419774 – Incorrect encoding/decoding of file names

Bug 419774 - Incorrect encoding/decoding of file names

Summary: Incorrect encoding/decoding of file names

Status:	RESOLVED FIXED

Alias:	None

Product:	Orion (Archived)
Classification:	ECD
Component:	Node (show other bugs)
Version:	3.0
Hardware:	PC Windows 7

Importance:	P3 normal (vote)
Target Milestone:	18.0
Assignee:	Silenio Quarti
QA Contact:

URL:
Whiteboard:
Keywords:	triaged

Depends on:
Blocks:	514343
	Show dependency tree

Reported:	2013-10-17 19:02 EDT by Mark Macdonald
Modified:	2018-02-27 08:06 EST (History)
CC List:	4 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Mark Macdonald

2013-10-17 19:02:06 EDT

1. Try to create a file named "a%b.js"
2. You get an internal server error.

This is because various places in the server attempt to URL-decode input from the client when they should not. Some helper methods (eg. fileUtil.safeFilePath) implicitly perform URL decoding of arguments, which is bad.

Here is how POSTs should be handled:
-The server should attempt to decode the Slug header
-The server should *not* attempt to decode the Name field in the request body (if provided)
-A valid Slug is preferred over Name, if both are provided (this align us with the Java server).

I tried to fix this in bug 419740 but the problem is pervasive and too risky for this stage of a release.

Comment 1 John Arthorne

2015-05-05 16:30:06 EDT

This open bug report had a target milestone in the past. The target milestone has been removed. Please target for a date in the future or leave the target blank if it is not known.

Comment 2 Silenio Quarti

2016-04-13 13:22:15 EDT

Released changes to fix this problem. Everything seems to work when running a local server, but file names with ? and # still fail behind the orion.eclipse.org proxy.

Comment 3 Remy Suen

2016-11-08 07:03:51 EST

1. Create a folder a%b/.
2. Create the file tmp.txt inside the a%b/ folder.
3. Rename the file to tmp2.txt.
4. The rename will fail with an error.

File not found:/file/a%25b/tmp.txt

Comment 4 Remy Suen

2016-11-30 06:47:46 EST

orion.eclipse.org

Works fine on OrionHub.

1. Create an untracked file named 'a%b.txt' in a folder that's under Git version control.
2. Open the 'Git' page.
3. Try to expand the untracked file's node to look at its diff. You will stay in the 'fetching...' state forever.

There's a 404 in the console presumably because the % was not URL encoded...?

Failed to load resource: the server responded with a status of 404 (Not Found)
https://orion.eclipse.org/gitapi/diff/Default/file/org.eclipse.orion.client/a%b.txt?parts=diff&ignoreWS=false

Comment 5 Remy Suen

2017-02-11 07:25:00 EST

(In reply to Remy Suen from comment #4)
> orion.eclipse.org
> 
> Works fine on OrionHub.
> 
> 1. Create an untracked file named 'a%b.txt' in a folder that's under Git
> version control.
> 2. Open the 'Git' page.
> 3. Try to expand the untracked file's node to look at its diff. You will
> stay in the 'fetching...' state forever.
> 
> There's a 404 in the console presumably because the % was not URL encoded...?
> 
> Failed to load resource: the server responded with a status of 404 (Not
> Found)
> https://orion.eclipse.org/gitapi/diff/Default/file/org.eclipse.orion.client/
> a%b.txt?parts=diff&ignoreWS=false

I have identified the cause for this scenario and have opened bug 512061 for this problem.

Comment 6 Steve Northover

2017-03-31 09:50:36 EDT

I can confirm that Remy's case in comment 3 still happens.

Comment 7 Michael Rennie

2017-06-27 16:55:40 EDT

(In reply to Steve Northover from comment #6)
> I can confirm that Remy's case in comment 3 still happens.

Confirmed this still happens in Orion 15.0

Comment 8 Silenio Quarti

2018-02-26 20:46:29 EST

Fixed Remy's case with:

https://github.com/eclipse/orion.client/commit/9d166938bc1cf5a5b9c837dad493a7725130cb74