mhoffrog commented on code in PR #237:
URL: https://github.com/apache/maven-scm/pull/237#discussion_r2022735211
##########
maven-scm-providers/maven-scm-providers-git/maven-scm-provider-git-commons/src/main/java/org/apache/maven/scm/provider/git/repository/GitScmProviderRepository.java:
##########
@@ -246,21 +259,11 @@ private String getUrl(RepositoryUrl repoUrl) {
}
if (userName != null && userName.length() > 0) {
- String userInfo = userName;
+ String userInfo = GitUtil.encodeURIComponent(userName);
if (password != null && password.length() > 0) {
- userInfo += ":" + password;
+ userInfo += ":" + GitUtil.encodeURIComponent(password);
Review Comment:
It is not an improvement - it is key to get the password URL encoded by a
unique method. The only change is that it is using the unique method
`GitUtil.encodeURIComponent(String)` for encoding now. The inconsistent
encoding before was the root cause of the vulnerability issue.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
