Passing special characters through API

darkshadow604

Active Member
Feb 4, 2006
27
0
151
Hi,

Is there anyway I can pass special characters through a URL for an API call?

I need to pass for example: *&8/\13%@#^&;'' as the password for one of the arguments for a Fileman::fullbackup API1 call.

I tried using urlencode() on the password, but got this:
<error>[an error occurred while processing this directive]</error>

So I'm thinking... does cPanel convert encoded URL's back to regular strings? [equivalent to urldecode()]? Is there anyway I can get pass this?

Edit: tried adding htmlentities() so it becomes this -
$ftppass = urlencode(htmlentities(stripslashes("*&8/\\13%@#^&;\'\'")));
The call went through, but authentication fails.

$call = "/xml-api/cpanel?user=${user}&xmlin=<cpanelaction><module>Fileman</module><func>fullbackup</func><apiversion>1</apiversion><args>ftp</args><args>example.com</args><args>abcdef</args><args>${ftppass}</args><args>[email protected]</args><args>21</args><args>/</args></cpanelaction>";

Edit2: also tried using json-api API1, without the htmlentities, and still to no avail.

Any help will be appreciated.
 
Last edited:

darkshadow604

Active Member
Feb 4, 2006
27
0
151
Can any cPanel staff give me some insights on how to tackle this problem? Or do I have reside to limiting the special characters from being used in passwords?

Edit: just contacted support, seems that single/double quotes are messing up with the API call.
- two single quotes infront of the password seems to make the variable undefined.
- any quotes inside a password closes up the variable up - doesn't treat it as literal.
Don't know how to tackle this problem.

Thanks!
 
Last edited:

cPanelDavidN

Well-Known Member
Staff member
Dec 17, 2009
571
3
68
Houston, TX
cPanel Access Level
Root Administrator
Hi darkshadow604,

I've done some preliminary tests and am able to reproduce the issue.
Code:
//this is the URL param
arg-3=%2A%268%2F%5C13%25%40%23%5E%26%3B%27%27

//this is how cPanel has captured it  
//NOTE: one single quote is escaped, the other is literal...as you've mentioned
'param3' => '*&8/\\13%@#^&;\''
You say you contacted support? Please private message me the ticket number.

Hopefully we'll get it address in cPanel. Or if necessary, after we sort it out, we can post a work around on this thread later.

Regards,
-David
 

darkshadow604

Active Member
Feb 4, 2006
27
0
151
Hi David,

Sorry for the slow reply - didn't get notified of your post. I have PM'ed you the ticket ID.

Here's the reply a few days ago:
Our Quality Assurance team has opened an internal bug report with our developers regarding this issue, and we hope to have this issue corrected with an upcoming "upcp". We thank you for bringing this to our attention.
Though I'm not sure if cPanel has fixed this yet and which branches have been updated with the fix - as I haven't had the time to test it out after the response.

Regards,
 

cPanelDavidN

Well-Known Member
Staff member
Dec 17, 2009
571
3
68
Houston, TX
cPanel Access Level
Root Administrator
Hi lauer,

Can you please specify a particular API1 or API2 call that is failing for you, and an example parameter that you believe is impeding the success of the call.

Thanks,
-DavidN