Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

escaping the password to prevent URI:InvalidcomponentError #453

Closed
wants to merge 1 commit into
from

Conversation

Projects
None yet
2 participants

sandys commented Mar 15, 2012

1.9.3p0 :002 > db = Sequel.connect("mysql://sandeep:s%40d33p@localhost/db1")
=> #<Sequel::MySQL::Database: {:user=>"sandeep", :password=>"s@d33p", :host=>"localhost", :port=>nil, :database=>"db1", :adapter=>"mysql", :disconnection_proc=>#Proc:0x0000000282c7e0@/home/user/.rvm/gems/ruby-1.9.3-p0/gems/sequel-3.31.0/lib/sequel/database/misc.rb:47, :adapter_class=>Sequel::MySQL::Database, :single_threaded=>false}>
1.9.3p0 :003 > db.url
URI::InvalidComponentError: bad component(expected user component): s@d33p
from /home/user/.rvm/rubies/ruby-1.9.3-p0/lib/ruby/1.9.1/uri/generic.rb:439:in check_password' from /home/user/.rvm/rubies/ruby-1.9.3-p0/lib/ruby/1.9.1/uri/generic.rb:512:inpassword='
from /home/user/.rvm/gems/ruby-1.9.3-p0/gems/sequel-3.31.0/lib/sequel/database/misc.rb:215:in uri' from /home/user/.rvm/gems/ruby-1.9.3-p0/gems/sequel-3.31.0/lib/sequel/database/misc.rb:221:inurl'
from (irb):3
from /home/user/.rvm/rubies/ruby-1.9.3-p0/bin/irb:16:in `

'

The above error occurs because even though I give Sequel a CGI escaped password, it passes it to the URI gem in its unescaped form.

Owner

jeremyevans commented Mar 15, 2012

I agree that this is a bug that should be fixed. However, I think Sequel should go in a different direction on this. We should be returning the URI given to Sequel.connect verbatim, and if a URI was not used (a connections option hash was used), then uri should return nil (and #inspect should be modified appropriately). I'll fix this later today.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment