "zzzz"; + do_check_eq(url.spec, "http://xxx:zzzz@example.com/"); + url.userPass = "xxxxx:yyyyyy"; + do_check_eq(url.spec, "http://xxxxx:yyyyyy@example.com/"); + url.userPass = "z:"; + do_check_eq(url.spec, "http://z@example.com/"); + url.password = "ppppppppppp"; + do_check_eq(url.spec, "http://z:ppppppppppp@example.com/"); + run_next_test(); +}); -- cgit v1.2.3