Skip to content

fix: don't quote an already quoted url field #433

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
zealws merged 1 commit into from
Sep 17, 2025
Merged

fix: don't quote an already quoted url field #433

zealws merged 1 commit into from
Sep 17, 2025

Conversation

@zealws
Copy link
Contributor

@zealws zealws commented Sep 16, 2025

At present, CST doesn't connect to UTA databases correctly if the password has special characters.

The database URL includes a password field, which is already embedded within a valid URL. The value was url quoted when the URL was generated, so it doesn't need to be quoted a second time when the URL is consumed by the UTA database code.

I tested this using a password local@$%dev and it attempted to authenticate with the password local%40%24%25dev. After this PR, it correctly uses the single-unquoted value.

@zealws zealws self-assigned this Sep 16, 2025
@zealws zealws added bug Something isn't working priority:medium Medium priority labels Sep 16, 2025
jsstevenson
jsstevenson approved these changes Sep 16, 2025
View reviewed changes
Copy link
Member

@jsstevenson jsstevenson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this is fine. Having taken another look, I am maybe a little confused as to when the first quoting happens, but I don't think this class needs to be in the business of quoting the connection string anyway

@zealws
Copy link
Contributor Author

zealws commented Sep 16, 2025

I am maybe a little confused as to when the first quoting happens

It's where the URL is generated, prior to being set in the environment (outside of CST).

Consider a password that has :. If you embed that (without quoting) into a URL, it is no longer a valid URL. So if a consumer wants to use a password with : in it, they will have to quote it in order to generate a valid URL.

From CST's point of view, it received a fully-formed URL. It is safe to assume that the password field was already quoted if it needed to be. If it wasn't quoted but it should have been, then the URL is invalid and CST should just return an error (which it will do when it parses the URL).

@korikuzma korikuzma changed the title bug: don't quote an already quoted url field fix: don't quote an already quoted url field Sep 17, 2025
@zealws zealws merged commit 7f322c1 into main Sep 17, 2025
18 checks passed
@zealws zealws deleted the no-urlquote branch September 17, 2025 17:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jsstevenson jsstevenson jsstevenson approved these changes

@korikuzma korikuzma korikuzma approved these changes

Assignees

@zealws zealws

Labels

bug Something isn't working priority:medium Medium priority

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@zealws @jsstevenson @korikuzma