Bug 206990

Summary: "My bugs" query doesn't work when the user name has a plus ('+') sign.
Product: [Community] Bugzilla Reporter: Håvard Wigtil <havardw>
Component: Bugzilla GeneralAssignee: Bernd Groh <bgroh>
Status: CLOSED CURRENTRELEASE QA Contact: David Lawrence <dkl>
Severity: medium Docs Contact:
Priority: medium    
Version: 2.18CC: ebaak
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: 2.18 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-09-18 19:18:16 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Håvard Wigtil 2006-09-18 17:07:37 UTC 
The user name in the "My bugs" query isn't escaped, so with my user name
(havardw+bugzilla) I get the message "no user havardw bugzilla"
(note the space in the user name!) when I run the query.

The + is not escaped in the URL, it reads
https://bugzilla.redhat.com/bugzilla/buglist.cgi?bug_status=NEW&bug_status=VERIFIED&bug_status=ASSIGNED&bug_status=REOPENED&bug_status=NEEDINFO&bug_status=MODIFIED&bug_status=ON_DEV&bug_status=QA_READY&bug_status=ON_QA&bug_status=FAILS_QA&bug_status=NEEDINFO_REPORTER&bug_status=RELEASE_PENDING&bug_status=POST&email1=havardw+bugzilla%40pvv.org&emailtype1=exact&emailassigned_to1=1&emailreporter1=1&emailcc1=1
when it should be 
https://bugzilla.redhat.com/bugzilla/buglist.cgi?bug_status=NEW&bug_status=VERIFIED&bug_status=ASSIGNED&bug_status=REOPENED&bug_status=NEEDINFO&bug_status=MODIFIED&bug_status=ON_DEV&bug_status=QA_READY&bug_status=ON_QA&bug_status=FAILS_QA&bug_status=NEEDINFO_REPORTER&bug_status=RELEASE_PENDING&bug_status=POST&email1=havardw%2bbugzilla%40pvv.org&emailtype1=exact&emailassigned_to1=1&emailreporter1=1&emailcc1=1

Mozilla Bugzilla (version 2.20+) does not have this problem. See bug 164938 for
a related bug.
Comment 1 David Lawrence 2006-09-18 19:18:16 UTC 
Problem is that the username is filtered in the template through the url_quote()
subroutine before being inserted in the URL. The code looks like this for
upstream Bugzilla's CVS tip:

sub url_decode {
    my ($todecode) = (@_);
    $todecode =~ tr/+/ /;       # pluses become spaces
    $todecode =~ s/%([0-9a-fA-F]{2})/pack("c",hex($1))/ge;
    return $todecode;
}

So I find it difficult to believe that this problem does not also occur on
version 2.20+. Our version of url_quote() is different since we are using an
older version (2.18) and plus I think RH has made some of it's own changes.

# This orignally came from CGI.pm, by Lincoln D. Stein
sub url_quote {
    my ($toencode) = (@_);
    $toencode =~ s/([^a-zA-Z0-9_\-.%;&?\/\\:\+=~-])/uc sprintf("%%%02x",ord($1))/eg;
    return $toencode;
}

I am going to remove our exclusion of the + symbol and see what negative side
effects occur if any. It may have been put there for a reason some time ago but
I am not aware of why. Please reopn if this does not fix for you.

Dave
Comment 2 Håvard Wigtil 2006-09-19 07:19:47 UTC 
Works for me now, thank you for the fix.