Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Double query parameter escaping around code #464

Closed
mitar opened this issue Aug 15, 2020 · 2 comments
Closed

Double query parameter escaping around code #464

mitar opened this issue Aug 15, 2020 · 2 comments
Labels
bug Something is not working. good first issue A good issue to tackle when being a novice to the project. help wanted We are looking for help on this one.
Milestone
unplanned

Comments

@mitar
Copy link
Contributor

mitar commented Aug 15, 2020

Describe the bug

I think this is a similar problem than what was already reported in #434, but elsewhere in the code. I believe all calls to url.QueryUnescape should be removed from the code. Go already escapes all query/form parameters automatically and unescaping again can just break things.

Example:

func GetRedirectURIFromRequestValues(values url.Values) (string, error) {
	// rfc6749 3.1.   Authorization Endpoint
	// The endpoint URI MAY include an "application/x-www-form-urlencoded" formatted (per Appendix B) query component
	redirectURI, err := url.QueryUnescape(values.Get("redirect_uri"))
	if err != nil {
		return "", errors.WithStack(ErrInvalidRequest.WithHint(`The "redirect_uri" parameter is malformed or missing.`).WithDebug(err.Error()))
	}
	return redirectURI, nil
}
@aeneasr aeneasr added bug Something is not working. help wanted We are looking for help on this one. good first issue A good issue to tackle when being a novice to the project. labels Aug 21, 2020
@aeneasr
Copy link
Member

aeneasr commented Aug 21, 2020

If this is fixed, please add breaking tests first :)

@aeneasr aeneasr added this to the unplanned milestone Aug 21, 2020
This was referenced Sep 20, 2020
Closed
Merged
@mitar
Copy link
Contributor Author

mitar commented Oct 7, 2020

Done in #480.

@mitar mitar closed this as completed Oct 7, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something is not working. good first issue A good issue to tackle when being a novice to the project. help wanted We are looking for help on this one.
Projects
None yet
Milestone
unplanned
Development

No branches or pull requests
2 participants
@mitar @aeneasr