1
0
mirror of https://github.com/openSUSE/osc.git synced 2025-09-06 05:08:42 +02:00
Files
github.com_openSUSE_osc/osc
Marcus Huewe d549f27ec5 Escape % character in binary download URLs
Without escaping the % character, the download URL could be subject
to string formatting (depending on the subsequent characters). For
instance, if the url attribute's value of a buildinfo's path element
contains the substring "c_c%2B%2B", the "%2B" is interpreted as a
format string (see issue #965), which is wrong ("B" is not a valid
format character at all). In order to avoid this, escape all
% characters in the download urls.
Note: escaping the % characters in the download url itself is OK
because we only intend to "format" the path.

Note: we do not escape the % characters for urls from the config
file (implicit assumption: the user already correctly escaped the
urls (whether this assumption is sensible or not is debatable, of
course)).

Fixes: #965 ("unsupported format character 'B' (0x42) at index 66")
2021-12-07 20:44:48 +01:00
..
2009-12-03 19:19:53 +01:00
2014-08-12 15:01:16 +02:00
2021-12-02 08:51:26 +01:00
2019-08-29 16:11:17 +02:00