Opened 13 years ago

Closed 13 years ago

Last modified 10 years ago

#5473 closed Bug report (fixed)

Ampersand (&) in site password creates invalid XML

Reported by: James Owned by: Tim Kosse
Priority: normal Component: FileZilla Client
Keywords: ampersand Cc:
Component version: Operating system type: Windows
Operating system version: XP Pro SP3


I'm using FileZilla client 3.3.3 and when I use the ampersand (&) symbol in a password for a site it is stored in the XML file as '&' not '&amp;'. If I manually change it from '&' to '&amp;' then FileZilla is ok until I update the site or close and reopen FileZilla. Updating the site affects 'sitemanager.xml' and closing affects 'filezilla.xml' (<LastServer><Pass> tag), thus 'filezilla.xml' cannot be read and the default settings are used.

I've attached screen shots of the errors generated for each of these files.

Attachments (3)

filezilla.xml_ampersand-error.jpg (46.6 KB ) - added by James 13 years ago.
sitemanager.xml_ampersand-error.jpg (39.1 KB ) - added by James 13 years ago.
sitemanager_bak.xml (33 bytes ) - added by James 13 years ago.

Download all attachments as: .zip

Change History (7)

by James, 13 years ago

Attachment: sitemanager_bak.xml added

comment:1 by Tim Kosse, 13 years ago

Status: newmoreinfo

I cannot reproduce this, ampersands work just fine here and are getting properly escaped.

Are you sure you are using version 3.3.3? Where did you download it from?

comment:2 by James, 13 years ago

Status: moreinfonew

I am sure I am using version 3.3.3 and I downloaded it through FileZilla's built in updater.

The password that caused the error was '3tup4-@2q9&#xa+6zu2Us-ub', which I just now realized the '&#x' is used for hex.

Should FileZilla be looking for a semi-colon after '&#x' to verify whether or not the ampersand should be changed?

Seeing as how FileZilla seems to be quite thoroughly tested I'm fine with it amounting to me getting an unlucky password and I apologize for not doing more thorough testing on my own before posting.

comment:3 by Tim Kosse, 13 years ago

Owner: set to Tim Kosse
Status: newaccepted

The password that caused the error was '3tup4-@2q9&#xa+6zu2Us-ub', which I just now realized the '&#x' is used for hex.

Ah, that's the missing piece of the puzzle. Now that I can reproduce it, I should be able to fix this problem.

Without having looked into it yet, it appears to be a bug in TinyXML, the XML parser library used by FileZilla.

comment:4 by Tim Kosse, 13 years ago

Resolution: fixed
Status: acceptedclosed

Definitely a bug in TinyXML.

I have created a patch and submitted it to the TinyXML project, see

The fix will be included in the next version of FileZilla.

Note: See TracTickets for help on using tickets.