2011-09-30 10:53:18 |
Stuart Langridge |
bug |
|
|
added bug |
2011-09-30 10:55:49 |
John Lenton |
bug task added |
|
libubuntuone (Ubuntu) |
|
2011-09-30 10:56:37 |
Launchpad Janitor |
branch linked |
|
lp:~chipaca/libubuntuone/fix-863176 |
|
2011-09-30 11:04:35 |
Stuart Langridge |
description |
From http://bazaar.launchpad.net/~ubuntuone-control-tower/libubuntuone/trunk/view/head:/libubuntuone/u1-music-store.c#L1426
u1_music_store_load_store_link (U1MusicStore *music_store, const gchar *url)
{
gchar *real_url, *oauth_consumer_token, *oauth_consumer_secret, *oauth_token, *oauth_token_secret;
g_return_if_fail (U1_IS_MUSIC_STORE (music_store));
g_return_if_fail (url != NULL);
/* If the load_real_store callback is set up, disable it first */
if (music_store->priv->idle_cb > 0) {
g_source_remove (music_store->priv->idle_cb);
music_store->priv->idle_cb = 0;
}
real_url = g_strdup_printf ("%s%s?forward_on_to_url=%s",
music_store->priv->base_url,
U1_STORE_URL,
url);
This isn't escaping the forward_on_to_url. What this means is this:
music_store->priv->base_url = https://one.ubuntu.com/
U1_STORE_URL = /music/login
url = http://7dserver/path?q1=a&q2=b
will give the URL
https://one.ubuntu.com/music/login?forward_on_to_url=http://7dserver/path?q1=a&q2=b
which is wrong, because the parameter q2=b is a parameter of the one.ubuntu.com URL, not of the 7dserver URL. The forward_on_to_url needs to be escaped to http%3A//7dserver/path%3Fq1%3Da%26q2%3Db before it is oauth-signed. |
From http://bazaar.launchpad.net/~ubuntuone-control-tower/libubuntuone/trunk/view/head:/libubuntuone/u1-music-store.c#L1426
u1_music_store_load_store_link (U1MusicStore *music_store, const gchar *url)
{
gchar *real_url, *oauth_consumer_token, *oauth_consumer_secret, *oauth_token, *oauth_token_secret;
g_return_if_fail (U1_IS_MUSIC_STORE (music_store));
g_return_if_fail (url != NULL);
/* If the load_real_store callback is set up, disable it first */
if (music_store->priv->idle_cb > 0) {
g_source_remove (music_store->priv->idle_cb);
music_store->priv->idle_cb = 0;
}
real_url = g_strdup_printf ("%s%s?forward_on_to_url=%s",
music_store->priv->base_url,
U1_STORE_URL,
url);
This isn't escaping the forward_on_to_url. What this means is this:
music_store->priv->base_url = https://one.ubuntu.com/
U1_STORE_URL = /music/login
url = http://7dserver/path?q1=a&q2=b
will give the URL
https://one.ubuntu.com/music/login?forward_on_to_url=http://7dserver/path?q1=a&q2=b
which is wrong, because the parameter q2=b is a parameter of the one.ubuntu.com URL, not of the 7dserver URL. The forward_on_to_url needs to be escaped to http%3A//7dserver/path%3Fq1%3Da%26q2%3Db before it is oauth-signed.
To replicate:
1. Run Banshee
2. xdg-open 'u1ms://stores.7digital.com/corporate_2/stores/productDetail.aspx?shop=496&partner=983&pid=595524&sid=17861804'
3. See a "My Music" green non-U1 store error page
What should happen:
3. See an Ubuntu One album page |
|
2011-09-30 11:08:23 |
Stuart Langridge |
description |
From http://bazaar.launchpad.net/~ubuntuone-control-tower/libubuntuone/trunk/view/head:/libubuntuone/u1-music-store.c#L1426
u1_music_store_load_store_link (U1MusicStore *music_store, const gchar *url)
{
gchar *real_url, *oauth_consumer_token, *oauth_consumer_secret, *oauth_token, *oauth_token_secret;
g_return_if_fail (U1_IS_MUSIC_STORE (music_store));
g_return_if_fail (url != NULL);
/* If the load_real_store callback is set up, disable it first */
if (music_store->priv->idle_cb > 0) {
g_source_remove (music_store->priv->idle_cb);
music_store->priv->idle_cb = 0;
}
real_url = g_strdup_printf ("%s%s?forward_on_to_url=%s",
music_store->priv->base_url,
U1_STORE_URL,
url);
This isn't escaping the forward_on_to_url. What this means is this:
music_store->priv->base_url = https://one.ubuntu.com/
U1_STORE_URL = /music/login
url = http://7dserver/path?q1=a&q2=b
will give the URL
https://one.ubuntu.com/music/login?forward_on_to_url=http://7dserver/path?q1=a&q2=b
which is wrong, because the parameter q2=b is a parameter of the one.ubuntu.com URL, not of the 7dserver URL. The forward_on_to_url needs to be escaped to http%3A//7dserver/path%3Fq1%3Da%26q2%3Db before it is oauth-signed.
To replicate:
1. Run Banshee
2. xdg-open 'u1ms://stores.7digital.com/corporate_2/stores/productDetail.aspx?shop=496&partner=983&pid=595524&sid=17861804'
3. See a "My Music" green non-U1 store error page
What should happen:
3. See an Ubuntu One album page |
From http://bazaar.launchpad.net/~ubuntuone-control-tower/libubuntuone/trunk/view/head:/libubuntuone/u1-music-store.c#L1426
u1_music_store_load_store_link (U1MusicStore *music_store, const gchar *url)
{
gchar *real_url, *oauth_consumer_token, *oauth_consumer_secret, *oauth_token, *oauth_token_secret;
g_return_if_fail (U1_IS_MUSIC_STORE (music_store));
g_return_if_fail (url != NULL);
/* If the load_real_store callback is set up, disable it first */
if (music_store->priv->idle_cb > 0) {
g_source_remove (music_store->priv->idle_cb);
music_store->priv->idle_cb = 0;
}
real_url = g_strdup_printf ("%s%s?forward_on_to_url=%s",
music_store->priv->base_url,
U1_STORE_URL,
url);
This isn't escaping the forward_on_to_url. What this means is this:
music_store->priv->base_url = https://one.ubuntu.com/
U1_STORE_URL = /music/login
url = http://7dserver/path?q1=a&q2=b
will give the URL
https://one.ubuntu.com/music/login?forward_on_to_url=http://7dserver/path?q1=a&q2=b
which is wrong, because the parameter q2=b is a parameter of the one.ubuntu.com URL, not of the 7dserver URL. The forward_on_to_url needs to be escaped to http%3A//7dserver/path%3Fq1%3Da%26q2%3Db before it is oauth-signed.
To replicate:
1. Run Banshee
2. xdg-open 'u1ms://stores.7digital.com/corporate_2/stores/productDetail.aspx?shop=496&partner=983&pid=595524&sid=17861804'
3. See a "My Music" green non-U1 store error page
What should happen:
3. See an Ubuntu One Music album page (if in the WORLD store territory) or an Ubuntu One Music error page (if not) |
|
2011-09-30 11:15:26 |
Launchpad Janitor |
branch linked |
|
lp:~chipaca/ubuntu/oneiric/libubuntuone/fix-863176 |
|
2011-09-30 12:57:56 |
dobey |
nominated for series |
|
libubuntuone/stable-0-10 |
|
2011-09-30 12:57:56 |
dobey |
bug task added |
|
libubuntuone/stable-0-10 |
|
2011-09-30 12:57:56 |
dobey |
nominated for series |
|
libubuntuone/stable-0-4 |
|
2011-09-30 12:57:56 |
dobey |
bug task added |
|
libubuntuone/stable-0-4 |
|
2011-09-30 12:57:56 |
dobey |
nominated for series |
|
libubuntuone/trunk |
|
2011-09-30 12:57:56 |
dobey |
bug task added |
|
libubuntuone/trunk |
|
2011-09-30 12:59:42 |
dobey |
nominated for series |
|
Ubuntu Maverick |
|
2011-09-30 12:59:42 |
dobey |
nominated for series |
|
Ubuntu Natty |
|
2011-09-30 12:59:42 |
dobey |
nominated for series |
|
Ubuntu Oneiric |
|
2011-09-30 13:00:22 |
dobey |
tags |
|
u1-maverick-sru u1-natty-sru |
|
2011-09-30 13:00:52 |
dobey |
libubuntuone/trunk: importance |
Undecided |
High |
|
2011-09-30 13:00:52 |
dobey |
libubuntuone/trunk: status |
New |
In Progress |
|
2011-09-30 13:00:52 |
dobey |
libubuntuone/trunk: assignee |
|
John Lenton (chipaca) |
|
2011-09-30 13:01:47 |
Launchpad Janitor |
libubuntuone (Ubuntu): status |
New |
Confirmed |
|
2011-09-30 14:10:42 |
Ubuntu One Auto Pilot |
libubuntuone/trunk: status |
In Progress |
Fix Committed |
|
2011-09-30 14:15:18 |
dobey |
description |
From http://bazaar.launchpad.net/~ubuntuone-control-tower/libubuntuone/trunk/view/head:/libubuntuone/u1-music-store.c#L1426
u1_music_store_load_store_link (U1MusicStore *music_store, const gchar *url)
{
gchar *real_url, *oauth_consumer_token, *oauth_consumer_secret, *oauth_token, *oauth_token_secret;
g_return_if_fail (U1_IS_MUSIC_STORE (music_store));
g_return_if_fail (url != NULL);
/* If the load_real_store callback is set up, disable it first */
if (music_store->priv->idle_cb > 0) {
g_source_remove (music_store->priv->idle_cb);
music_store->priv->idle_cb = 0;
}
real_url = g_strdup_printf ("%s%s?forward_on_to_url=%s",
music_store->priv->base_url,
U1_STORE_URL,
url);
This isn't escaping the forward_on_to_url. What this means is this:
music_store->priv->base_url = https://one.ubuntu.com/
U1_STORE_URL = /music/login
url = http://7dserver/path?q1=a&q2=b
will give the URL
https://one.ubuntu.com/music/login?forward_on_to_url=http://7dserver/path?q1=a&q2=b
which is wrong, because the parameter q2=b is a parameter of the one.ubuntu.com URL, not of the 7dserver URL. The forward_on_to_url needs to be escaped to http%3A//7dserver/path%3Fq1%3Da%26q2%3Db before it is oauth-signed.
To replicate:
1. Run Banshee
2. xdg-open 'u1ms://stores.7digital.com/corporate_2/stores/productDetail.aspx?shop=496&partner=983&pid=595524&sid=17861804'
3. See a "My Music" green non-U1 store error page
What should happen:
3. See an Ubuntu One Music album page (if in the WORLD store territory) or an Ubuntu One Music error page (if not) |
From http://bazaar.launchpad.net/~ubuntuone-control-tower/libubuntuone/trunk/view/head:/libubuntuone/u1-music-store.c#L1426
u1_music_store_load_store_link (U1MusicStore *music_store, const gchar *url)
{
gchar *real_url, *oauth_consumer_token, *oauth_consumer_secret, *oauth_token, *oauth_token_secret;
g_return_if_fail (U1_IS_MUSIC_STORE (music_store));
g_return_if_fail (url != NULL);
/* If the load_real_store callback is set up, disable it first */
if (music_store->priv->idle_cb > 0) {
g_source_remove (music_store->priv->idle_cb);
music_store->priv->idle_cb = 0;
}
real_url = g_strdup_printf ("%s%s?forward_on_to_url=%s",
music_store->priv->base_url,
U1_STORE_URL,
url);
This isn't escaping the forward_on_to_url. What this means is this:
music_store->priv->base_url = https://one.ubuntu.com/
U1_STORE_URL = /music/login
url = http://7dserver/path?q1=a&q2=b
will give the URL
https://one.ubuntu.com/music/login?forward_on_to_url=http://7dserver/path?q1=a&q2=b
which is wrong, because the parameter q2=b is a parameter of the one.ubuntu.com URL, not of the 7dserver URL. The forward_on_to_url needs to be escaped to http%3A//7dserver/path%3Fq1%3Da%26q2%3Db before it is oauth-signed.
To replicate:
1. Run Banshee
2. xdg-open 'u1ms://stores.7digital.com/stores/corporate_2/productDetail.aspx?shop=496&partner=983&pid=595524&sid=17861804'
3. See a "My Music" green non-U1 store error page
What should happen:
3. See an Ubuntu One Music album page (if in the WORLD store territory) or an Ubuntu One Music error page (if not) |
|
2011-09-30 19:26:16 |
Sebastien Bacher |
bug task added |
|
libubuntuone (Ubuntu Oneiric) |
|
2011-09-30 19:26:23 |
Sebastien Bacher |
libubuntuone (Ubuntu Oneiric): status |
Confirmed |
Fix Committed |
|
2011-09-30 19:26:26 |
Sebastien Bacher |
libubuntuone (Ubuntu Oneiric): importance |
Undecided |
High |
|
2011-09-30 20:08:44 |
Martin Pitt |
bug task added |
|
libubuntuone (Ubuntu Natty) |
|
2011-09-30 20:08:53 |
Martin Pitt |
bug task added |
|
libubuntuone (Ubuntu Maverick) |
|
2011-09-30 20:09:00 |
Launchpad Janitor |
libubuntuone (Ubuntu Oneiric): status |
Fix Committed |
Fix Released |
|
2011-09-30 21:08:22 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/libubuntuone |
|
2011-12-20 23:47:22 |
dobey |
nominated for series |
|
libubuntuone/stable-0-12 |
|
2011-12-20 23:47:22 |
dobey |
bug task added |
|
libubuntuone/stable-0-12 |
|
2011-12-20 23:47:22 |
dobey |
nominated for series |
|
libubuntuone/stable-3-0 |
|
2011-12-20 23:47:22 |
dobey |
bug task added |
|
libubuntuone/stable-3-0 |
|
2011-12-20 23:48:41 |
dobey |
libubuntuone/stable-3-0: importance |
Undecided |
High |
|
2011-12-20 23:48:41 |
dobey |
libubuntuone/stable-3-0: status |
New |
Fix Committed |
|
2011-12-20 23:48:41 |
dobey |
libubuntuone/stable-3-0: milestone |
|
2.99.0 |
|
2011-12-20 23:48:41 |
dobey |
libubuntuone/stable-3-0: assignee |
|
John Lenton (chipaca) |
|
2011-12-21 21:24:47 |
dobey |
libubuntuone/trunk: status |
Fix Committed |
Fix Released |
|
2011-12-21 21:24:59 |
dobey |
libubuntuone/stable-3-0: status |
Fix Committed |
Fix Released |
|
2013-05-17 08:13:18 |
Adolfo Jayme Barrientos |
bug task deleted |
libubuntuone (Ubuntu Maverick) |
|
|
2013-05-17 08:13:42 |
Adolfo Jayme Barrientos |
bug task deleted |
libubuntuone (Ubuntu Natty) |
|
|