Properly encode / sanitize URL's (Example: authorization_endpoint) #11472
Description
Pre-submission Checks
- I checked for similar issues, but could not find any. I also checked the closed issues. I could not contribute additional information to any existing issue.
- I will take the time to fill in all the required fields. I know that the bug report may be dismissed otherwise due to lack of information.
Describe the bug
ownCloud Desktop sync client generates invalid URL's with Space characters:
https://keycloak.ocis-keycloak.latest.owncloud.works/realms/oCIS/protocol/openid-connect/auth?response_type=code
&client_id=c604798c-7977-46a5-8beb-e3df13e65413
&redirect_uri=http://127.0.0.1:54213
&code_challenge=5G3yQGITsH_CPkQDIXL7irH5rEN_BydI3s0YOCr7fHs
&code_challenge_method=S256
&scope=openid offline_access email profile
&prompt=select_account consent
&state=G_jOhNJru34iqmG1ULYA04Gd7GYY7ubu22z-gkmPyzg%3D
Expected behavior
URL's should be properly encoded / sanitized.
Steps to reproduce the issue
No response
Screenshots
Logs
No response
Client version number
ownCloud 6.0.0.13116-daily20240115 [0d34c9](https://github.com/owncloud/client/commit/0d34c9844f69cba89b687ee093b2838bf1114647)
Libraries Qt 6.6.0, OpenSSL 3.1.4 24 Oct 2023
Using virtual files plugin: suffix
OS: macos-23.2.0 (build arch: arm64, CPU arch: arm64)
QPA: cocoa
Desktop environment (Linux only)
No response
Client package version and origin (Linux only)
No response
Installation path (Windows only)
No response
Server information
[Log] ownCloud Web UI 8.0.0-rc.1 (index.html-MZztZoFM.mjs, line 1)
[Log] Infinite Scale 5.1.0-prealpha+21e4b7d29 Community (index.html-MZztZoFM.mjs, line 1)
Additional context
Doesn't work in curl:
curl "https://keycloak.ocis-keycloak.latest.owncloud.works/realms/oCIS/protocol/openid-connect/auth?response_type=code&client_id=c604798c-7977-46a5-8beb-e3df13e65413&redirect_uri=http://127.0.0.1:54213&code_challenge=5G3yQGITsH_CPkQDIXL7irH5rEN_BydI3s0YOCr7fHs&code_challenge_method=S256&scope=openid offline_access email profile&prompt=select_account consent&state=G_jOhNJru34iqmG1ULYA04Gd7GYY7ubu22z-gkmPyzg%3D"
curl: (3) URL rejected: Malformed input to a URL function
curl --version
curl 8.4.0 (x86_64-apple-darwin23.0) libcurl/8.4.0 (SecureTransport) LibreSSL/3.3.6 zlib/1.2.12 nghttp2/1.55.1
Release-Date: 2023-10-11
Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS GSS-API HSTS HTTP2 HTTPS-proxy IPv6 Kerberos Largefile libz MultiSSL NTLM NTLM_WB SPNEGO SSL threadsafe UnixSockets