Thanks again. The problem with that patch is that it assumes that
userinfo is always a username and password. This may be almost always
the case for the HTTP scheme. But actually the userinfo part of a URL
can be *anything*. The actual format of userinfo strongly depends on the
context (i.e. the authentication scheme). RFC-2396 states: "Some URL
schemes use the format "user:password" in the userinfo field."
I suggest we provide
public HttpURL(String user, String password, String host, int port,
String path, String query, String fragment) throws
URIException
which takes user and password, properly escapes them and joins them
together with a colon as the delimiter and just feeds them into the
generic constructor.
We would then not deprecate
public HttpURL(String userinfo, String host, int port, String path,
String query, String fragment) throws URIException
but change its contract to require userinfo to be correctly escaped and
limited to the legal set of characters.
O.
[EMAIL PROTECTED] wrote:
------- Additional Comments From [EMAIL PROTECTED] 2004-09-08 12:05 -------
Created an attachment (id=12670)
The same patch im unified diff format (forgot the -u, sorry)
--
_________________________________________________________________
NOSE applied intelligence ag
ortwin glück [www] http://www.nose.ch
software engineer
hardturmstrasse 171 [pgp id] 0x81CF3416
8005 zürich [office] +41-1-277 57 35
switzerland [fax] +41-1-277 57 12
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
