Special characters in curl post

Question

I am trying to use the following curl

curl -k 'https://myhost.com:9091/nifi-api/access/token' -H 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8' --data "username=$USERNAME&password=$PASSWORD" --compressed —insecure

But get an error with a % in the password saying

URLDecoder: Incomplete trailing escape (%) pattern

I have seen suggestions online to use --data-urlencode but then I get the following error.

The username and password must be specified.

How can I resolve this issue?

Answer 1

--data-urlencode is the way to go adding it multiple times, one per parameter

userh='vf&re'
passwordh='asdaf%'
curl 'http://127.0.0.1:8080/' --data-urlencode "username=$userh" --data-urlencode "password=$passwordh"

Let's start a netcat listener to check what was sent

netcat -l 8080

Received data:

POST / HTTP/1.1
Host: 127.0.0.1:8080
User-Agent: curl/7.60.0
Accept: */*
Content-Length: 34
Content-Type: application/x-www-form-urlencoded

username=vf%26re&password=asdaf%25

Sending all parameters in one option will not work since password parameter gets lost triggering the server error "The username and password must be specified."

curl 'http://127.0.0.1:8080/' --data-urlencode "username=$userh&password=$passwordh"

Response:

POST / HTTP/1.1
Host: 127.0.0.1:8080
User-Agent: curl/7.60.0
Accept: */*
Content-Length: 38
Content-Type: application/x-www-form-urlencoded

username=vf%26re%26password%3Dasdaf%25

First command from OP with --data will not work either as it sends the % sign as is triggering a server error that "sees" and incomplete percent encoded request.

POST / HTTP/1.1
Host: 127.0.0.1:8080
User-Agent: curl/7.60.0
Accept: */*
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 33

username=asdasdas&password=asdaf%

Based on this answer.