[Duplicity-talk] Fwd: [ ftplicity-Bugs-2920707 ] ftp passwords are not escaped, duplicity crashes

[edgar . soldin]

I forward this because he is totally right and this should also be fixed 
upstream.

What duply does from the next release (which is from today's xmas 
release ;) is to url encode separately given user/password params and 
hinting the user in the conf file that special chars have to be url 
encoded in the parts username, password, path of the url.

As duplicity can't possibly know if a user already url encoded these, it 
can't really fix it. But it should still try to guide the user around 
such errors.
a) I guess some note about the necessity url encoding in the error 
message would help a lot here.
b) Additionally the whole url could be scanned for chars that are not 
A-Za-z0-9._-~:/ . As duplicity backends do not have querystrings I guess 
any other character in the url means that the url is not valid.


... merry days, ede

-------- Original Message --------
Bugs item #2920707, was opened at 2009-12-24 14:28
Message generated for change (Tracker Item Submitted) made by nobody
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=1041147&aid=2920707&group_id=217745

Please note that this message will contain a full copy of the comment 
thread,
including the initial issue submission, for this request,
not just the latest update.
Category: None
Group: None
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Nobody/Anonymous (nobody)
Assigned to: Nobody/Anonymous (nobody)
Summary: ftp passwords are not escaped, duplicity crashes

Initial Comment:
When an ftp password contains special characters (in my case the ? and = 
letters), they must be encoded as %3F and %3D. Currently, neither duply 
not duplicity do the escaping, and neither of them tell the user to do 
it manually. If they are not encoded properly, duplicity will crash with 
 a rather meaningless error message. For ftplictiy V 0.5.18 it's:

User error detail: Traceback (most recent call last):
  File "/usr/bin/duplicity", line 825, in <module>
    with_tempdir(main)
  File "/usr/bin/duplicity", line 818, in with_tempdir
    fn()
  File "/usr/bin/duplicity", line 747, in main
    action = commandline.ProcessCommandLine(sys.argv[1:])
  File "/usr/lib/python2.6/dist-packages/duplicity/commandline.py", 
line 593, in ProcessCommandLine
    backup, local_pathname = set_backend(args[0], args[1])
  File "/usr/lib/python2.6/dist-packages/duplicity/commandline.py", 
line 488, in set_backend
    backend1, backend2 = backend.get_backend(arg1), 
backend.get_backend(arg2)
  File "/usr/lib/python2.6/dist-packages/duplicity/backend.py", line 
84, in get_backend
    pu = ParsedUrl(url_string)
  File "/usr/lib/python2.6/dist-packages/duplicity/backend.py", line 
191, in __init__
    raise InvalidBackendURL("Syntax error (port) in: %s" % url_string)
InvalidBackendURL: Syntax error (port) in: 
ftp://username123:address@hidden

In duplicity 0.5.09 the error message is different, more useless, but 
about the same type of problem.

I see three possible solutions:
 * duply should encode the password properly
 * duplicity should encode the password properly
 * both duply and duplicity should state more clearly that they need 
pre-encoded passwords, so that the user knows he must do it himself

----------------------------------------------------------------------

You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=1041147&aid=2920707&group_id=217745