diff options
| author | Robin Jarry <robin@jarry.cc> | 2023-10-11 15:52:29 +0200 |
|---|---|---|
| committer | Robin Jarry <robin@jarry.cc> | 2023-10-13 00:38:13 +0200 |
| commit | 00ded54adde070723c665a1c5a589c3ee080b001 (patch) | |
| tree | 83df42db2d40f31dec491b82aec5286691ac6ec1 | |
| parent | aa6df60483477b7519b3aeb81207cc1c6565fcf5 (diff) | |
| download | aerc-00ded54adde070723c665a1c5a589c3ee080b001.tar.gz aerc-00ded54adde070723c665a1c5a589c3ee080b001.zip | |
carddav-query: interpret percent escapes in source url
The username and password must be percent encoded if they are set in
carddav-source. Python's parser does not automatically unquote the
different URL elements.
Some carddav servers do not care about this but some do and report
authentication failures when the username is percent encoded.
Make sure to unquote the username and password after reading them from
carddav-source.
Reported-by: Callum Andrew <contact@candrew.net>
Signed-off-by: Robin Jarry <robin@jarry.cc>
Tested-by: Callum Andrew <contact@candrew.net>
| -rwxr-xr-x | contrib/carddav-query | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/contrib/carddav-query b/contrib/carddav-query index f7eaa793..58c5c9c6 100755 --- a/contrib/carddav-query +++ b/contrib/carddav-query @@ -243,10 +243,10 @@ def parse_args(): if source is not None: try: u = parse.urlparse(source) - if args.username is None: - args.username = u.username - if args.password is None: - args.password = u.password + if args.username is None and u.username is not None: + args.username = parse.unquote(u.username) + if args.password is None and u.password is not None: + args.password = parse.unquote(u.password) if not args.password and cred_cmd is not None: args.password = subprocess.check_output( cred_cmd, shell=True, text=True, encoding="utf-8" |