From 6c06db776d295e9fdffb7f2f05c34c915fe466e9 Mon Sep 17 00:00:00 2001 From: Mitchell Hashimoto Date: Mon, 6 Jul 2015 16:26:06 -0600 Subject: [PATCH] core: test for URI escaping --- lib/vagrant/util/downloader.rb | 2 +- test/unit/vagrant/util/downloader_test.rb | 21 +++++++++++++++++++++ 2 files changed, 22 insertions(+), 1 deletion(-) diff --git a/lib/vagrant/util/downloader.rb b/lib/vagrant/util/downloader.rb index e03869351..a3ee5459e 100644 --- a/lib/vagrant/util/downloader.rb +++ b/lib/vagrant/util/downloader.rb @@ -27,7 +27,7 @@ module Vagrant @destination = destination.to_s begin - url = URI.parse(URI.escape(@source)) + url = URI.parse(@source) if url.scheme && url.scheme.start_with?("http") && url.user auth = "#{URI.unescape(url.user)}" auth += ":#{URI.unescape(url.password)}" if url.password diff --git a/test/unit/vagrant/util/downloader_test.rb b/test/unit/vagrant/util/downloader_test.rb index 68f7378b9..f89c6cbe9 100644 --- a/test/unit/vagrant/util/downloader_test.rb +++ b/test/unit/vagrant/util/downloader_test.rb @@ -72,6 +72,27 @@ describe Vagrant::Util::Downloader do expect(subject.download!).to be_true end end + + context "with an urlescaped username and password" do + it "downloads the file with unescaped credentials" do + original_source = source + source = "http://fo%5Eo:b%40r@baz.com/box.box" + subject = described_class.new(source, destination) + + i = curl_options.index(original_source) + curl_options[i] = "http://baz.com/box.box" + + i = curl_options.index("--output") + curl_options.insert(i, "fo^o:b@r") + curl_options.insert(i, "-u") + + expect(Vagrant::Util::Subprocess).to receive(:execute). + with("curl", *curl_options). + and_return(subprocess_result) + + expect(subject.download!).to be_true + end + end end describe "#head" do