--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: Bugreport.pm: doesn't uri_encode email addresses before querying libravatar.cgi
- From: Fabien Givors <f+debian@chezlefab.net>
- Date: Sun, 27 Oct 2013 20:03:28 +0100
- Message-id: <20131027190328.19879.18684.reportbug@coincoin.chezlefab.net>
Package: bugs.debian.org
Severity: minor
Tags: patch
Dear Maintainer,
* What led up to the situation?
I registered two of my email addresses I used to submit bugs to debbug to
libravatar.org, one of which containing a + sign.
* What exactly did you do (or not do) that was effective (or
ineffective)?
I tried to visit the URL :
http://bugs.debian.org/cgi-bin/libravatar.cgi?email=f+debian@chezlefab.net
it displayed the empty png avatar, as expected.
I tried to visit the URL :
http://bugs.debian.org/cgi-bin/libravatar.cgi?email=f%2Bdebian@chezlefab.net
it displayed my avatar, as expected.
I visited one of my messages on the tracker that uses this address:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=727680#5
it didn't displayed my avatar, but it should have.
I visited one of my messages on the tracker that uses the other address:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=602463#5
it did displayed my avatar, as expected.
Digging into the sources, it seemed to me that the email addresses were not
uri_encoded before being given as a parameter to libravatar.cgi
I believe the enclosed pbtch fixes this issue.
Best regards,
--
captnfab
-- System Information:
Debian Release: jessie/sid
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 'oldstable-updates'), (500, 'oldstable-proposed-updates'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (500, 'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.11-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to fr_FR.UTF-8)
Shell: /bin/sh linked to /bin/dash
diff --git a/Debbugs/CGI/Bugreport.pm b/Debbugs/CGI/Bugreport.pm
index 2e53892..32820a8 100644
--- a/Debbugs/CGI/Bugreport.pm
+++ b/Debbugs/CGI/Bugreport.pm
@@ -41,6 +41,7 @@ use Debbugs::UTF8;
use Debbugs::Config qw(:config);
use POSIX qw(strftime);
use Encode qw(decode_utf8 encode_utf8);
+use URI::Escape;
BEGIN{
($VERSION) = q$Revision: 494 $ =~ /^Revision:\s+([^\s+])/;
@@ -452,7 +453,7 @@ sub __libravatar_url {
return undef;
}
($email) = get_addresses($email);
- return $config{libravatar_uri}.$email.($config{libravatar_uri_options}//'');
+ return $config{libravatar_uri}.uri_escape($email).($config{libravatar_uri_options}//'');
}
--- End Message ---