Bug#728034: Bugreport.pm: doesn't uri_encode email addresses before querying libravatar.cgi

Sun, 27 Oct 2013 12:07:09 -0700 

Package: bugs.debian.org
Severity: minor
Tags: patch

Dear Maintainer,

   * What led up to the situation?
   I registered two of my email addresses I used to submit bugs to debbug to
   libravatar.org, one of which containing a + sign.

   * What exactly did you do (or not do) that was effective (or
     ineffective)?
     I tried to visit the URL :
     http://bugs.debian.org/cgi-bin/libravatar.cgi?email=f+deb...@chezlefab.net
     it displayed the empty png avatar, as expected.

     I tried to visit the URL :
     
http://bugs.debian.org/cgi-bin/libravatar.cgi?email=f%2bdeb...@chezlefab.net
     it displayed my avatar, as expected.

     I visited one of my messages on the tracker that uses this address:
     http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=727680#5
     it didn't displayed my avatar, but it should have.

     I visited one of my messages on the tracker that uses the other address:
     http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=602463#5
     it did displayed my avatar, as expected.

Digging into the sources, it seemed to me that the email addresses were not
uri_encoded before being given as a parameter to libravatar.cgi

I believe the enclosed pbtch fixes this issue.

Best regards,

-- 
captnfab

-- System Information:
Debian Release: jessie/sid
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 
'oldstable-updates'), (500, 'oldstable-proposed-updates'), (500, 'unstable'), 
(500, 'testing'), (500, 'stable'), (500, 'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.11-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to fr_FR.UTF-8)
Shell: /bin/sh linked to /bin/dash

diff --git a/Debbugs/CGI/Bugreport.pm b/Debbugs/CGI/Bugreport.pm
index 2e53892..32820a8 100644
--- a/Debbugs/CGI/Bugreport.pm
+++ b/Debbugs/CGI/Bugreport.pm
@@ -41,6 +41,7 @@ use Debbugs::UTF8;
 use Debbugs::Config qw(:config);
 use POSIX qw(strftime);
 use Encode qw(decode_utf8 encode_utf8);
+use URI::Escape;
 
 BEGIN{
      ($VERSION) = q$Revision: 494 $ =~ /^Revision:\s+([^\s+])/;
@@ -452,7 +453,7 @@ sub __libravatar_url {
         return undef;
     }
     ($email) = get_addresses($email);
-    return $config{libravatar_uri}.$email.($config{libravatar_uri_options}//'');
+    return $config{libravatar_uri}.uri_escape($email).($config{libravatar_uri_options}//'');
 }

Reply via email to