_parse_rfc1738_args removes '+' symbol from password
AFAIK, '+' symbol only needs to be unquoted to separate form values from URL. But why function _parse_rfc1738_args in sqlalchemy/lib/sqlalchemy/engine/url.py uses unquote_plus on password!? This is wrong, I think.
Following lines of code are replacing '+' symbol in password with space causing database connection to eventually fail.
if components'password' is not None: components'password' = \ util.unquote_plus(components'password')
Comments (6)
-
repo owner -
repo owner screwed up again:
The user name (and password), if present, are followed by a commercial at-sign "@". Within the user and password field, any ":", "@", or "/" must be encoded.
-
repo owner adjusted in 6029496bd3fb78caeab349ef8df5b58f. I'm still not clear on the parsing side, do we unconditonally deencode any
%XX
symbol? I'd assume so, that's what it's doing.Will send a new tweet but if folks can tell me this is right finally, that would help.
-
repo owner - changed status to resolved
-
repo owner - removed milestone
Removing milestone: 0.9.0 (automated comment)
-
repo owner Issue
#3077was marked as a duplicate of this issue. - Log in to comment
I've no idea why this has never been pointed out before and the RFC is pretty unambiguous about it. Fortunately you posted this before 0.9 final was released so we have a chance to update this, changed in 2800e34710672b408fa4a7bdd. For prior versions you can of course go with a URL-encoded plus sign.