Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Querying the API using http with escaped characters doesn't work properly #88

Open
carbonin opened this issue Sep 6, 2016 · 6 comments
Open

Querying the API using http with escaped characters doesn't work properly #88

carbonin opened this issue Sep 6, 2016 · 6 comments
Labels
bug help wanted

Comments

@carbonin
Copy link
Member

carbonin commented Sep 6, 2016

It looks like the redirect from http to https is re-escaping any % characters in the URL string, even if they have been escaped previously.

For example:

Entering http://<host>/api/vms?expand=resources&filter[]=id=1 redirects to https://<host>/api/vms?expand=resources&filter%5b%5d=id=1 and prints the json response for the one vm as expected.

Entering http://<host>/api/vms?expand=resources&filter%5b%5d=id=1 (redirect url with the "s" removed) redirects to https://<host>/api/vms?expand=resources&filter%255b%255d=id=1 which is not a valid filter and which gives me the json for all of the vms.

As 0x25 is the ascii hex for the % symbol, it looks like the symbols are getting re-escaped during the redirect. I'm thinking this has something to do with our rewrite rule here https://github.com/ManageIQ/manageiq-appliance/blob/master/COPY/etc/httpd/conf.d/manageiq-http.conf#L10-L13

/cc @abellotti
@Fryguy Fryguy mentioned this issue Sep 9, 2016
Closed
@miq-bot miq-bot added the stale label Dec 11, 2017
@miq-bot
Copy link
Member

miq-bot commented Dec 11, 2017

This issue has been automatically marked as stale because it has not been updated for at least 6 months.

If you can still reproduce this issue on the current release or on master, please reply with all of the information you have about it in order to keep the issue open.

Thank you for all your contributions!

@JPrause
Copy link
Member

JPrause commented Jan 30, 2019

@carbonin is this still a valid issue? If yes, please remove the stale label. If not can you close.
If there's no update by next week, I'll be closing this issue.

@carbonin carbonin removed the stale label Jan 30, 2019
@carbonin
Copy link
Member Author

Yeah, still a valid issue. Just reproduced it.

[root@localhost vmdb]# curl -k "http://admin:smartvm@localhost/api/vms?expand=resources&filter%5b%5d=id=1"
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="https://localhost/api/vms?expand=resources&amp;filter%255b%255d=id=1">here</a>.</p>
</body></html>

@miq-bot miq-bot added the stale label Aug 5, 2019
@miq-bot
Copy link
Member

miq-bot commented Aug 5, 2019

This issue has been automatically marked as stale because it has not been updated for at least 6 months.

If you can still reproduce this issue on the current release or on master, please reply with all of the information you have about it in order to keep the issue open.

Thank you for all your contributions!

@mfeifer
Copy link
Contributor

mfeifer commented Jan 30, 2020

@carbonin is this still an issue?

@carbonin
Copy link
Member Author

Yup, still there:

[root@localhost vmdb]# curl -k "http://admin:smartvm@localhost/api/vms?expand=resources&filter%5b%5d=id=1"
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="https://localhost/api/vms?expand=resources&amp;filter%255b%255d=id=1">here</a>.</p>
</body></html>

@carbonin carbonin removed the stale label Jan 30, 2020
@mfeifer mfeifer added the pinned label Jan 30, 2020
@chessbyte chessbyte removed the pinned label Aug 31, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug help wanted
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@chessbyte @mfeifer @miq-bot @JPrause @carbonin