Opened 9 years ago

Closed 9 years ago

Last modified 6 years ago

#5473 closed Bug report (fixed)

Ampersand (&) in site password creates invalid XML

Reported by: James Owned by: Tim Kosse
Priority: normal Component: FileZilla Client
Keywords: ampersand Cc:
Component version: Operating system type: Windows
Operating system version: XP Pro SP3

Description

I'm using FileZilla client 3.3.3 and when I use the ampersand (&) symbol in a password for a site it is stored in the XML file as '&' not '&amp;'. If I manually change it from '&' to '&amp;' then FileZilla is ok until I update the site or close and reopen FileZilla. Updating the site affects 'sitemanager.xml' and closing affects 'filezilla.xml' (<LastServer><Pass> tag), thus 'filezilla.xml' cannot be read and the default settings are used.

I've attached screen shots of the errors generated for each of these files.

Attachments (3)

filezilla.xml_ampersand-error.jpg (46.6 KB) - added by James 9 years ago.
sitemanager.xml_ampersand-error.jpg (39.1 KB) - added by James 9 years ago.
sitemanager_bak.xml (33 bytes) - added by James 9 years ago.

Download all attachments as: .zip

Change History (7)

Changed 9 years ago by James

Changed 9 years ago by James

Changed 9 years ago by James

Attachment: sitemanager_bak.xml added

comment:1 Changed 9 years ago by Tim Kosse

Status: newmoreinfo

I cannot reproduce this, ampersands work just fine here and are getting properly escaped.

Are you sure you are using version 3.3.3? Where did you download it from?

comment:2 Changed 9 years ago by James

Status: moreinfonew

I am sure I am using version 3.3.3 and I downloaded it through FileZilla's built in updater.

The password that caused the error was '3tup4-@2q9&#xa+6zu2Us-ub', which I just now realized the '&#x' is used for hex.

Should FileZilla be looking for a semi-colon after '&#x' to verify whether or not the ampersand should be changed?

Seeing as how FileZilla seems to be quite thoroughly tested I'm fine with it amounting to me getting an unlucky password and I apologize for not doing more thorough testing on my own before posting.

comment:3 Changed 9 years ago by Tim Kosse

Owner: set to Tim Kosse
Status: newaccepted

The password that caused the error was '3tup4-@2q9&#xa+6zu2Us-ub', which I just now realized the '&#x' is used for hex.

Ah, that's the missing piece of the puzzle. Now that I can reproduce it, I should be able to fix this problem.

Without having looked into it yet, it appears to be a bug in TinyXML, the XML parser library used by FileZilla.

comment:4 Changed 9 years ago by Tim Kosse

Resolution: fixed
Status: acceptedclosed

Definitely a bug in TinyXML.

I have created a patch and submitted it to the TinyXML project, see https://sourceforge.net/tracker/?func=detail&aid=3031828&group_id=13559&atid=313559

The fix will be included in the next version of FileZilla.

Note: See TracTickets for help on using tickets.