[PATCH] [Kimchi 0/1] Fix VNC 1006: urlencode path
From: Patrick Barrett <patrick@psbarrett.com> Currently kimchi directs you to `https://hera.lan:8001/plugins/kimchi/novnc/vnc_auto.html?port=8001&path=/websockify?token=[...]&encrypt=1` when you click on 'View Console`, however this is improperly encoded and Firefox guesses that the second `?` was meant to be an `&`. This means that `token` and `encrypt` are sent to the current page rather than being used for the websocket path. It seems that noVNC should "work" with this, but there's another bug (or kimchi is using path improperly, not sure, could be fixed in either AFAIK) in noVNC where it assumes path is relative and prepends a `/` to it, which then when it uses and anchor tag to reformat the URL (I think) in `WebUtil.injectParamIfMissing`. However when path already has a leading `/` it interprets "websockify" as the host (that is it becomes `//websockify/`) and the path becomes just `/?token=[...]`. That code path is only executed when token is part of the original URL, so this commit urlencodes the path to prevent the interpretation of the token in the original URL and use it only in path. This could also be fixed by changing the `?` to an `&` and removing the leading `/`. However, `encodeURIcomponent` should probably be used regardless since parts of path can come from a config file. **Caveats** This is **UNTESTED** because I don't know how to build it all and wanted to just get this since it's simple, but I have manually tested it with the URL I believe this should produce. I wasn't totally sure about the encrypt param because it was just another & param in the URL and there's nothing to indicate where if it's part of path or part of the page url. However, it doesn't seem to make a visible difference where it's put, or even if it is removed. (This would also make a difference to the alternate solution I suggested above.) Patrick Barrett (1): urlencode path ui/js/src/kimchi.api.js | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) -- 2.13.5
From: Patrick Barrett <patrick@psbarrett.com> --- ui/js/src/kimchi.api.js | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/ui/js/src/kimchi.api.js b/ui/js/src/kimchi.api.js index 0cacab3a..20a6544f 100644 --- a/ui/js/src/kimchi.api.js +++ b/ui/js/src/kimchi.api.js @@ -320,13 +320,15 @@ var kimchi = { type : "POST", dataType : "json" }).done(function() { + var path = server_root + "/websockify"; + path += "?token=" + wok.urlSafeB64Encode(vm+'-console').replace(/=*$/g, ""); + path += '&encrypt=1'; + url = 'https://' + location.hostname + ':' + proxy_port; url += server_root; url += "/plugins/kimchi/serial/html/serial.html"; url += "?port=" + proxy_port; - url += "&path=" + server_root + "/websockify"; - url += "?token=" + wok.urlSafeB64Encode(vm+'-console').replace(/=*$/g, ""); - url += '&encrypt=1'; + url += "&path=" + encodeURIComponent(path); window.open(url); }).error(function(data) { wok.message.error(data.responseJSON.reason); @@ -344,11 +346,7 @@ var kimchi = { type : "POST", dataType : "json" }).done(function() { - url = 'https://' + location.hostname + ':' + proxy_port; - url += server_root; - url += "/plugins/kimchi/novnc/vnc_auto.html"; - url += "?port=" + proxy_port; - url += "&path=" + server_root + "/websockify"; + var path = server_root + "/websockify"; /* * From python documentation base64.urlsafe_b64encode(s) * substitutes - instead of + and _ instead of / in the @@ -356,8 +354,14 @@ var kimchi = { * contain = which is not safe in a URL query component. * So remove it when needed as base64 can work well without it. * */ - url += "?token=" + wok.urlSafeB64Encode(vm).replace(/=*$/g, ""); - url += '&encrypt=1'; + path += "?token=" + wok.urlSafeB64Encode(vm).replace(/=*$/g, ""); + path += '&encrypt=1'; + + url = 'https://' + location.hostname + ':' + proxy_port; + url += server_root; + url += "/plugins/kimchi/novnc/vnc_auto.html"; + url += "?port=" + proxy_port; + url += "&path=" + encodeURIComponent(path); window.open(url); }); }, -- 2.13.5
Hi Patrick, Thanks for this patch! I could not reproduce the problem but I tested this patch and it does not break anything, ie, VNC continue working for me. Could you check it solves the issue? Regards, Aline Manera On 09/03/2017 11:44 AM, patrick@psbarrett.com wrote:
From: Patrick Barrett <patrick@psbarrett.com>
Currently kimchi directs you to `https://urldefense.proofpoint.com/v2/url?u=https-3A__hera.lan-3A8001_plugins_kimchi_novnc_vnc-5Fauto.html-3Fport-3D8001-26path-3D_websockify-3Ftoken-3D-5B...-5D-26encrypt-3D1&d=DwIBaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=IH2IbOioVtBemYyjWtO2FV71Y6c8-CWLHAPDI5dc2gs&m=55perbMCcacetij4ysJl2fw3_svtUDOuvY1ooDsEu94&s=VTJ3PxuzW_QFrrxibrpU87drdUNAlQrSbpwXNlXMsZ4&e= ` when you click on 'View Console`, however this is improperly encoded and Firefox guesses that the second `?` was meant to be an `&`. This means that `token` and `encrypt` are sent to the current page rather than being used for the websocket path.
It seems that noVNC should "work" with this, but there's another bug (or kimchi is using path improperly, not sure, could be fixed in either AFAIK) in noVNC where it assumes path is relative and prepends a `/` to it, which then when it uses and anchor tag to reformat the URL (I think) in `WebUtil.injectParamIfMissing`. However when path already has a leading `/` it interprets "websockify" as the host (that is it becomes `//websockify/`) and the path becomes just `/?token=[...]`.
That code path is only executed when token is part of the original URL, so this commit urlencodes the path to prevent the interpretation of the token in the original URL and use it only in path. This could also be fixed by changing the `?` to an `&` and removing the leading `/`. However, `encodeURIcomponent` should probably be used regardless since parts of path can come from a config file.
**Caveats**
This is **UNTESTED** because I don't know how to build it all and wanted to just get this since it's simple, but I have manually tested it with the URL I believe this should produce.
I wasn't totally sure about the encrypt param because it was just another & param in the URL and there's nothing to indicate where if it's part of path or part of the page url. However, it doesn't seem to make a visible difference where it's put, or even if it is removed. (This would also make a difference to the alternate solution I suggested above.)
Patrick Barrett (1): urlencode path
ui/js/src/kimchi.api.js | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-)
Ops... I haven't tested serial console before and with this patch it is broken. Analyzing the code and your detailed explanation, don't we just need to make the path relative instead of absolute? So instead referring to '/websockify' it would be 'websockify' On 09/11/2017 11:16 AM, Aline Manera wrote:
Hi Patrick,
Thanks for this patch!
I could not reproduce the problem but I tested this patch and it does not break anything, ie, VNC continue working for me.
Could you check it solves the issue?
Regards, Aline Manera
On 09/03/2017 11:44 AM, patrick@psbarrett.com wrote:
From: Patrick Barrett <patrick@psbarrett.com>
Currently kimchi directs you to `https://urldefense.proofpoint.com/v2/url?u=https-3A__hera.lan-3A8001_plugins_kimchi_novnc_vnc-5Fauto.html-3Fport-3D8001-26path-3D_websockify-3Ftoken-3D-5B...-5D-26encrypt-3D1&d=DwIBaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=IH2IbOioVtBemYyjWtO2FV71Y6c8-CWLHAPDI5dc2gs&m=55perbMCcacetij4ysJl2fw3_svtUDOuvY1ooDsEu94&s=VTJ3PxuzW_QFrrxibrpU87drdUNAlQrSbpwXNlXMsZ4&e= ` when you click on 'View Console`, however this is improperly encoded and Firefox guesses that the second `?` was meant to be an `&`. This means that `token` and `encrypt` are sent to the current page rather than being used for the websocket path.
It seems that noVNC should "work" with this, but there's another bug (or kimchi is using path improperly, not sure, could be fixed in either AFAIK) in noVNC where it assumes path is relative and prepends a `/` to it, which then when it uses and anchor tag to reformat the URL (I think) in `WebUtil.injectParamIfMissing`. However when path already has a leading `/` it interprets "websockify" as the host (that is it becomes `//websockify/`) and the path becomes just `/?token=[...]`.
That code path is only executed when token is part of the original URL, so this commit urlencodes the path to prevent the interpretation of the token in the original URL and use it only in path. This could also be fixed by changing the `?` to an `&` and removing the leading `/`. However, `encodeURIcomponent` should probably be used regardless since parts of path can come from a config file.
**Caveats**
This is **UNTESTED** because I don't know how to build it all and wanted to just get this since it's simple, but I have manually tested it with the URL I believe this should produce.
I wasn't totally sure about the encrypt param because it was just another & param in the URL and there's nothing to indicate where if it's part of path or part of the page url. However, it doesn't seem to make a visible difference where it's put, or even if it is removed. (This would also make a difference to the alternate solution I suggested above.)
Patrick Barrett (1): urlencode path
ui/js/src/kimchi.api.js | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-)
_______________________________________________ Kimchi-devel mailing list Kimchi-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/kimchi-devel
Yes, that would also fix it in this case, but as far as I can tell it would still be technically broken, there should not be a second '?' in the first page URL. I don't have access to test it while I'm at work, but AFAIK if you get rid of the slash and change the '?' to '&' it should also work and be properly formatted, I'm just not totally sure if it's semantically correct. -- Patrick Barrett patrick@psbarrett.com On Mon, Sep 11, 2017, at 09:42, Aline Manera wrote:
Ops... I haven't tested serial console before and with this patch it is broken.
Analyzing the code and your detailed explanation, don't we just need to make the path relative instead of absolute? So instead referring to '/websockify' it would be 'websockify'
On 09/11/2017 11:16 AM, Aline Manera wrote:
Hi Patrick,
Thanks for this patch!
I could not reproduce the problem but I tested this patch and it does not break anything, ie, VNC continue working for me.
Could you check it solves the issue?
Regards, Aline Manera
On 09/03/2017 11:44 AM, patrick@psbarrett.com wrote:
From: Patrick Barrett <patrick@psbarrett.com>
Currently kimchi directs you to `https://urldefense.proofpoint.com/v2/url?u=https-3A__hera.lan-3A8001_plugins_kimchi_novnc_vnc-5Fauto.html-3Fport-3D8001-26path-3D_websockify-3Ftoken-3D-5B...-5D-26encrypt-3D1&d=DwIBaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=IH2IbOioVtBemYyjWtO2FV71Y6c8-CWLHAPDI5dc2gs&m=55perbMCcacetij4ysJl2fw3_svtUDOuvY1ooDsEu94&s=VTJ3PxuzW_QFrrxibrpU87drdUNAlQrSbpwXNlXMsZ4&e= ` when you click on 'View Console`, however this is improperly encoded and Firefox guesses that the second `?` was meant to be an `&`. This means that `token` and `encrypt` are sent to the current page rather than being used for the websocket path.
It seems that noVNC should "work" with this, but there's another bug (or kimchi is using path improperly, not sure, could be fixed in either AFAIK) in noVNC where it assumes path is relative and prepends a `/` to it, which then when it uses and anchor tag to reformat the URL (I think) in `WebUtil.injectParamIfMissing`. However when path already has a leading `/` it interprets "websockify" as the host (that is it becomes `//websockify/`) and the path becomes just `/?token=[...]`.
That code path is only executed when token is part of the original URL, so this commit urlencodes the path to prevent the interpretation of the token in the original URL and use it only in path. This could also be fixed by changing the `?` to an `&` and removing the leading `/`. However, `encodeURIcomponent` should probably be used regardless since parts of path can come from a config file.
**Caveats**
This is **UNTESTED** because I don't know how to build it all and wanted to just get this since it's simple, but I have manually tested it with the URL I believe this should produce.
I wasn't totally sure about the encrypt param because it was just another & param in the URL and there's nothing to indicate where if it's part of path or part of the page url. However, it doesn't seem to make a visible difference where it's put, or even if it is removed. (This would also make a difference to the alternate solution I suggested above.)
Patrick Barrett (1): urlencode path
ui/js/src/kimchi.api.js | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-)
_______________________________________________ Kimchi-devel mailing list Kimchi-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/kimchi-devel
AFAIK, relative would be a better way to do things all around. I tried to address this earlier, but I think the way I went about it was less than ideal. I don't know much about encoding. In any case, relative urls and port numbers would work best, as even with a reverse proxy in front of kimchi, the browser will get the correct port. See: https://github.com/kimchi-project/kimchi/commit/b14fb611d3d79904694a14e67f28... On Mon, Sep 11, 2017 at 8:51 AM, Patrick Barrett <patrick@psbarrett.com> wrote:
Yes, that would also fix it in this case, but as far as I can tell it would still be technically broken, there should not be a second '?' in the first page URL. I don't have access to test it while I'm at work, but AFAIK if you get rid of the slash and change the '?' to '&' it should also work and be properly formatted, I'm just not totally sure if it's semantically correct.
-- Patrick Barrett patrick@psbarrett.com
On Mon, Sep 11, 2017, at 09:42, Aline Manera wrote:
Ops... I haven't tested serial console before and with this patch it is broken.
Analyzing the code and your detailed explanation, don't we just need to make the path relative instead of absolute? So instead referring to '/websockify' it would be 'websockify'
On 09/11/2017 11:16 AM, Aline Manera wrote:
Hi Patrick,
Thanks for this patch!
I could not reproduce the problem but I tested this patch and it does not break anything, ie, VNC continue working for me.
Could you check it solves the issue?
Regards, Aline Manera
On 09/03/2017 11:44 AM, patrick@psbarrett.com wrote:
From: Patrick Barrett <patrick@psbarrett.com>
Currently kimchi directs you to `https://urldefense.proofpoint.com/v2/url?u=https- 3A__hera.lan-3A8001_plugins_kimchi_novnc_vnc-5Fauto.html- 3Fport-3D8001-26path-3D_websockify-3Ftoken-3D-5B...- 5D-26encrypt-3D1&d=DwIBaQ&c=jf_iaSHvJObTbx-siA1ZOg&r= IH2IbOioVtBemYyjWtO2FV71Y6c8-CWLHAPDI5dc2gs&m=55perbMCcacetij4ysJl2fw3_ svtUDOuvY1ooDsEu94&s=VTJ3PxuzW_QFrrxibrpU87drdUNAlQrSbpwXNlXMsZ4&e= ` when you click on 'View Console`, however this is improperly encoded and Firefox guesses that the second `?` was meant to be an `&`. This means that `token` and `encrypt` are sent to the current page rather than being used for the websocket path.
It seems that noVNC should "work" with this, but there's another bug (or kimchi is using path improperly, not sure, could be fixed in either AFAIK) in noVNC where it assumes path is relative and prepends a `/` to it, which then when it uses and anchor tag to reformat the URL (I think) in `WebUtil.injectParamIfMissing`. However when path already has a leading `/` it interprets "websockify" as the host (that is it becomes `//websockify/`) and the path becomes just `/?token=[...]`.
That code path is only executed when token is part of the original URL, so this commit urlencodes the path to prevent the interpretation of the token in the original URL and use it only in path. This could also be fixed by changing the `?` to an `&` and removing the leading `/`. However, `encodeURIcomponent` should probably be used regardless since parts of path can come from a config file.
**Caveats**
This is **UNTESTED** because I don't know how to build it all and wanted to just get this since it's simple, but I have manually tested it with the URL I believe this should produce.
I wasn't totally sure about the encrypt param because it was just another & param in the URL and there's nothing to indicate where if it's part of path or part of the page url. However, it doesn't seem to make a visible difference where it's put, or even if it is removed. (This would also make a difference to the alternate solution I suggested above.)
Patrick Barrett (1): urlencode path
ui/js/src/kimchi.api.js | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-)
_______________________________________________ Kimchi-devel mailing list Kimchi-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/kimchi-devel
_______________________________________________ Kimchi-devel mailing list Kimchi-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/kimchi-devel
Hi Galen, I agree about relative URLs. I could try that and check it fixes the VNC problem but I can not reproduce the bug with upstream code. About your patch, please, go ahead and send it here. I'd be glad to merge it upstream. On Mon, Sep 11, 2017 at 12:09 PM, Galen Pospisil <galen.m.pospisil@gmail.com
wrote:
AFAIK, relative would be a better way to do things all around. I tried to address this earlier, but I think the way I went about it was less than ideal. I don't know much about encoding. In any case, relative urls and port numbers would work best, as even with a reverse proxy in front of kimchi, the browser will get the correct port.
See: https://github.com/kimchi-project/kimchi/commit/ b14fb611d3d79904694a14e67f28db8f9c8acf40
On Mon, Sep 11, 2017 at 8:51 AM, Patrick Barrett <patrick@psbarrett.com> wrote:
Yes, that would also fix it in this case, but as far as I can tell it would still be technically broken, there should not be a second '?' in the first page URL. I don't have access to test it while I'm at work, but AFAIK if you get rid of the slash and change the '?' to '&' it should also work and be properly formatted, I'm just not totally sure if it's semantically correct.
-- Patrick Barrett patrick@psbarrett.com
On Mon, Sep 11, 2017, at 09:42, Aline Manera wrote:
Ops... I haven't tested serial console before and with this patch it is broken.
Analyzing the code and your detailed explanation, don't we just need to make the path relative instead of absolute? So instead referring to '/websockify' it would be 'websockify'
On 09/11/2017 11:16 AM, Aline Manera wrote:
Hi Patrick,
Thanks for this patch!
I could not reproduce the problem but I tested this patch and it does not break anything, ie, VNC continue working for me.
Could you check it solves the issue?
Regards, Aline Manera
On 09/03/2017 11:44 AM, patrick@psbarrett.com wrote:
From: Patrick Barrett <patrick@psbarrett.com>
Currently kimchi directs you to `https://urldefense.proofpoint.com/v2/url?u=https-3A__hera. lan-3A8001_plugins_kimchi_novnc_vnc-5Fauto.html-3Fport- 3D8001-26path-3D_websockify-3Ftoken-3D-5B...-5D-26encrypt- 3D1&d=DwIBaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=IH2IbOioVtBemYyjWtO2 FV71Y6c8-CWLHAPDI5dc2gs&m=55perbMCcacetij4ysJl2fw3_svtUDOuvY 1ooDsEu94&s=VTJ3PxuzW_QFrrxibrpU87drdUNAlQrSbpwXNlXMsZ4&e= ` when you click on 'View Console`, however this is improperly encoded and Firefox guesses that the second `?` was meant to be an `&`. This means that `token` and `encrypt` are sent to the current page rather than being used for the websocket path.
It seems that noVNC should "work" with this, but there's another bug (or kimchi is using path improperly, not sure, could be fixed in either AFAIK) in noVNC where it assumes path is relative and prepends a `/` to it, which then when it uses and anchor tag to reformat the URL (I think) in `WebUtil.injectParamIfMissing`. However when path already has a leading `/` it interprets "websockify" as the host (that is it becomes `//websockify/`) and the path becomes just `/?token=[...]`.
That code path is only executed when token is part of the original URL, so this commit urlencodes the path to prevent the interpretation of the token in the original URL and use it only in path. This could also be fixed by changing the `?` to an `&` and removing the leading `/`. However, `encodeURIcomponent` should probably be used regardless since parts of path can come from a config file.
**Caveats**
This is **UNTESTED** because I don't know how to build it all and wanted to just get this since it's simple, but I have manually tested it with the URL I believe this should produce.
I wasn't totally sure about the encrypt param because it was just another & param in the URL and there's nothing to indicate where if it's part of path or part of the page url. However, it doesn't seem to make a visible difference where it's put, or even if it is removed. (This would also make a difference to the alternate solution I suggested above.)
Patrick Barrett (1): urlencode path
ui/js/src/kimchi.api.js | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-)
_______________________________________________ Kimchi-devel mailing list Kimchi-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/kimchi-devel
_______________________________________________ Kimchi-devel mailing list Kimchi-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/kimchi-devel
_______________________________________________ Kimchi-devel mailing list Kimchi-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/kimchi-devel
-- Aline Manera
Aline, I don't really have a patch I'm working on, I just was looking into the issue. The commit I sent earlier was an initial attempt to make the port number for vnc relative so that I could use haproxy in front of kimchi. To be honest, I don't know enough about url encodings to make a more general fix. Patrick, if you have any ideas, go for it! Galen On Mon, Sep 11, 2017 at 1:41 PM, aline.manera@gmail.com < aline.manera@gmail.com> wrote:
Hi Galen,
I agree about relative URLs. I could try that and check it fixes the VNC problem but I can not reproduce the bug with upstream code.
About your patch, please, go ahead and send it here. I'd be glad to merge it upstream.
On Mon, Sep 11, 2017 at 12:09 PM, Galen Pospisil < galen.m.pospisil@gmail.com> wrote:
AFAIK, relative would be a better way to do things all around. I tried to address this earlier, but I think the way I went about it was less than ideal. I don't know much about encoding. In any case, relative urls and port numbers would work best, as even with a reverse proxy in front of kimchi, the browser will get the correct port.
See: https://github.com/kimchi-project/kimchi/commit/b14fb611d3d7 9904694a14e67f28db8f9c8acf40
On Mon, Sep 11, 2017 at 8:51 AM, Patrick Barrett <patrick@psbarrett.com> wrote:
Yes, that would also fix it in this case, but as far as I can tell it would still be technically broken, there should not be a second '?' in the first page URL. I don't have access to test it while I'm at work, but AFAIK if you get rid of the slash and change the '?' to '&' it should also work and be properly formatted, I'm just not totally sure if it's semantically correct.
-- Patrick Barrett patrick@psbarrett.com
Ops... I haven't tested serial console before and with this patch it is broken.
Analyzing the code and your detailed explanation, don't we just need to make the path relative instead of absolute? So instead referring to '/websockify' it would be 'websockify'
On 09/11/2017 11:16 AM, Aline Manera wrote:
Hi Patrick,
Thanks for this patch!
I could not reproduce the problem but I tested this patch and it does not break anything, ie, VNC continue working for me.
Could you check it solves the issue?
Regards, Aline Manera
On 09/03/2017 11:44 AM, patrick@psbarrett.com wrote:
From: Patrick Barrett <patrick@psbarrett.com>
Currently kimchi directs you to `https://urldefense.proofpoint.com/v2/url?u=https-3A__hera.l an-3A8001_plugins_kimchi_novnc_vnc-5Fauto.html-3Fport-3D8001 -26path-3D_websockify-3Ftoken-3D-5B...-5D-26encrypt-3D1&d= DwIBaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=IH2IbOioVtBemYyjWtO2FV71Y6 c8-CWLHAPDI5dc2gs&m=55perbMCcacetij4ysJl2fw3_svtUDOuvY1ooDsE u94&s=VTJ3PxuzW_QFrrxibrpU87drdUNAlQrSbpwXNlXMsZ4&e= ` when you click on 'View Console`, however this is improperly encoded and Firefox guesses that the second `?` was meant to be an `&`. This means that `token` and `encrypt` are sent to the current page rather than being used for the websocket path.
It seems that noVNC should "work" with this, but there's another bug (or kimchi is using path improperly, not sure, could be fixed in either AFAIK) in noVNC where it assumes path is relative and
On Mon, Sep 11, 2017, at 09:42, Aline Manera wrote: prepends
a `/` to it, which then when it uses and anchor tag to reformat the URL (I think) in `WebUtil.injectParamIfMissing`. However when path already has a leading `/` it interprets "websockify" as the host (that is it becomes `//websockify/`) and the path becomes just `/?token=[...]`.
That code path is only executed when token is part of the original URL, so this commit urlencodes the path to prevent the interpretation of the token in the original URL and use it only in path. This could also be fixed by changing the `?` to an `&` and removing the leading `/`. However, `encodeURIcomponent` should probably be used regardless since parts of path can come from a config file.
**Caveats**
This is **UNTESTED** because I don't know how to build it all and wanted to just get this since it's simple, but I have manually tested it with the URL I believe this should produce.
I wasn't totally sure about the encrypt param because it was just another & param in the URL and there's nothing to indicate where if it's part of path or part of the page url. However, it doesn't seem to make a visible difference where it's put, or even if it is removed. (This would also make a difference to the alternate solution I suggested above.)
Patrick Barrett (1): urlencode path
ui/js/src/kimchi.api.js | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-)
_______________________________________________ Kimchi-devel mailing list Kimchi-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/kimchi-devel
_______________________________________________ Kimchi-devel mailing list Kimchi-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/kimchi-devel
_______________________________________________ Kimchi-devel mailing list Kimchi-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/kimchi-devel
-- Aline Manera
participants (5)
-
Aline Manera -
aline.manera@gmail.com -
Galen Pospisil -
Patrick Barrett -
patrick@psbarrett.com