Skip to content

Detect URL-encoded CRLF (%0D%0A) in FtpWebRequest URI#128983

Draft
Copilot wants to merge 2 commits into
mainfrom
copilot/support-url-encoded-check-for-new-line
Draft

Detect URL-encoded CRLF (%0D%0A) in FtpWebRequest URI#128983
Copilot wants to merge 2 commits into
mainfrom
copilot/support-url-encoded-check-for-new-line

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented Jun 4, 2026
edited
Loading

FtpWebRequest already rejects URIs containing a literal \r\n with a clear FormatException, but the URL-encoded form %0D%0A slips past the check and fails later with a less informative exception — a common case when a stray CRLF from upstream parsing gets URL-encoded for safety.

Changes

  • src/libraries/System.Net.Requests/src/System/Net/FtpWebRequest.cs: Extend the constructor's CRLF check to also match %0D%0A case-insensitively, throwing the same FormatException (net_ftp_no_newlines) up front.
  • src/libraries/System.Net.Requests/tests/FtpWebRequestTest.cs: Add Ctor_NewLineInUri_ThrowsFormatException theory covering literal \r\n and the %0D%0A / %0d%0a / %0D%0a casing variants.
if (uri.OriginalString.Contains("\r\n", StringComparison.Ordinal) ||
    uri.OriginalString.Contains("%0D%0A", StringComparison.OrdinalIgnoreCase))
    throw new FormatException(SR.net_ftp_no_newlines);

Copilot AI self-assigned this Jun 4, 2026
Copilot AI review requested due to automatic review settings June 4, 2026 11:51
Copilot AI review requested due to automatic review settings June 4, 2026 11:51
Copilot AI linked an issue Jun 4, 2026 that may be closed by this pull request
Support for URL encoded check for new line in FtpWebRequest #128642
Open
@MihaZupan MihaZupan assigned mrek-msft and unassigned MihaZupan Jun 4, 2026
@MihaZupan
Detect URL-encoded CRLF (%0D%0A) in FtpWebRequest URI
58f7521 
Co-authored-by: MihaZupan <25307628+MihaZupan@users.noreply.github.com>
Copilot AI requested review from Copilot and removed request for Copilot June 4, 2026 12:25
Copilot AI changed the title [WIP] Add support for URL encoded check for new line in FtpWebRequest Detect URL-encoded CRLF (%0D%0A) in FtpWebRequest URI Jun 4, 2026
Copilot AI requested a review from MihaZupan June 4, 2026 12:26
@dotnet-policy-service
Copy link
Copy Markdown
Contributor

dotnet-policy-service Bot commented Jun 4, 2026

Tagging subscribers to this area: @karelz, @dotnet/ncl
See info in area-owners.md if you want to be subscribed.

This was referenced Jun 4, 2026
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@MihaZupan MihaZupan Awaiting requested review from MihaZupan

Copilot code review Copilot Awaiting requested review from Copilot Copilot will automatically review once the pull request is marked ready for review

At least 1 approving review is required to merge this pull request.

Assignees

@mrek-msft mrek-msft

Copilot code review Copilot

Labels

area-System.Net

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Support for URL encoded check for new line in FtpWebRequest

3 participants

@MihaZupan @mrek-msft