Comment 0 for bug 863176

From http://bazaar.launchpad.net/~ubuntuone-control-tower/libubuntuone/trunk/view/head:/libubuntuone/u1-music-store.c#L1426

u1_music_store_load_store_link (U1MusicStore *music_store, const gchar *url)
{
 gchar *real_url, *oauth_consumer_token, *oauth_consumer_secret, *oauth_token, *oauth_token_secret;
 g_return_if_fail (U1_IS_MUSIC_STORE (music_store));
 g_return_if_fail (url != NULL);
 /* If the load_real_store callback is set up, disable it first */
 if (music_store->priv->idle_cb > 0) {
  g_source_remove (music_store->priv->idle_cb);
  music_store->priv->idle_cb = 0;
 }
 real_url = g_strdup_printf ("%s%s?forward_on_to_url=%s",
        music_store->priv->base_url,
        U1_STORE_URL,
        url);

This isn't escaping the forward_on_to_url. What this means is this:

music_store->priv->base_url = https://one.ubuntu.com/
U1_STORE_URL = /music/login
url = http://7dserver/path?q1=a&q2=b

will give the URL

https://one.ubuntu.com/music/login?forward_on_to_url=http://7dserver/path?q1=a&q2=b

which is wrong, because the parameter q2=b is a parameter of the one.ubuntu.com URL, not of the 7dserver URL. The forward_on_to_url needs to be escaped to http%3A//7dserver/path%3Fq1%3Da%26q2%3Db before it is oauth-signed.