psiphon

jsf_interpolate_vars does not escape special regex symbols ($ and &)

Bug #561777 reported by e.fryntov
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
psiphon
Fix Committed
High
e.fryntov

Bug Description

Bug behavour:
Special regex symbols such as '$1'-'$9' and '&' in the replacement string are not escaped and substituted with corresponding matches.

Example:
Consider the following search-and replace rule

domain:xyz.com
path: /
search: ABC
replace: ${psiphon_proxy_uri}

Any occurrence of 'ABC' for http://xyz.com/hjk will be replaced with "http://xyz.com/hjk" as ${psiphon_proxy_uri} interpolates to "http://xyz.com/hjk".

Now, if we visit http://xyz.com/hjk?c=123&d=456 the ${psiphon_proxy_uri} interpolates to "http://xyz.com/hjk?c=123&d=456" and every occurrence of 'ABC' substituted with "http://xyz.com/hjk?c=123ABCd=456" because of unescaped '&' in the replacement string.

e.fryntov (e-fryntov)
Changed in psiphon:
importance: Undecided → High
assignee: nobody → e.fryntov (e-fryntov)
e.fryntov (e-fryntov)
visibility: private → public
Changed in psiphon:
status: New → Fix Committed
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.