GNOME Bugzilla – Bug 89106
Can not pass an @ in the user portion of a URL
Last modified: 2006-01-11 15:45:09 UTC
The format for a URL is: protocol://user@password:location PacBell's NNTP service requires that the user name provided contain an "@". For example, a PacBell user name is: "user@pacbell.net". The current routines do not allow an "@" to be passed in a URL so PacBell's NNTP service is not accessible. The Gnome user should be able to escape the "@" so the following would work: nttp://user%40pacbell.net:password@news.sf.sbcglobal.net/rec.games.netrek In particular for this example, split_toplevel_uri would return "user@pacbell.net" for user_return.
The actual format is: protocol://user:password@host/location The example should be: nntp://user%40pacbell.net:password@news.sf.sbcglobal.net/rec.games.netrek
*** Bug 120148 has been marked as a duplicate of this bug. ***
*** Bug 130847 has been marked as a duplicate of this bug. ***
Created attachment 30547 [details] [review] Patch to allow the proposed format
This patch should allow unescaping of both the user and password fields (ie: to also allow @ to occur in a password) This should affect all modules (as the change was made to the gnome-vfs-uri code itself.) I don't have an account with a username containing @ to test it, but I changed my password on a server to contain @ and logged in with ftp://desrt:foo%40asdf@server/ and it worked... Testing of this patch is greatly appreciated.
Otoh, if someone uses a password with %40 in it for example, or any %xx sequence, the password will need to be escaped now.
This is true, and you could choose to only apply half of the patch (ie: the one for username). However more people probably have @ (or /) in their password than %xx and currently these people are totally unable to use gnome-vfs URIs with their password (whereas the switch would just be an inconvenience to those who have %xx and need to escape it from now on.)
Created attachment 30588 [details] [review] updated version. As per discussion on #nautilus, this updated patch also includes changes to gnome_vfs_uri_to_string to make it so that an escaped uri is returned back to the user.
removing usability keyword to get this out of my queue. If you were looking for an opinion from the usability team your best bet is to cc the usability-maint
*** Bug 63709 has been marked as a duplicate of this bug. ***
*** Bug 163749 has been marked as a duplicate of this bug. ***
could you send the patch to gnome-vfs-list for review ? The maintainers review patches on the list
Ping.
Hereby I report that logging in with a username in the format some.hostname.nl (mind you, that is a username!!!) does not work either; It looks like the username is simply ignored. So this problem is not limited to @'s in the username! That's it!
Created attachment 49192 [details] [review] Alternative, less obstrusive patch This bug is not difficult to hit as most hosting companies use shared servers and give login to ftp and email accounts with user@yourdomain.com as username. Since people complain cannot test this, I've created a ftp account on my server that you see in the commands below. My patch does the same as Ryan but in a different place, I unescaped the username and password just before the return at the end of function, this way I dont touch the existing code to parse username and password. Please review cause I think I've used g_free as crazy. With patch applied you can test the following commands: $ gnomevfs-ls ftp://testgnome%40cenobioracing.com:testgnome@ftp.cenobioracing.com $ gnomevfs-info ftp://testgnome%40cenobioracing.com:testgnome@ftp.cenobioracing.com/testgnome/gpl.txt $ gnomevfs-cat ftp://testgnome%40cenobioracing.com:testgnome@ftp.cenobioracing.com/testgnome/gpl.txt For me they worked fine so gnome-vfs is fixed but still applications like nautilus or gedit fail for me with that kind of uri, so separate bugs have to be filed for them, I plan to look into the nautilus issue as my first intention was to connect from nautilus but firstly we have to fix this bug in gnome-vfs.
As for the nautilus bug I mentioned before, instead of create a new one, it seems the bug (http://bugzilla.gnome.org/show_bug.cgi?id=71973) could be moved from gnome-vfs to nautilus.
I commited ryans patch (the new patch isn't right, as it doesn't re-escape when converting back to string). This can be seen as a slight abi change, since the username/password in the api changed from escaped to unescaped. However, the difference almost certainly is what people expect, and only happens in extremely rare cases.
*** Bug 311619 has been marked as a duplicate of this bug. ***
*** Bug 313148 has been marked as a duplicate of this bug. ***
Updating patch status... . Is it just me or is the following normal with gnomevfs-ls/libgnomevfs HEAD? LANG=C gnomevfs-ls ftp://testgnome%40cenobioracing.com:testgnome@ftp.cenobioracing.com Error opening: Login failed I thought this was resolved by committing attachment 30588 [details] [review].
Christian, I don't use HEAD but I have gnome-vfs 2.10.1 with attachment 30588 [details] [review] applied and works well with and without LANG=C: nelson@gnelson ~ $ gnomevfs-ls ftp://testgnome%40cenobioracing.com:testgnome@ftp.cenobioracing.com/ testgnome (Directory, x-directory/normal) size 4096 mode 0755 nelson@gnelson ~ $ export LANG=C nelson@gnelson ~ $ gnomevfs-ls ftp://testgnome%40cenobioracing.com:testgnome@ftp.cenobioracing.com/ testgnome (Directory, x-directory/normal) size 4096 mode 0755 nelson@gnelson ~ $ Maybe the server had problems, try again and if fails see if server responds to ping...
You're sure that you don't have your patch (attachment 49192 [details] [review]) applied as well?
Sure :), these are the patches that currently I have in my gnome-vfs ebuild: # (nelson) bug #89106 #epatch ${FILESDIR}/gnome-vfs-uri.patch mi patch was rejected epatch ${FILESDIR}/accepted_patch_from_ryan.diff # evitar un crash en gnomevfs-ls epatch ${FILESDIR}/ftp-method.patch #NOT_SAME_FS_ERROR bug #309592 epatch ${FILESDIR}/gnome-vfs-xfer.diff
I've been trying to login to a ftp server where my username is hir\gudnib05. Every ftp client I've tried is able to do this except nautilus. I was pretty sure that someone other than me had this problem, but I can't seem to find anything. (I think this is the right place to mention this!)
On a second thought, that was probably the worst bugreport I've ever made. Gnome 2.10.1 (Compiled myself from gentoo's portage) What I'm trying to say, using "Connect to server" to connect to the ftp server with the hir\gudnib05 username, doesn't work, though it works if I just type in any nautilus window ftp://ftp.server.name/ and type in my username as it is. But still then I expirience 100% cpu usage from nautilus. Having tried to escape the \ myself and numerous other ways to get around this, I still can't find a solution. Any hacks, that I could try?
According to Nelson [1], this works as expected. Closing. [1] http://mail.gnome.org/archives/gnome-vfs-list/2005-September/msg00002.html
*** Bug 310040 has been marked as a duplicate of this bug. ***
The current solution (I use gnome-vfs 2.12.1) allows me to login, but only if I remember to (and _know_ I have to) substitute "@" with "%40". # gedit ftp://testgnome%40cenobioracing.com:testgnome@ftp.cenobioracing.com/testgnome/gpl.txt (it does work) # gedit ftp://testgnome@cenobioracing.com:testgnome@ftp.cenobioracing.com/testgnome/gpl.txt (it doesn't) It's the same if I open that file from "Open location" in Gedit's File menu. IMHO gnome-vfs should allow users to use "@" unescaped and consider the host name to start after the last (unescaped) "@". If you agree, please reopen #89106. TIA, robepisc
In reply to comment 28, I think gnome-vfs does it right by following the uri spec which says '@' need to be escaped, and end-user should never has to type an uri, which is a technical thing, that is why nautilus shows a dialog with fields for enter username, password,etc, and you can enter there the username with '@' which nautilus will escape when creating the uri. So your problem is that gedit doesn't provide a gui to connect to a remote ftp document and just let the user alone with typing the uri. A solution is that you connect to the ftp location through nautilus and then browse that from gedit.
Thanks for the prompt reply, Nelson! Sorry, but I didn't know of the spec. However I assume most people don't, and since many apps do have an "Open Location" menu item (even Nautilus does, and it (mis)behaves exactly the same as Gedit's one) and they will not go away soon, I think its fair to treat the "@" character as special and allow a very little violation of the spec. That is to allow it to be unescaped, as suggested in my previous comment #28. Remember that "@" is often present in user names given by ISPs, for example, so it's used a lot by people (like me) who doesn't know/care that a spec tells you to use "%40" instead of "@". And also consider that the little change I propose is toward what anybody would expect it to work. OTOH, I agree with you that users should never input URIs. However the reality is many people use or want to be able to use "Open Location" to access a FTP site. Thanks, robepisc
Roberto, I like your suggestion in the sense it makes things a little more "just work" to normal users, but I think it's very difficult that your suggestion goes into gnome-vfs, the better place to make that replacement before passing to gnome-vfs would be in the "Open location" code of the aplication, but still I think that would'nt be correct (what happens if the file contains a '@' in its filename?)... so for me the best option is the application has a gui to facilitate open documents in remote locations (similar to nautilus-connect-server) and if a (advanced)user choose to "Open Location" then he will have to enter a valid uri.