From 8fc5352e277a759f77521bde037524ef1a2cd46f Mon Sep 17 00:00:00 2001
From: Tobias Stettner <admin@tstettner.de>
Date: Fri, 8 Jan 2021 10:40:37 +0100
Subject: [PATCH] Encode password to allow special characters

XMLHttpRequest.open() does not automatically encode the password. Though it builds an basic auth schemed URI where '%' is the escaping indicator, thus passwords containing this characters are not accepted this way without manually replacing '%' with '%25' on the form.
---
 radicale/web/internal_data/fn.js | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/radicale/web/internal_data/fn.js b/radicale/web/internal_data/fn.js
index 3b3d6d6d..45412466 100644
--- a/radicale/web/internal_data/fn.js
+++ b/radicale/web/internal_data/fn.js
@@ -124,7 +124,7 @@ function Collection(href, type, displayname, description, color, source) {
  */
 function get_principal(user, password, callback) {
     let request = new XMLHttpRequest();
-    request.open("PROPFIND", SERVER + ROOT_PATH, true, user, password);
+    request.open("PROPFIND", SERVER + ROOT_PATH, true, user, encodeURIComponent(password));
     request.onreadystatechange = function() {
         if (request.readyState !== 4) {
             return;
@@ -167,7 +167,7 @@ function get_principal(user, password, callback) {
  */
 function get_collections(user, password, collection, callback) {
     let request = new XMLHttpRequest();
-    request.open("PROPFIND", SERVER + collection.href, true, user, password);
+    request.open("PROPFIND", SERVER + collection.href, true, user, encodeURIComponent(password));
     request.setRequestHeader("depth", "1");
     request.onreadystatechange = function() {
         if (request.readyState !== 4) {
@@ -280,7 +280,7 @@ function get_collections(user, password, collection, callback) {
  */
 function upload_collection(user, password, collection_href, file, callback) {
     let request = new XMLHttpRequest();
-    request.open("PUT", SERVER + collection_href, true, user, password);
+    request.open("PUT", SERVER + collection_href, true, user, encodeURIComponent(password));
     request.onreadystatechange = function() {
         if (request.readyState !== 4) {
             return;
@@ -305,7 +305,7 @@ function upload_collection(user, password, collection_href, file, callback) {
  */
 function delete_collection(user, password, collection, callback) {
     let request = new XMLHttpRequest();
-    request.open("DELETE", SERVER + collection.href, true, user, password);
+    request.open("DELETE", SERVER + collection.href, true, user, encodeURIComponent(password));
     request.onreadystatechange = function() {
         if (request.readyState !== 4) {
             return;
@@ -330,7 +330,7 @@ function delete_collection(user, password, collection, callback) {
  */
 function create_edit_collection(user, password, collection, create, callback) {
     let request = new XMLHttpRequest();
-    request.open(create ? "MKCOL" : "PROPPATCH", SERVER + collection.href, true, user, password);
+    request.open(create ? "MKCOL" : "PROPPATCH", SERVER + collection.href, true, user, encodeURIComponent(password));
     request.onreadystatechange = function() {
         if (request.readyState !== 4) {
             return;