Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixed SendHttpClientRequest to accept '&' in both username and password #527

Open
wants to merge 8 commits into
base: master
Choose a base branch
from
Open

Fixed SendHttpClientRequest to accept '&' in both username and password #527

wants to merge 8 commits into from

Conversation

kevinamorim
Copy link

I found a bug when using JWT authentication. If the username or password has an ampersand (&) character the request body params get messed up.

Converting all ampersands characters to their UTF-8 hex representation fixed the problem.

The original data is never altered.

PS: I also closed the data stream after writing to it and added the ContentLength header to the request.

@pricerc
Copy link

pricerc commented Jul 22, 2021
edited

There are a couple of standard methods that will handle this without requiring a custom method:

https://docs.microsoft.com/en-us/dotnet/api/system.web.httputility.urlencode
https://docs.microsoft.com/en-us/dotnet/api/system.net.webutility.urlencode

while you spotted a problem with ampersands, there may be other characters that also cause trouble. Spaces, slashes, greater-than and less-than spring to mind as possible candidates.

I recently ran into a similar problem on a completely unrelated project.

In that same project, I also had a problem with Unicode characters messing with the ContentLength, because the size returned by Encoding.UTF8.GetBytes() is not necessarily the correct ContentLength.. (I can't remember if ContentLength was more or less, but it was different). The solution was to just not specify the ContentLength and let the underlying library handle it.

@kevinamorim
Copy link
Author

There are a couple of standard methods that will handle this without requiring a custom method:

https://docs.microsoft.com/en-us/dotnet/api/system.web.httputility.urlencode
https://docs.microsoft.com/en-us/dotnet/api/system.net.webutility.urlencode

while you spotted a problem with ampersands, there may be other characters that also cause trouble. Spaces, slashes, greater-than and less-than spring to mind as possible candidates.

I recently ran into a similar problem on a completely unrelated project.

In that same project, I also had a problem with Unicode characters messing with the ContentLength, because the size returned by Encoding.UTF8.GetBytes() is not necessarily the correct ContentLength.. (I can't remember if ContentLength was more or less, but it was different). The solution was to just not specify the ContentLength and let the underlying library handle it.

Thanks! I should use UrlEncode() then.
I'll try to fix this!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@kevinamorim @pricerc