Thanks again. The problem with that patch is that it assumes that userinfo is always a username and password. This may be almost always the case for the HTTP scheme. But actually the userinfo part of a URL can be *anything*. The actual format of userinfo strongly depends on the context (i.e. the authentication scheme). RFC-2396 states: "Some URL schemes use the format "user:password" in the userinfo field."
I suggest we provide
public HttpURL(String user, String password, String host, int port, String path, String query, String fragment) throws URIException
which takes user and password, properly escapes them and joins them together with a colon as the delimiter and just feeds them into the generic constructor.
We would then not deprecate public HttpURL(String userinfo, String host, int port, String path, String query, String fragment) throws URIException
but change its contract to require userinfo to be correctly escaped and limited to the legal set of characters.
O.
[EMAIL PROTECTED] wrote:
------- Additional Comments From [EMAIL PROTECTED] 2004-09-08 12:05 ------- Created an attachment (id=12670) The same patch im unified diff format (forgot the -u, sorry)
-- _________________________________________________________________ NOSE applied intelligence ag
ortwin glück [www] http://www.nose.ch software engineer hardturmstrasse 171 [pgp id] 0x81CF3416 8005 zürich [office] +41-1-277 57 35 switzerland [fax] +41-1-277 57 12
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]