From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: Jerry Asher Newsgroups: gmane.emacs.bugs Subject: bug#10478: 24.0.50; url-http-parse-headers can silently drop the response when handling BASIC AUTHENTICATION Date: Sat, 3 Jun 2017 05:56:03 -0700 Message-ID: References: <8737uqyzam.fsf@gnus.org> <87y3t9xsic.fsf@engster.org> <83k24tbabk.fsf@gnu.org> NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="001a114342101a473705510dcc77" X-Trace: blaine.gmane.org 1496494636 13339 195.159.176.226 (3 Jun 2017 12:57:16 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Sat, 3 Jun 2017 12:57:16 +0000 (UTC) Cc: larsi@gnus.org, David Engster , 10478@debbugs.gnu.org To: Eli Zaretskii Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Sat Jun 03 14:57:11 2017 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dH8cA-00036i-Ok for geb-bug-gnu-emacs@m.gmane.org; Sat, 03 Jun 2017 14:57:11 +0200 Original-Received: from localhost ([::1]:53692 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dH8cE-0005fT-NR for geb-bug-gnu-emacs@m.gmane.org; Sat, 03 Jun 2017 08:57:14 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:56422) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dH8c6-0005fG-K6 for bug-gnu-emacs@gnu.org; Sat, 03 Jun 2017 08:57:08 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dH8c2-0006Uz-Sr for bug-gnu-emacs@gnu.org; Sat, 03 Jun 2017 08:57:06 -0400 Original-Received: from debbugs.gnu.org ([208.118.235.43]:49791) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1dH8c2-0006Uq-N3 for bug-gnu-emacs@gnu.org; Sat, 03 Jun 2017 08:57:02 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1dH8c2-0004XC-GU for bug-gnu-emacs@gnu.org; Sat, 03 Jun 2017 08:57:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Jerry Asher Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sat, 03 Jun 2017 12:57:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 10478 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: confirmed Original-Received: via spool by 10478-submit@debbugs.gnu.org id=B10478.149649459317394 (code B ref 10478); Sat, 03 Jun 2017 12:57:02 +0000 Original-Received: (at 10478) by debbugs.gnu.org; 3 Jun 2017 12:56:33 +0000 Original-Received: from localhost ([127.0.0.1]:52468 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dH8bY-0004WT-Ld for submit@debbugs.gnu.org; Sat, 03 Jun 2017 08:56:33 -0400 Original-Received: from mail-qt0-f182.google.com ([209.85.216.182]:35353) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dH8bV-0004WF-W1 for 10478@debbugs.gnu.org; Sat, 03 Jun 2017 08:56:30 -0400 Original-Received: by mail-qt0-f182.google.com with SMTP id w1so48760292qtg.2 for <10478@debbugs.gnu.org>; Sat, 03 Jun 2017 05:56:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=bqwqZ6YiI+/V6smDgtDDzh2cnw5M7iRvhYguFSbfSzI=; b=YBmtVUEHPvUbq5o8TD4huGbeSxO6nDXn32A5v7ogqWTAmaIsDM6PZjHkcipF4o6GLM zvWRvSCNJw/1zQim3C2pMOkf8/uijUWIZ9f4Umu3D8GzQyQIIkXR0HJwFv6OD8w+D+Ou 1vWYP2dfjDf5KcVBSL8C2/ilwLW1G5akPwAnNBmTUP4fy+9x74kNPOEnaUabfpNsEkto EdvZmiaxC8apbXdXoYjzAii3YhkBlAUOLMBNk4NJ+DKz7z05SiXmfVvsDN+HbYuw4fau m5w2nspnw541xOcpDWv7CmNLxfZ1igubAogGIqcgXKTVUH7Ybhoevx/Q/8dRVV/7Z0Yj tklQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=bqwqZ6YiI+/V6smDgtDDzh2cnw5M7iRvhYguFSbfSzI=; b=pW780f2ISg8ybf62aRmaipfGUWRr1ZHJm7hvp2S7u86CCZ3w9zWXkHjaQEXyQ1ax6L AjacySWbenVp3XDdWmVoe2lDhknfA8s80vL8/TFZpTDoashrz51TcfLMpQ6nNGD0rpdA tMpGtxFENZgwr5Q/cP6h65rzFsEGVX3mtDSY7t8d7tKEKwXZm7w+QQ1ztusI1uxNfDxP A8Vurc232E8asAFw1YjQekTQmzZq6Ax3i3UJG2qmhRqZmX7wqWQ12gra3hc80k6q4Kgq +QWIZckKFxuZbnRx7adoxR/5od/GCwYqwpwsxDGkWU3tBZ41EGSk+Zy3SYdgQwKrMqtu +YSQ== X-Gm-Message-State: AKS2vOxMrKj4sRZBsZH49TLg7qHf3QwcRzlvGI7PY4Z/eXD7CSUMLxWA NZ97YZiH4tm+ri5h0vPap2pxHN+oXQ== X-Received: by 10.237.54.225 with SMTP id f88mr953193qtb.63.1496494584249; Sat, 03 Jun 2017 05:56:24 -0700 (PDT) Original-Received: by 10.200.47.35 with HTTP; Sat, 3 Jun 2017 05:56:03 -0700 (PDT) In-Reply-To: <83k24tbabk.fsf@gnu.org> X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 208.118.235.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.org gmane.emacs.bugs:133218 Archived-At: --001a114342101a473705510dcc77 Content-Type: text/plain; charset="UTF-8" So here's my analysis of what I did back then. I think it was short and even straight-forward, anyone is welcome to rewrite or reimplement it. Enough cleanup has happened in url-http.el that it makes it difficult to simply give you a diff today. I don't even know where to get the code as it was in 2012 to compare my patch from back then to. But there were "two" bugs. Bug one: in url-http-handle-authentication, there is a call to url-retrieve-internal, and that function can return a new buffer with the contents of the url, but url-http-handle-authentication does not return the new buffer with the new contents. It drops it on the floor. So all I did, literally, was to capture the return value and then change url-http-handle-authentication throughout so that the the new url contents would be passed back. in url-http-handle-authentication, the end of the function goes from: (if (not (url-auth-registered type)) (progn (widen) (goto-char (point-max)) (insert "
Sorry, but I do not know how to handle " (or type auth url "") " authentication. If you'd like to write it," " please use M-x report-emacs-bug RET.
") ;; We used to set a `status' var (declared "special") but I can't ;; find the corresponding let-binding, so it's probably an error. ;; FIXME: Maybe it was supposed to set `success', i.e. to return t? ;; (setq status t) * nil) ;; Not success yet.* (let* ((args (url-parse-args (subst-char-in-string ?, ?\; auth))) (auth (url-get-authentication auth-url (cdr-safe (assoc "realm" args)) type t args))) (if (not auth) t ;Success. (push (cons (if proxy "Proxy-Authorization" "Authorization") auth) url-http-extra-headers) (let ((url-request-method url-http-method) (url-request-data url-http-data) (url-request-extra-headers url-http-extra-headers)) * (url-retrieve-internal url url-callback-function* * url-callback-arguments))* * nil))))) ;; Not success yet.* to (if (not (url-auth-registered type)) (progn (widen) (goto-char (point-max)) (insert "
Sorry, but I do not know how to handle " type " authentication. If you'd like to write it," " send it to " url-bug-address ".
") (setq status t) *(setq retval nil)*) (let* ((args (url-parse-args (subst-char-in-string ?, ?\; auth))) (auth (url-get-authentication auth-url (cdr-safe (assoc "realm" args)) type t args))) (if (not auth) (progn (setq success t) *(set retval nil)*) (push (cons (if proxy "Proxy-Authorization" "Authorization") auth) url-http-extra-headers) (let ((url-request-method url-http-method) (url-request-data url-http-data) (url-request-extra-headers url-http-extra-headers) * (response-buffer nil)*) * (setq response-buffer* * (url-retrieve-internal url url-callback-function* * url-callback-arguments))* (url-http-debug "Handling authentication return buffer is %s" response-buffer) *(setq retval response-buffer)*)))) (url-http-debug "Handling authentication retval is %s 2:" retval) * retval))* At an appropriate place above this, the declaration of retval is stuffed into an existing let. The next bug occurs in url-http-parse-headers where the 401 and 407 cases which deal with authentication do not take into account that the url contents may have changed as a result of authentication. And there all I did was to cut and paste the previously self-declared hack from the 3XX case in. So the 3XX case had this code already in it (progn ;; Remember that the request was redirected. (setf (car url-callback-arguments) (nconc (list :redirect redirect-uri) (car url-callback-arguments))) * ;; Put in the current buffer a forwarding pointer to the new* * ;; destination buffer.* * ;; FIXME: This is a hack to fix url-retrieve-synchronously* * ;; without changing the API. Instead url-retrieve should* * ;; either simply not return the "destination" buffer, or it* * ;; should take an optional `dest-buf' argument.* * (set (make-local-variable 'url-redirect-buffer)* * (url-retrieve-internal* * redirect-uri url-callback-function* * url-callback-arguments* * (url-silent url-current-object)))* * (url-mark-buffer-as-dead buffer))* I diligently copied that code into the 401 and 407 cases. (`unauthorized ; 401 ;; The request requires user authentication. The response ;; MUST include a WWW-Authenticate header field containing a ;; challenge applicable to the requested resource. The ;; client MAY repeat the request with a suitable ;; Authorization header field. (url-http-handle-authentication nil)) to (unauthorized ; 401 ;; The request requires user authentication. The response ;; MUST include a WWW-Authenticate header field containing a ;; challenge applicable to the requested resource. The ;; client MAY repeat the request with a suitable ;; Authorization header field. ;; bug patch because url-http-handle-authentication ;; might return a new buffer (let ((retval (url-http-handle-authentication nil))) (url-http-debug "Url Http Parse Headers: handling authentication return buffer TO %s" retval) (when retval ;; Put in the current buffer a forwarding pointer to the new ;; destination buffer. ;; FIXME: This is a hack to fix url-retrieve-synchronously ;; without changing the API. Instead url-retrieve should ;; either simply not return the "destination" buffer, or it ;; should take an optional `dest-buf' argument. (set (make-local-variable 'url-redirect-buffer) retval) (url-http-debug "Url Http Parse Headers: handling authentication return buffer TO %s -> %s 2:" retval url-redirect-buffer) (url-mark-buffer-as-dead buffer)))) And I did the same thing for the 407 case. I didn't test it much back in 2012. It worked for my needs against posterous, which then went belly up. You should probably test this now more than I did then, when I wasn't writing so much of a patch, as indicating where the bugs were and the proper fixes needed to apply. I hope that helps, Jerry On Sat, Jun 3, 2017 at 4:05 AM, Eli Zaretskii wrote: > > From: David Engster > > Date: Sat, 03 Jun 2017 12:41:47 +0200 > > Cc: Jerry Asher , 10478@debbugs.gnu.org > > > > I'm not sure if the resulting patch will fit in the 'trivial patch' > > category. > > It's hard to tell, as no diffs were posted. > > Would it be possible to extract the error-handling part into a > separate function, so that the actual changes would be as short as > possible? Then we could see if they are short enough to accept > without papers. > > Thanks. > --001a114342101a473705510dcc77 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
So here's my analysis of what I did back then. I think= it was short and even straight-forward, anyone is welcome to rewrite or re= implement it.

Enough cle= anup has happened in url-http.el that it makes it difficult to simply give = you a diff today. I don't even know where to get the code as it was in = 2012 to compare my patch from back then to.

But there were "two&qu= ot; bugs.

Bug one: in=C2=A0url-http-handle-authentication, there i= s a call to url-retrieve-internal, and that function can return a new buffe= r with the contents of the url, but url-http-handle-authentication does not= return the new buffer with the new contents. It drops it on the floor.

So all I did, literally, was to capture the return value and then change u= rl-http-handle-authentication throughout so that the the new url contents w= ould be passed back.

in url-http-handle-authentication, the end of= the function goes from:

=C2= =A0 =C2=A0 (if (not (url-auth-registered type))
=C2=A0 =C2=A0 =C2=A0 =C2=A0 (progn
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 (= widen)
=C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 (goto-char (point-max))
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 (insert "<= ;hr>Sorry, but I do not know how to handle " (or type auth url &quo= t;")
=C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 " authentication.= =C2=A0 If you'd like to write it,"
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 " please use M-x report-emacs-bug RET.<hr>")
=C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 ;; We used to set a `status' var (declared "special&quo= t;) but I can't
= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 ;; find the corresponding let-binding, s= o it's probably an error.
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 ;; FIXME: Maybe it was supposed = to set `success', i.e. to return t?
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 ;; (setq status t)
=C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 nil) ;; Not success yet.

=C2=A0 =C2=A0 =C2=A0 (let* ((args (url-parse-args (subst-char-i= n-string ?, ?\; auth)))
=C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0(c= dr-safe (assoc "realm" args))
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0type t args)))
=C2=A0 =C2=A0 =C2=A0 =C2=A0 (if (not auth)
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 t =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 ;Success.
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 (push (cons (if proxy "= ;Proxy-Authorization" "Authorization") auth)
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 url-http-extra-headers)
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 (let ((url-reques= t-method url-http-method)
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 (url-request-da= ta url-http-data)
=C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 (url-request-extra-hea= ders url-http-extra-headers))
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 (url-retrieve-inter= nal url url-callback-function
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0ur= l-callback-arguments))
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 nil))))) ;; Not success y= et.


to


=C2=A0 =C2=A0 (i= f (not (url-auth-registered type))
=C2=A0 =C2=A0 =C2=A0 =C2=A0 (progn
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 (widen)=
=C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 (goto-char (point-max))
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 (insert "<hr>Sorry, = but I do not know how to handle " type
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 " authentication.=C2=A0 If you'd like to write it,"= ;
=C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 " send it to " url-bug= -address ".<hr>")
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 (setq status t)
=
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= (setq retval nil))

=C2= =A0 =C2=A0 =C2=A0 (let* ((args (url-parse-args (subst-char-in-string ?, ?\;= auth)))
=C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0(auth (url-get-authentication auth-url
=C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0(cdr-safe (assoc= "realm" args))
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0type t args)))
=C2=A0 =C2=A0 =C2=A0 =C2=A0 (if (not auth)
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 (progn<= /font>
=C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 (setq success t)
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = (set retval nil))
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 (push (cons (if proxy "Proxy= -Authorization" "Authorization") auth)
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 url-http-extra-headers)
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 (let ((url-request-metho= d url-http-method)
=C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 (url-request-data url-= http-data)
=C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 (url-request-extra-headers ur= l-http-extra-headers)
= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 (response-buf= fer nil))
<= i>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 (setq response-buffer
=C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 (url-retrieve-internal url ur= l-callback-function
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0url-callback-arguments))
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 (url-http-de= bug "Handling authentication return buffer is %s"
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 response-buf= fer)
=C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 (setq retval response-buffer)))))
=C2=A0 =C2=A0 (url-http-= debug "Handling authentication retval is %s 2:" retval)
=C2=A0 =C2=A0 retval))


At an appr= opriate place above this, the declaration of=C2=A0retval=C2=A0is stuffed into an existing let.

The next bug occurs in url-http-parse-h= eaders where the 401 and 407 cases which deal with authentication do not ta= ke into account that the url contents may have changed as a result of authe= ntication. And there all I did was to cut and paste the previously self-dec= lared hack from the 3XX case in.

So the 3X= X case had this code already in it

=C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0(progn
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0;; Remember that the request was redirected.=
=C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0(setf (car url-callback-arg= uments)
=C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0(nconc (list :redirect redirect-uri)
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 (car url-callback-a= rguments)))
=C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0;; Put in= the current buffer a forwarding pointer to the new
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0;; destination buffer.=
=C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0;; FIXME: This is a hack to= fix url-retrieve-synchronously
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0;; without changing the API.=C2=A0 Instead url-retrieve= should
= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0;; eit= her simply not return the "destination" buffer, or it
=C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0;; should take an optio= nal `dest-buf' argument.
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0(set (make-local-variable 'url-redirect-buffer)
=C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 (url-= retrieve-internal
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0redirect-uri url-callback-function
=C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0url-ca= llback-arguments
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0(url-silent url-current-object)))
=C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0(url-mark-buffer-as-dead buffe= r))

I dilige= ntly copied that code into the 401 and 407 cases.


=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0(`unauthorized = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 ; 401
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = ;; The request requires user authentication.=C2=A0 The response
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 ;; MUST include a WWW-Authenticate header field co= ntaining a
=C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 ;; challenge applicable to th= e requested resource.=C2=A0 The
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 ;; client= MAY repeat the request with a suitable
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 ;= ; Authorization header field.
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 (url-http-h= andle-authentication nil))

to


=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0(unauthorized =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0; 401
=C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 ;; The request requires user authentication.=C2=A0= The response
=C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 ;; MUST include a WWW-Authenticate header field= containing a
=C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 ;; challenge applicable to the requested resour= ce.=C2=A0 The
=C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 ;; client MAY repeat the request with a suitabl= e
=C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 ;; Authorization header field.

=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 ;; bug patch because url-http-h= andle-authentication
= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 ;; might return a new buffer

=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 (let ((retval = (url-http-handle-authentication nil)))
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 (url-http-d= ebug "Url Http Parse Headers: handling
authentication return buffer TO %s" retval)
=C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 (when retval
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 ;; Put in the cur= rent buffer a forwarding pointer to the new
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 ;; d= estination buffer.
=C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 ;; FIXME: This is a hack to f= ix url-retrieve-synchronously
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 ;; without changin= g the API.=C2=A0 Instead url-retrieve should
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 ;; = either simply not return the "destination" buffer, or it
=C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 ;; should take an optional `dest-buf' argument.
=C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 (set (make-local-variable 'url-redirect-buffer= )
=C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0retval)
<= font face=3D"monospace, monospace">=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 (url-http-debug "Url Http Parse Headers: handling
authentication return buffer TO= %s -> %s 2:"
= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 retval url-redirect-buffer)
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 (url-mark-buffer-as-dead buffer))))


And I did the same thing for the 407 case.
=

I didn't test it much back in 2012. It worked for my needs against= posterous, which then went belly up. You should probably test this now mor= e than I did then, when I wasn't writing so much of a patch, as indicat= ing where the bugs were and the proper fixes needed to apply.

I h= ope that helps,=C2=A0

Jerry

<= div class=3D"gmail_quote">On Sat, Jun 3, 2017 at 4:05 AM, Eli Zaretskii <eliz@g= nu.org> wrote:
> From: D= avid Engster <deng@randomsample.= de>
> Date: Sat, 03 Jun 2017 12:41:47 +0200
> Cc: Jerry Asher <jerry.ash= er@gmail.com>, 10478@debbug= s.gnu.org
>
> I'm not sure if the resulting patch will fit in the 'trivial p= atch'
> category.

It's hard to tell, as no diffs were posted.

Would it be possible to extract the error-handling part into a
separate function, so that the actual changes would be as short as
possible?=C2=A0 Then we could see if they are short enough to accept
without papers.

Thanks.

--001a114342101a473705510dcc77--