Issue 41040

Summary: FTP UCP: Prolems with bad data in URLs
Product: ucb Reporter: Stephan Bergmann <stephan.bergmann.secondary>
Component: codeAssignee: AOO issues mailing list <issues>
Status: ACCEPTED --- QA Contact:
Severity: Trivial    
Priority: P3 CC: issues
Version: 680m72   
Target Milestone: AOO PleaseHelp   
Hardware: All   
OS: All   
Issue Type: DEFECT Latest Confirmation in: ---
Developer Difficulty: ---

Description Stephan Bergmann 2005-01-20 15:45:22 UTC 
The FTP UCP does not detect and reject URLs that contain NULL
(U+0000), LF (U+000A), and CR (U+000D), either unescaped or escaped as %00, %0A,
%0D, etc.  When "ftp://host/path" is a working
URL, calling XContent.execute("getPropertyValues") to retrieve the "Size"
property on contents corresponding to the following URLs has the following
results (all string literals are in Java notation):

"ftp://host/path": success
"ftp://host/path\u0000foo": success (error: "\u0000foo" is silently dropped on
client side)
"ftp://host/path%00foo": success (error: "\u0000foo" is silently dropped on
client side)
"http://host/path\r\nfoo": success (error: garbage is sent from client to server)
"http://host/path%0D%0Afoo": com.sun.star.ucb.InteractiveAugmentedIOException ""
(error: garbage is sent from client to server)

On fixing the last three cases, see the thread at
<http://curl.haxx.se/mail/lib-2005-01/0172.html>.

Also, inspecting ucb/source/ucp/ftp/ftpurl.cxx 1.18, all code that use
curl_slist_append should ensure that it compose well-formed FTP commands (i.e.,
containing valid RFC 959 <string>s).
Comment 1 andreas.bille 2006-06-16 14:55:19 UTC 
accepted
Comment 2 andreas.bille 2007-04-03 15:52:14 UTC 
ABI->KSO: As discussed ...
Comment 3 kai.sommerfeld 2007-04-05 08:33:42 UTC 
.
Comment 4 kai.sommerfeld 2007-08-15 12:38:57 UTC 
KSO->TKR: Please take care of this issue.
Comment 5 tkr 2007-08-20 09:49:42 UTC 
.