starred/qBittorrent
1
0
Fork 0
mirror of https://github.com/qbittorrent/qBittorrent.git synced 2026-03-02 22:57:32 -05:00
Code Issues 2.6k Projects Packages Wiki Activity

Add trackers to torrent - no validation for special character '|' #15602

New issue
Open
opened 2026-02-22 02:18:05 -05:00 by deekerman · 4 comments
deekerman commented 2026-02-22 02:18:05 -05:00
Owner
Copy link

Originally created by @1aam2am1 on GitHub (Mar 22, 2024).

qBittorrent & operating system versions

Software versions:
qBittorrent: v4.6.3
qBittorrent Web API: 2.9.3
bitness: 64
boost: 1.82.0
libtorrent: 2.0.10.0
openssl: 3.1.5
qt: 6.6.1
Operating system: docker arm64

What is the problem?

POST /api/v2/torrents/addTrackers HTTP/1.1
Api endpoint doesn't have a validation, and can add a tracker with invalid symbol '|', this creates problem that it is impossible to remove such tracker.

Steps to reproduce

  1. Use addTrackers functionality to add a invalid tracker with '|'
  2. Try using removeTrackers api to remove such tracker. It is impossible as this api have list of trackers separated by '|' which is in tracker name.

Additional context

No response

Log(s) & preferences file(s)

No response

Originally created by @1aam2am1 on GitHub (Mar 22, 2024). ### qBittorrent & operating system versions Software versions: qBittorrent: v4.6.3 qBittorrent Web API: 2.9.3 bitness: 64 boost: 1.82.0 libtorrent: 2.0.10.0 openssl: 3.1.5 qt: 6.6.1 Operating system: docker arm64 ### What is the problem? POST /api/v2/torrents/addTrackers HTTP/1.1 Api endpoint doesn't have a validation, and can add a tracker with invalid symbol '|', this creates problem that it is impossible to remove such tracker. ### Steps to reproduce 1. Use addTrackers functionality to add a invalid tracker with '|' 2. Try using removeTrackers api to remove such tracker. It is impossible as this api have list of trackers separated by '|' which is in tracker name. ### Additional context _No response_ ### Log(s) & preferences file(s) _No response_
deekerman commented 2026-02-22 02:18:10 -05:00
Author
Owner
Copy link

@glassez commented on GitHub (Mar 23, 2024):

Shouldn't a valid URL really contain | character?

@glassez commented on GitHub (Mar 23, 2024): Shouldn't a valid URL really contain `|` character?
deekerman commented 2026-02-22 02:18:12 -05:00
Author
Owner
Copy link

@1aam2am1 commented on GitHub (Mar 23, 2024):

It shouldn't have this char, but there is no validation. So it is possible to add a tracker with this character. And it is impossible to remove such tracker as 'removeTrackers' doesn't have escaping character '|' method. And this char is used as tracker separator.

@1aam2am1 commented on GitHub (Mar 23, 2024): It shouldn't have this char, but there is no validation. So it is possible to add a tracker with this character. And it is impossible to remove such tracker as 'removeTrackers' doesn't have escaping character '|' method. And this char is used as tracker separator.
deekerman commented 2026-02-22 02:18:12 -05:00
Author
Owner
Copy link

@glassez commented on GitHub (Mar 24, 2024):

Duplicate of #19074

@glassez commented on GitHub (Mar 24, 2024): Duplicate of #19074
deekerman commented 2026-02-22 02:18:12 -05:00
Author
Owner
Copy link

@1aam2am1 commented on GitHub (Mar 24, 2024):

Well, the issue is maybe be duplicate. But we can add fix now. By not changing the api, but the result of adding tracker. We can validate the url to be a valid one. So it shouldn't contain such character. Or only validate for this character. And don't include such trackers/return specified error result is such exists in api.

@1aam2am1 commented on GitHub (Mar 24, 2024): Well, the issue is maybe be duplicate. But we can add fix now. By not changing the api, but the result of adding tracker. We can validate the url to be a valid one. So it shouldn't contain such character. Or only validate for this character. And don't include such trackers/return specified error result is such exists in api.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
v5_2_x
v5_1_x
debian
v5_0_x
v4_6_x
v4_5_x
v4_4_x
v4_3_x
v4_2_x
v4_1_x
v4_0_x
v3_3_x
v3_2_x
v3_1_x
v3_0_x
search_encoding_windows
v2_9_x
release-5.1.4
release-5.1.3
release-5.1.2
release-5.1.1
release-5.1.0
release-5.0.5
release-5.0.4
release-5.1.0rc1
release-5.1.0beta1
release-5.0.3
release-5.0.2
release-5.0.1
release-5.0.0
release-4.6.7
release-5.0.0rc1
release-4.6.6
release-4.6.5
release-4.6.4
release-5.0.0beta1
release-4.6.3
release-4.6.2
release-4.6.1
release-4.6.0
release-4.6.0rc2
release-4.5.5
release-4.6.0rc1
release-4.6.0beta1
release-4.5.4
release-4.6.0alpha1
release-4.5.3
release-4.5.2
release-4.5.1
release-4.5.0
release-4.5.0beta1
release-4.4.5
release-4.4.4
release-4.4.3.1
release-4.4.3
release-4.4.2
release-4.4.1
release-4.4.0
release-4.3.9
release-4.4.0rc1
release-4.3.8
release-4.4.0beta3
release-4.3.7
release-4.4.0beta2
release-4.4.0beta1
release-4.3.6
release-4.3.5
release-4.3.4.1
release-4.3.4
release-4.3.3
release-4.3.2
release-4.3.1
release-4.3.0.1
release-4.3.0
release-4.2.5
release-4.2.4
release-4.2.3
release-4.2.2
release-4.2.1
release-4.2.0
release-4.1.9.1
release-4.1.9
release-4.1.8
release-4.1.7
release-4.1.6
release-4.1.5
release-4.1.4
release-4.1.3
release-4.1.2
release-4.1.1
release-4.1.0
release-4.0.4
release-4.0.3
release-4.0.2
release-4.0.1
release-4.0.0
release-3.3.16
release-3.3.15
release-3.3.14
release-3.3.13
release-3.3.12
release-3.3.11
release-3.3.10
release-3.3.9
release-3.3.8
release-3.3.7
release-3.3.6
release-3.3.5
release-3.3.4
release-3.3.3
release-3.3.2
release-3.3.1
release-3.3.0
release-3.2.5
release-3.2.4
release-3.2.3
release-3.2.2
release-3.2.1
release-3.2.0
release-3.1.12
release-3.1.11
release-3.1.10
release-3.1.9.2
release-3.1.9.1
release-3.1.9
release-3.1.8
release-3.1.7
release-3.1.6
release-3.1.5
release-3.1.4
release-3.1.3
release-3.1.2
release-3.1.1
release-3.1.0
release-3.0.11
release-3.0.10
release-3.0.9
release-3.0.8
release-3.0.7
release-3.0.6
release-3.0.5
release-3.0.4
release-3.0.3
release-3.0.2
release-3.0.1
release-3.0.0
release-2.9.11
release-2.9.10
release-2.9.9
release-2.9.8
release-2.9.7
release-2.9.6
release-2.9.5
release-2.9.4
release-2.9.3
release-2.9.0
release-2.8.5
release-2.8.4
release-2.8.3
release-2.8.2
release-2.7.1
release-2.7.0
release-2.6.9
release-2.6.8
release-2.6.7
release-2.6.5
release-2.6.4
release-2.6.3
release-2.6.2
release-2.6.1
release-2.6.0
release-2.5.5
release-2.5.4
release-2.5.3
release-2.5.2
release-2.5.0
release-2.5.0rc1
release-2.4.11
release-2.5.0beta6
release-2.5.0beta5
release-2.5.0beta3
release-2.4.10
release-2.4.8
release-2.5.0beta2
release-2.5.0beta1
release-2.4.6
release-2.4.4
release-2.4.2
release-2.4.0
release-2.4.0rc3
release-2.4.0rc1
release-2.4.0beta3
release-2.4.0beta1
release-2.3.1
release-2.3.0
release-2.3.0rc6
release-2.2.11
release-2.3.0rc5
release-2.2.10
release-2.2.9
release-2.2.8
release-2.2.6
release-2.2.5
release-2.2.3
release-2.2.2
release-2.2.1
release-2.2.0
release-2.1.6
release-2.1.4
release-2.1.2
release-2.1.1
release-2.1.0
release-2.0.7
release-2.0.6
release-2.0.5
release-2.0.3
release-2.0.2
release-2.0.0
release-2.0.0rc6
release-2.0.0rc2
release-1.5.6
release-1.5.4
release-1.5.3
release-1.5.0
release-1.5.0rc5
release-1.5.0rc4
release-1.5.0rc3
release-1.5.0rc1
release-1.5.0beta4
release-1.5.0beta3
release-1.5.0beta2
release-1.5.0beta1
release-1.4.1
release-1.4.0
release-1.4.0rc2
release-1.4.0rc1
release-1.3.5
release-1.4.0beta3
release-1.3.4
release-1.3.3
release-1.3.1
release-1.3.0
release-1.2.1
release-1.2.0rc1
release-1.2.0beta6
release-1.1.4
release-1.2.0beta5
release-1.1.3
release-1.2.0beta3
release-1.1.2
release-1.2.0beta2
release-1.1.1
release-1.2.0beta1
release-1.1.0
release-1.1.0rc2
release-1.1.0rc1
release-1.1.0beta3
release-1.1.0beta2
release-1.0.0
release-1.0.0rc11
release-1.0.0rc10
release-1.0.0rc9
release-1.0.0rc8
release-1.0.0rc7
release-1.0.0rc6
release-1.0.0rc5
release-1.0.0rc4
release-1.0.0rc3
release-0.9.3
release-0.9.2
Labels
Clear labels   
Accessibility

   
AppImage

   
Bounty

   
Build system

   
CI

   
Can't reproduce

   
Code cleanup

   
Confirmed bug

   
Confirmed bug

   
Core

   
Crash

   
Data loss

   
Discussion

   
Docker

   
Documentation

   
Duplicate

   
Feature

   
Feature request

   
Feature request

   
Feature request

   
Filters

   
Flatpak

   
GUI

   
Has workaround

   
I2P

   
Invalid

   
Libtorrent

   
Look and feel

   
Meta

   
NSIS

   
Network

   
Not an issue

   
OS: *BSD

   
OS: Linux

   
OS: Windows

   
OS: macOS

   
PPA

   
Performance

   
Project management

   
Proxy/VPN

   
Qt bugs

   
Qt6 compat

   
RSS

   
Search engine

   
Security

   
Temp folder

   
Themes

   
Translations

   
Triggers

   
Waiting diagnosis

   
Waiting info

   
Waiting upstream

   
Waiting web implementation

   
Watched folders

   
WebAPI

   
WebUI

   
autoCloseOldIssue
No labels
Accessibility
AppImage
Bounty
Build system
CI
Can't reproduce
Code cleanup
Confirmed bug
Confirmed bug
Core
Crash
Data loss
Discussion
Docker
Documentation
Duplicate
Feature
Feature request
Feature request
Feature request
Filters
Flatpak
GUI
Has workaround
I2P
Invalid
Libtorrent
Look and feel
Meta
NSIS
Network
Not an issue
OS: *BSD
OS: Linux
OS: Windows
OS: macOS
PPA
Performance
Project management
Proxy/VPN
Qt bugs
Qt6 compat
RSS
Search engine
Security
Temp folder
Themes
Translations
Triggers
Waiting diagnosis
Waiting info
Waiting upstream
Waiting web implementation
Watched folders
WebAPI
WebUI
autoCloseOldIssue
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/qBittorrent#15602
No description provided.