Tiny problem with knits and http (double-encoding?)

Robert Collins robertc at robertcollins.net
Mon May 1 01:51:40 BST 2006

On Mon, 2006-05-01 at 10:42 +1000, Martin Pool wrote:
> On 29 Apr 2006, John Arbash Meinel <john at arbash-meinel.com> wrote:
> > And if I click on the link, it tries to take me to:
> > 
> > http://lalo.revisioncontrol.net/bzr/vos/.bzr/repository/knits/9b/%254dakefile.am-20060328145850-abc9b80cb43dfb63.kndx
> > 
> > However, your server seems to be double unescaping this to translate:
> > 
> > %254d => M (%25=>%, and %4d=> M)
> Interesting - perhaps this sort of bug is a reason to avoid
> anything that could cause double escaping in future?  (ie we should have
> used some other character, not %, to mark our escapes, leaving that for
> http?)
> Although this particular bug is fixed, it may be the kind of thing that
> tends to provoke bugs in other software.

Possibly. Its a serious violation of HTTP, and not one I've ever seen
elsewhere. I've seen plenty of sites that reuse http escaping - in a web
app its guaranteed to be available ;)


GPG key available at: <http://www.robertcollins.net/keys.txt>.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: This is a digitally signed message part
Url : https://lists.ubuntu.com/archives/bazaar/attachments/20060501/29ada0b1/attachment.pgp 

More information about the bazaar mailing list