Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

curl tool option to percent-encode the passed raw URL #514

Closed
vszakats opened this issue Nov 3, 2015 · 14 comments
Closed

curl tool option to percent-encode the passed raw URL #514

vszakats opened this issue Nov 3, 2015 · 14 comments

Comments

@vszakats
Copy link
Member

@vszakats vszakats commented Nov 3, 2015

In certain situations it'd would be useful if curl (the tool) could translate a raw URL (f.e. containing spaces or other special characters) passed to its command-line to the percent-encoded (AKA 'URL encoded') version that would then be used to make the actual request.

This could be handy on Windows mainly, where the % sign has special uses, so including it in a command may be problematic (needs different escaping on the command-line, inside a batch file, in shell script), or impossible.

So f.e. this line:

curl -O https://example.com/hello%20world.txt

could become:

curl -O "https://example.com/hello world.txt" -rawurl

Required low-level logic is already implemented in the codebase as curl_easy_escape().

@vszakats vszakats changed the title curl tool option to percent-encode the passed raw URL (feature-request) curl tool option to percent-encode the passed raw URL (feature request) Nov 3, 2015
@bagder
Copy link
Member

@bagder bagder commented Nov 3, 2015

One problem would be that you probably don't want it to become fully "URL encoded" (as said libcurl function would make it) as then for example the slashes would also be encoded... It sounds to me like you're looking to getting some specific letters to get encoded, like space for example.

@vszakats
Copy link
Member Author

@vszakats vszakats commented Nov 3, 2015

Yes, exactly, thanks for pointing that out. Spaces, percent-sign look like good candidates to start with.

(I've updated the original message.)

@jay jay changed the title curl tool option to percent-encode the passed raw URL (feature request) curl tool option to percent-encode the passed raw URL Nov 3, 2015
@bagder bagder closed this in 3ea77f6 Jan 11, 2016
@vszakats
Copy link
Member Author

@vszakats vszakats commented Jul 12, 2016

@patrikhson Looks like something is spamming this space on your behalf.

@bagder
Copy link
Member

@bagder bagder commented Jul 12, 2016

Yeah and I have no way to block a specific user or email address other than to report them for abuse but I did it now in an attempt to stop this flood.

@kdudka
Copy link
Collaborator

@kdudka kdudka commented Jul 12, 2016

On Tuesday, July 12, 2016 08:28:02 Daniel Stenberg wrote:

Yeah and I have no way to block a specific user or email address other than
to report them for abuse but I did it now in an attempt to stop this
flood.

So did I (together with request to delete the comments). Then I spotted that
@patrikhson posted a "normal" comment in 2013. Looks like somebody hacked his
account recently.

@bagder
Copy link
Member

@bagder bagder commented Jul 12, 2016

Yes I know Patrik Fältström so I know this isn't him. But AFAIK there's nothing preventing you from sending emails to github and just forging the From address.

@vszakats
Copy link
Member Author

@vszakats vszakats commented Jul 12, 2016

I believe it's not enough to spoof the sender address to be able to post to spaces like this. One needs to also obtain a valid reply address, which is identifying the discussion (and possibly the participant as well), and which looks like this in case of GitHub:

reply+<very-long-unique-hex-id> (AT) reply.github.com

Assuming such reply ID cannot be easily spoofed, it's likely they are being harvested from email archives and used as target addresses.

@vszakats
Copy link
Member Author

@vszakats vszakats commented Jul 12, 2016

One stop-gap solution is to lock old Issues and other places where he appears as participant.

@patrikhson
Copy link

@patrikhson patrikhson commented Jul 12, 2016

I have noted this but will be in an airplane for two hours. Will be online approx 1800 UTC.

Patrik

On 12 juli 2016, at 17:39, Viktor Szakats notifications@github.com wrote:

One stop-gap solution is to lock old Issues and other places where he appears as participant.


You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or mute the thread.

@patrikhson
Copy link

@patrikhson patrikhson commented Jul 12, 2016

FWIW, I am cleaning up now. I have no real idea what has happened...

@jay
Copy link
Member

@jay jay commented Jul 13, 2016

No that shouldn't be necessary. I wrote GitHub about this and they are going to look into that account to improve their spam protection. Clearly no person would post that many messages in such a short period of time, only an automated process. The content was also suspect.

Collaborators are limited in how they can handle abuse like this to reporting it, Owners however can throw down the hammer I believe by ignoring the user because when you ignore a user it should ban them from posting comments in any repos they own. That may be different for organizations (which we are) so @bagder should this happen again you could also try https://help.github.com/articles/blocking-a-user-from-your-organization/

@bagder
Copy link
Member

@bagder bagder commented Jul 13, 2016

I noticed already 10 hours ago that github admins had removed the spam comments (I think several of us reported the incident). At least all the ones I checked.

@ghost
Copy link

@ghost ghost commented Jan 2, 2018

@bagder its nice that you added this to the TODO list, but that doesnt really, or shouldnt really close this issue

also that was about 2 years ago

@bagder
Copy link
Member

@bagder bagder commented Jan 3, 2018

@svnpenn: we don't keep issues open if nobody intends to work on them: https://curl.haxx.se/docs/bugs.html#Closing_off_stalled_bugs

@lock lock bot locked as resolved and limited conversation to collaborators May 6, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
5 participants