All our POST data should come in a valid format, i.e. only allowed characters. Right now, we are replacing invalid characters with '�'. These invalid characters are unexpected and not what we want, so it is better to give an error message when provided invalid characters.
This is fixed now and this is the test command I used. curl -k -d "username=someuser&display=10&auth_cookie=%f0&launch_vnc=1" https://localhost:300/agent The error message is expected to be 400. When %f0 is inputted in the request, it should give an error instead of invalid characters with '�'.
The same code exists in tlwebadm, so we should have the same fix there. Perhaps time for a helper method?
This line of curl can be provoked in the tlwebadmin: curl -k -u username:password -d "order=x%fce" https://localhost:1010 The error message is expected to be 400. When %f0 is inputted in the request, it should give an error instead of invalid characters with '�'.
Works well. tlwebadm and tlwebaccess will now give me 400 for: * Blatantly invalid UTF-8 (e.g. a stray 0xf0) * ISO 8859-1 * Surrogate code points (correctly encoded as UTF-8) * Invalidly large code points (correctly encoded as UTF-8) But it will gladly proceed correctly with: * ASCII * Other latin characters encoded as UTF-8 (e.g. "ö") * Unicode replacement character * Private code points Code looks good. Unit tests look good. Closing.
