-
Notifications
You must be signed in to change notification settings - Fork 129
[Bug] serialize and deserialize trojan:// link incorrectly #18
Comments
We may need |
diff --git a/core/Serializer.hpp b/core/Serializer.hpp
index cca3979..024bfae 100644
--- a/core/Serializer.hpp
+++ b/core/Serializer.hpp
@@ -69,7 +69,7 @@ class TrojanOutboundHandler : public Qv2rayPlugin::PluginOutboundHandler
//
TrojanObject result;
result.address = trojanUrl.host();
- result.password = trojanUrl.userName();
+ result.password = trojanUrl.userInfo(QUrl::FullyDecoded);
result.port = trojanUrl.port();
result.sni = getQueryValue("sni");
// |
That's a great mess. This URI specification seemed to be brought by Shadowrocket, but they never explicitly share the details and is close-sourced. Well in that case, I just want to say that, you got to escape your special characters in passwords. I think Qv2ray will be doing correct things. |
Patch is submitted in 86b5763 on dev. As for the serialization, I guess it's not a problem if we explicitly escape |
How about the issue "新建一个密码为 %25 的连接,导出的链接是 QUrl link;
if (!o.password.isEmpty())
- link.setUserInfo(o.password);
+ link.setUserInfo(o.password, QUrl::DecodedMode); ps: QUrl::DecodedMode is not permitted in setUserInfo, use setUserName instead. |
Yes. Just do it. |
@DuckSoft We should also launch a check task on the whole project. Maybe there's other positions where we can use QUrl::DecodedMode. |
@dyhkwong got it. I tested against
QUrl is awesome. |
%
加两位十六进制数 被认为是已进行 url-encode 的字符Example: 新建一个密码为
%25
的连接,导出的链接是trojan://%25@example.com:443#foobar
而不是trojan://%2525@example.com:443#foobar
:
后的字符被认为是 url password 的一部分Example: 导入链接
trojan://1:2@example.com:443#foobar
,导入后密码变为1
而不是1:2
The text was updated successfully, but these errors were encountered: