New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
curl tool option to percent-encode the passed raw URL #514
Comments
One problem would be that you probably don't want it to become fully "URL encoded" (as said libcurl function would make it) as then for example the slashes would also be encoded... It sounds to me like you're looking to getting some specific letters to get encoded, like space for example. |
Yes, exactly, thanks for pointing that out. Spaces, percent-sign look like good candidates to start with. (I've updated the original message.) |
@patrikhson Looks like something is spamming this space on your behalf. |
Yeah and I have no way to block a specific user or email address other than to report them for abuse but I did it now in an attempt to stop this flood. |
On Tuesday, July 12, 2016 08:28:02 Daniel Stenberg wrote:
So did I (together with request to delete the comments). Then I spotted that |
Yes I know Patrik Fältström so I know this isn't him. But AFAIK there's nothing preventing you from sending emails to github and just forging the From address. |
I believe it's not enough to spoof the sender address to be able to post to spaces like this. One needs to also obtain a valid reply address, which is identifying the discussion (and possibly the participant as well), and which looks like this in case of GitHub:
Assuming such reply ID cannot be easily spoofed, it's likely they are being harvested from email archives and used as target addresses. |
One stop-gap solution is to lock old Issues and other places where he appears as participant. |
I have noted this but will be in an airplane for two hours. Will be online approx 1800 UTC. Patrik
|
FWIW, I am cleaning up now. I have no real idea what has happened... |
No that shouldn't be necessary. I wrote GitHub about this and they are going to look into that account to improve their spam protection. Clearly no person would post that many messages in such a short period of time, only an automated process. The content was also suspect. Collaborators are limited in how they can handle abuse like this to reporting it, Owners however can throw down the hammer I believe by ignoring the user because when you ignore a user it should ban them from posting comments in any repos they own. That may be different for organizations (which we are) so @bagder should this happen again you could also try https://help.github.com/articles/blocking-a-user-from-your-organization/ |
I noticed already 10 hours ago that github admins had removed the spam comments (I think several of us reported the incident). At least all the ones I checked. |
@bagder its nice that you added this to the TODO list, but that doesnt really, or shouldnt really close this issue also that was about 2 years ago |
@svnpenn: we don't keep issues open if nobody intends to work on them: https://curl.haxx.se/docs/bugs.html#Closing_off_stalled_bugs |
In certain situations it'd would be useful if
curl
(the tool) could translate a raw URL (f.e. containing spaces or other special characters) passed to its command-line to the percent-encoded (AKA 'URL encoded') version that would then be used to make the actual request.This could be handy on Windows mainly, where the
%
sign has special uses, so including it in a command may be problematic (needs different escaping on the command-line, inside a batch file, in shell script),or impossible.So f.e. this line:
could become:
Required low-level logic is already implemented in the codebase ascurl_easy_escape()
.The text was updated successfully, but these errors were encountered: