TC does not decode FTP user/password from URL

Bug reports will be moved here when the described bug has been fixed

Moderators: white, Hacker, petermad, Stefan2

Post Reply
User avatar
Flint
Power Member
Power Member
Posts: 3487
Joined: 2003-10-27, 09:25 UTC
Location: Antalya, Turkey
Contact:

TC does not decode FTP user/password from URL

Post by *Flint »

1. Press Ctrl+N to initiate a new FTP connection.
2. Enter an FTP address with user and/or password specified directly in the URL, but replace one or more characters with their hex-code representation, like this:
ftp://te%73ter@192.168.0.1
(here the character "s" was replaced with "%73")
3. Set up a Wireshark or some similar tool on the client or the server to watch the real contents of the TCP/IP packets sent.
4. Press OK in the TC dialog.
5. TC sends the username/password exactly in the form they were given by the user (that is without decoding "%73" back into "s"), therefore the server would not accept it.

Some clarification.
According to rfc3986, the userinfo part (which contains username and password, though the latter is now considered deprecated) can be written using the hex-code representation (so-called "pct-encoded"). In particular, it has to be so to allow including special characters. For example, if the password contains a slash character (e.g. "pass/word"), it cannot be written directly, because the URL ftp://tester:pass/word@exacmple.com would mean that "tester:pass" is the host name. And if you replace the slash with its hex form, like in ftp://tester:pass%2Fword@exacmple.com, TC just sends the password exactly as "pass%2Fword", and it is not accepted by the server.
Flint's Homepage: Full TC Russification Package, VirtualDisk, NTFS Links, NoClose Replacer, and other stuff!
 
Using TC 10.52 / Win10 x64
User avatar
ghisler(Author)
Site Admin
Site Admin
Posts: 48021
Joined: 2003-02-04, 09:46 UTC
Location: Switzerland
Contact:

Post by *ghisler(Author) »

Sorry, TC saves the URLs without this encoding, and it also loads them without it. Changing it now would most certainly break many download files. Therefore I will not change it.
Author of Total Commander
https://www.ghisler.com
User avatar
Flint
Power Member
Power Member
Posts: 3487
Joined: 2003-10-27, 09:25 UTC
Location: Antalya, Turkey
Contact:

Post by *Flint »

ghisler(Author)
I don't tell anything about saving or loading. What my report is about is that TC should decode the username and password values when sending them via the USER and PASS commands during establishing FTP connection.

If you are afraid it would break existing connections for some users, you could make an option for it, disabled by default. Slash character in a password is not an imaginary situation, it was reported on one of the Russian forums.
Flint's Homepage: Full TC Russification Package, VirtualDisk, NTFS Links, NoClose Replacer, and other stuff!
 
Using TC 10.52 / Win10 x64
User avatar
ghisler(Author)
Site Admin
Site Admin
Posts: 48021
Joined: 2003-02-04, 09:46 UTC
Location: Switzerland
Contact:

Post by *ghisler(Author) »

What I wanted to say is that would probably break more than it would actually help. If users really want to use slashes in user names, they need to define an ftp connection in Ctrl+F instead of using an URL.
Author of Total Commander
https://www.ghisler.com
User avatar
Flint
Power Member
Power Member
Posts: 3487
Joined: 2003-10-27, 09:25 UTC
Location: Antalya, Turkey
Contact:

Post by *Flint »

ghisler(Author) wrote:What I wanted to say is that would probably break more than it would actually help.
That's why I suggested to make an option for those who know what they are doing. After all, RFC is not a document to discard so simply… IMHO, of course.
Flint's Homepage: Full TC Russification Package, VirtualDisk, NTFS Links, NoClose Replacer, and other stuff!
 
Using TC 10.52 / Win10 x64
User avatar
ghisler(Author)
Site Admin
Site Admin
Posts: 48021
Joined: 2003-02-04, 09:46 UTC
Location: Switzerland
Contact:

Post by *ghisler(Author) »

OK, I have added it now just for you, please test it!
DecodePercent=1
in wcx_ftp.ini.
Author of Total Commander
https://www.ghisler.com
User avatar
Flint
Power Member
Power Member
Posts: 3487
Joined: 2003-10-27, 09:25 UTC
Location: Antalya, Turkey
Contact:

Post by *Flint »

ghisler(Author)
Thanks! Quick test did not reveal any problems.
Flint's Homepage: Full TC Russification Package, VirtualDisk, NTFS Links, NoClose Replacer, and other stuff!
 
Using TC 10.52 / Win10 x64
User avatar
ghisler(Author)
Site Admin
Site Admin
Posts: 48021
Joined: 2003-02-04, 09:46 UTC
Location: Switzerland
Contact:

Post by *ghisler(Author) »

Thanks for trying it!
Author of Total Commander
https://www.ghisler.com
Post Reply