SoupAuthBasic: allow (some) non-ASCII usernames/passwords

Convert the (assumed-UTF-8) username and password into ISO-8859-1
before encoding. This is what a few other browsers do.

Based on a patch from Joachim Breitner, sponsored by ITOMIG GmbH and
the City of Böblingen.

https://bugzilla.gnome.org/show_bug.cgi?id=576838

diff --git a/libsoup/soup-auth-basic.c b/libsoup/soup-auth-basic.c
index 4218f7e..3705e6e 100644 (file)
--- a/libsoup/soup-auth-basic.c
+++ b/libsoup/soup-auth-basic.c
@@ -103,10 +103,17 @@ static void
 authenticate (SoupAuth *auth, const char *username, const char *password)
 {
        SoupAuthBasicPrivate *priv = SOUP_AUTH_BASIC_GET_PRIVATE (auth);
-       char *user_pass;
+       char *user_pass, *user_pass_latin1;
        int len;
 
        user_pass = g_strdup_printf ("%s:%s", username, password);
+       user_pass_latin1 = g_convert (user_pass, -1, "ISO-8859-1", "UTF-8",
+                                     NULL, NULL, NULL);
+       if (user_pass_latin1) {
+               memset (user_pass, 0, strlen (user_pass));
+               g_free (user_pass);
+               user_pass = user_pass_latin1;
+       }
        len = strlen (user_pass);
 
        if (priv->token) {

diff --git a/libsoup/soup-logger.c b/libsoup/soup-logger.c
index ac901fc..b159e67 100644 (file)
--- a/libsoup/soup-logger.c
+++ b/libsoup/soup-logger.c
@@ -422,10 +422,21 @@ soup_logger_print (SoupLogger *logger, SoupLoggerLogLevel level,
 static void
 soup_logger_print_basic_auth (SoupLogger *logger, const char *value)
 {
-       char *decoded, *p;
+       char *decoded, *decoded_utf8, *p;
        gsize len;
 
        decoded = (char *)g_base64_decode (value + 6, &len);
+       if (decoded && !g_utf8_validate (decoded, -1, NULL)) {
+               decoded_utf8 = g_convert_with_fallback (decoded, -1,
+                                                       "UTF-8", "ISO-8859-1",
+                                                       NULL, NULL, &len,
+                                                       NULL);
+               if (decoded_utf8) {
+                       g_free (decoded);
+                       decoded = decoded_utf8;
+               }
+       }
+
        if (!decoded)
                decoded = g_strdup (value);
        p = strchr (decoded, ':');