Ticket #288 (closed defect: worksforme)

Opened 7 years ago

Last modified 7 years ago

Poorly implemented UrlDecode

Reported by: göran karlsson <krazz@…> Owned by:
Priority: major Milestone:
Component: Telldus Live! Version:
Keywords: Cc:
Blocked By: Blocking:
Platform: Other Sensitive: no
Verified by Telldus: no



I'm programming in C# and have encountered a problem with the Live API.

I have been spending a few hours on trying to get the extras parameter to work when calling clients/list (clients/list?extras=coordinate,timezone,tzoffset).

The reason why I didn't get it to work turns out to be a poorly implemented UrlDecode on the server end.

See this link for an explanation.

Best regards,
Göran Karlsson

Change History

comment:1 Changed 7 years ago by micke prag <micke.prag@…>

Could you please provide an example that doesn't work?

comment:2 Changed 7 years ago by micke prag <micke.prag@…>

  • Status changed from new to closed
  • Resolution set to cannotreproduce

comment:3 Changed 7 years ago by göran karlsson <krazz@…>

What type of example would you like?

In C# I URL Encode (using the command HttpUtility.UrlEncode  http://msdn.microsoft.com/en-us/library/4fkewx0t.aspx) the part after the equal sign in a string, "clients/list?extras=coordinate,timezone,tzoffset".
After the encoding this string lookt like this:

Notice how the commas has been replaced by "%2c".

Your server responds with an unauthorized request. The reason for this response is because your server tries to URL Decode the string but doesn't recognize "%2c". Since the decoder doesn't recognize "%2c" the server fails the request.

I have then realized that if I do a case conversion on the "%2c"-instances, the server accepts the request.
The URL Encode RFCs say that you can use upper or lower case for escaped characters in the URL. Your server code doesn't follow these rules.

To get my code working I have now implemented a loop that converts all excapes into upper case.

To summarize:
"clients/list?extras=coordinate%2ctimezone%2ctzoffset" doesn't work.
"clients/list?extras=coordinate%2Ctimezone%2Ctzoffset" does work.

comment:4 Changed 7 years ago by göran karlsson <krazz@…>

  • Status changed from closed to reopened
  • Resolution cannotreproduce deleted

comment:5 Changed 7 years ago by micke prag <micke.prag@…>

  • Type changed from task to defect

We have verified that the server decodes both %2c and %2C correctly. Since you get the unauthorized request error I mistake the error is elsewhere.

This error is thrown when the signature doesn't match. Could it be that your library signs the message before doing the url-encode?

comment:6 Changed 7 years ago by stefan persson <stefan.persson@…>

  • Status changed from reopened to closed
  • Resolution set to worksforme
Note: See TracTickets for help on using tickets.