Ticket #5473 (closed Bug report: fixed)

Opened 4 years ago

Last modified 9 months ago

Ampersand (&) in site password creates invalid XML

Reported by: jamesxa Owned by: codesquid
Priority: normal Component: FileZilla Client
Keywords: ampersand Cc:
Operating system type: Windows Operating system version: XP Pro SP3

Description

I'm using FileZilla client 3.3.3 and when I use the ampersand (&) symbol in a password for a site it is stored in the XML file as '&' not '&amp;'. If I manually change it from '&' to '&amp;' then FileZilla is ok until I update the site or close and reopen FileZilla. Updating the site affects 'sitemanager.xml' and closing affects 'filezilla.xml' (<LastServer><Pass> tag), thus 'filezilla.xml' cannot be read and the default settings are used.

I've attached screen shots of the errors generated for each of these files.

Attachments

filezilla.xml_ampersand-error.jpg Download (46.6 KB) - added by jamesxa 4 years ago.
sitemanager.xml_ampersand-error.jpg Download (39.1 KB) - added by jamesxa 4 years ago.
sitemanager_bak.xml Download (33 bytes) - added by jamesxa 4 years ago.

Change History

Changed 4 years ago by jamesxa

Changed 4 years ago by jamesxa

Changed 4 years ago by jamesxa

Changed 4 years ago by codesquid

  • status changed from new to moreinfo

I cannot reproduce this, ampersands work just fine here and are getting properly escaped.

Are you sure you are using version 3.3.3? Where did you download it from?

Changed 4 years ago by jamesxa

  • status changed from moreinfo to new

I am sure I am using version 3.3.3 and I downloaded it through FileZilla's built in updater.

The password that caused the error was '3tup4-@2q9&#xa+6zu2Us-ub', which I just now realized the '&#x' is used for hex.

Should FileZilla be looking for a semi-colon after '&#x' to verify whether or not the ampersand should be changed?

Seeing as how FileZilla seems to be quite thoroughly tested I'm fine with it amounting to me getting an unlucky password and I apologize for not doing more thorough testing on my own before posting.

Changed 4 years ago by codesquid

  • status changed from new to accepted
  • owner set to codesquid

The password that caused the error was '3tup4-@2q9&#xa+6zu2Us-ub', which I just now realized the '&#x' is used for hex.

Ah, that's the missing piece of the puzzle. Now that I can reproduce it, I should be able to fix this problem.

Without having looked into it yet, it appears to be a bug in TinyXML, the XML parser library used by FileZilla.

Changed 4 years ago by codesquid

  • status changed from accepted to closed
  • resolution set to fixed

Definitely a bug in TinyXML.

I have created a patch and submitted it to the TinyXML project, see  https://sourceforge.net/tracker/?func=detail&aid=3031828&group_id=13559&atid=313559

The fix will be included in the next version of FileZilla.

Note: See TracTickets for help on using tickets.