Unescape username/passwords obtained from URLs before using them for HTTP auth.

BUG=http://crbug.com/19200 Review URL: http://codereview.chromium.org/164504 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@23403 0039d316-1c4b-4281-b951-d872f2087c98
author: ericroman@google.com <ericroman@google.com@0039d316-1c4b-4281-b951-d872f2087c98> 2009-08-14 01:00:29 +0000
committer: ericroman@google.com <ericroman@google.com@0039d316-1c4b-4281-b951-d872f2087c98> 2009-08-14 01:00:29 +0000
commit: a97cca4ae68dc9f34ece5ff97de5675721cf88a1 (patch)
tree: 1b620640f855fb8ff2058b129132bb7d2a0cd3c8 /net/http/http_network_transaction.cc
parent: 920894548dc271c46113b4960915f0d5bee5ceea (diff)
download: chromium_src-a97cca4ae68dc9f34ece5ff97de5675721cf88a1.zip
chromium_src-a97cca4ae68dc9f34ece5ff97de5675721cf88a1.tar.gz
chromium_src-a97cca4ae68dc9f34ece5ff97de5675721cf88a1.tar.bz2
1 files changed, 13 insertions, 5 deletions
diff --git a/net/http/http_network_transaction.cc b/net/http/http_network_transaction.cc
index a3f5513..4b44cdc 100644
--- a/net/http/http_network_transaction.cc
+++ b/net/http/http_network_transaction.cc
@@ -1670,11 +1670,10 @@ bool HttpNetworkTransaction::SelectNextAuthIdentityToTry(
       auth_identity_[target].source == HttpAuth::IDENT_SRC_NONE) {
     auth_identity_[target].source = HttpAuth::IDENT_SRC_URL;
     auth_identity_[target].invalid = false;
-    // TODO(wtc) It may be necessary to unescape the username and password
-    // after extracting them from the URL.  We should be careful about
-    // embedded nulls in that case.
-    auth_identity_[target].username = ASCIIToWide(request_->url.username());
-    auth_identity_[target].password = ASCIIToWide(request_->url.password());
+    // Extract the username:password from the URL.
+    GetIdentifyFromUrl(request_->url,
+                       &auth_identity_[target].username,
+                       &auth_identity_[target].password);
     // TODO(eroman): If the password is blank, should we also try combining
     // with a password from the cache?
     return true;
@@ -1711,6 +1710,15 @@ bool HttpNetworkTransaction::SelectNextAuthIdentityToTry(
   return false;
 }
 
+// static
+void HttpNetworkTransaction::GetIdentifyFromUrl(const GURL& url,
+                                                std::wstring* username,
+                                                std::wstring* password) {
+  UnescapeRule::Type flags = UnescapeRule::SPACES;
+  *username = UnescapeAndDecodeUTF8URLComponent(url.username(), flags);
+  *password = UnescapeAndDecodeUTF8URLComponent(url.password(), flags);
+}
+
 std::string HttpNetworkTransaction::AuthChallengeLogMessage() const {
   std::string msg;
   std::string header_val;
author	ericroman@google.com <ericroman@google.com@0039d316-1c4b-4281-b951-d872f2087c98>	2009-08-14 01:00:29 +0000
committer	ericroman@google.com <ericroman@google.com@0039d316-1c4b-4281-b951-d872f2087c98>	2009-08-14 01:00:29 +0000
commit	a97cca4ae68dc9f34ece5ff97de5675721cf88a1 (patch)
tree	1b620640f855fb8ff2058b129132bb7d2a0cd3c8 /net/http/http_network_transaction.cc
parent	920894548dc271c46113b4960915f0d5bee5ceea (diff)
download	chromium_src-a97cca4ae68dc9f34ece5ff97de5675721cf88a1.zip chromium_src-a97cca4ae68dc9f34ece5ff97de5675721cf88a1.tar.gz chromium_src-a97cca4ae68dc9f34ece5ff97de5675721cf88a1.tar.bz2