powered by Jive Software

Bug: Spark doesn't properly escape ampersand in IM gateway passwords

When attempting to register for any builtin openfire gateway, if a password contains an ampersand Spark doesn’t properly escape it, and Openfire disconnects the client when the IQ fails to parse. It’s happened with both the Yahoo! and the gtalk gateways.

Server log says:

org.jivesoftware.openfire.nio.ConnectionHandler.messageReceived(ConnectionHandle r.java:135) Closing connection due to error while processing message: foo&bar@… @1:174)

Spark should really escape the ampersand properly, but Openfire should just ignore the bad IQ instead of dropping the connection.

bump

bump

bump

This also occurs when using Smack 3.0.4. The cause seems to be that org.jivesoftware.smackx.FormField.toXML() doesn’t XML-escape the content - unlike FormField.Option.toXML(), which uses StringUtils.escapeForXML() for this.

This doesn’t seem to be fixed in 3.1.0 (from inspection of the source).

– Richard