Accentuated UTF-8 value of header is UTF-8 encoded again by handler
Concerned version
Version: 2.0.*
Platform: Apache
Summary
When an UTF-8 string containing accentuated characters is sent as an HTTP header value by the handler, it is double encoded.
For the è (e grave) character, the string \xc3\x83\xc2\xa8 is sent instead of \xc3\xa8.
Bug #1331 (closed) corrected the same problem in 1.9.14.
I suppose the correction was not ported to 2.0 branch.
We discovered this bug after an upgrade from 1.9.17 to 2.0.4, as users with login containing accentuated characters could connect in LLNG but the login was rejected by the protected application, as it was not found in the database.
Logs
There is no log in LLNG. The bad value can be logged in the protected application.
Backends used
The user/password backend where the value come from is DBI with PostgreSQL.
Possible fixes
If i apply the correction of bug #1331 (closed) in file lemonldap-ng-handler/lib/Lemonldap/NG/Handler/ApacheMP2/Main.pm, the correct value is sent.
@@ -87,7 +87,10 @@
sub set_header_in {
my ( $class, $request, %headers ) = @_;
while ( my ( $h, $v ) = each %headers ) {
+ use utf8;
+ utf8::downgrade($v);
$request->env->{'psgi.r'}->headers_in->set( $h => $v );
}
}