- adjustment, the spec says: "Within the user and password field, any ":",

   "@", or "/" must be encoded." - so re-apply encoding to both password
and username, don't encode spaces as plus signs, don't encode any chars
outside of :, @, / on stringification - but we still parse for any
%XX character (is that right?)

3 files changed, 18 insertions, 5 deletions

diff --git a/lib/sqlalchemy/engine/url.py b/lib/sqlalchemy/engine/url.py
index 28c15299e..77fbe2346 100644
--- a/lib/sqlalchemy/engine/url.py
+++ b/lib/sqlalchemy/engine/url.py
@@ -65,9 +65,10 @@ class URL(object):
     def __to_string__(self, hide_password=True):
         s = self.drivername + "://"
         if self.username is not None:
-            s += self.username
+            s += _rfc_1738_quote(self.username)
             if self.password is not None:
-                s += ':' + ('***' if hide_password else self.password)
+                s += ':' + ('***' if hide_password
+                            else _rfc_1738_quote(self.password))
             s += "@"
         if self.host is not None:
             if ':' in self.host:
@@ -194,6 +195,12 @@ def _parse_rfc1738_args(name):
             query = None
         components['query'] = query
 
+        if components['username'] is not None:
+            components['username'] = _rfc_1738_unquote(components['username'])
+
+        if components['password'] is not None:
+            components['password'] = _rfc_1738_unquote(components['password'])
+
         ipv4host = components.pop('ipv4host')
         ipv6host = components.pop('ipv6host')
         components['host'] = ipv4host or ipv6host
@@ -204,6 +211,12 @@ def _parse_rfc1738_args(name):
             "Could not parse rfc1738 URL from string '%s'" % name)
 
 
+def _rfc_1738_quote(text):
+    return re.sub(r'[:@/]', lambda m: "%%%X" % ord(m.group(0)), text)
+
+def _rfc_1738_unquote(text):
+    return util.unquote(text)
+
 def _parse_keyvalue_args(name):
     m = re.match(r'(\w+)://(.*)', name)
     if m is not None:
diff --git a/lib/sqlalchemy/util/__init__.py b/lib/sqlalchemy/util/__init__.py
index c68a64866..77339e56a 100644
--- a/lib/sqlalchemy/util/__init__.py
+++ b/lib/sqlalchemy/util/__init__.py
@@ -9,7 +9,7 @@ from .compat import callable, cmp, reduce,  \
     pickle, dottedgetter, parse_qsl, namedtuple, next, reraise, \
     raise_from_cause, text_type, string_types, int_types, binary_type, \
     quote_plus, with_metaclass, print_, itertools_filterfalse, u, ue, b,\
-    unquote_plus, b64decode, b64encode, byte_buffer, itertools_filter,\
+    unquote_plus, unquote, b64decode, b64encode, byte_buffer, itertools_filter,\
     iterbytes, StringIO, inspect_getargspec
 
 from ._collections import KeyedTuple, ImmutableContainer, immutabledict, \
diff --git a/lib/sqlalchemy/util/compat.py b/lib/sqlalchemy/util/compat.py
index 7c2bc88d4..ff434df43 100644
--- a/lib/sqlalchemy/util/compat.py
+++ b/lib/sqlalchemy/util/compat.py
@@ -40,7 +40,7 @@ if py3k:
     import builtins
 
     from inspect import getfullargspec as inspect_getfullargspec
-    from urllib.parse import quote_plus, unquote_plus, parse_qsl
+    from urllib.parse import quote_plus, unquote_plus, parse_qsl, quote, unquote
     import configparser
     from io import StringIO
 
@@ -95,7 +95,7 @@ if py3k:
 else:
     from inspect import getargspec as inspect_getfullargspec
     inspect_getargspec = inspect_getfullargspec
-    from urllib import quote_plus, unquote_plus
+    from urllib import quote_plus, unquote_plus, quote, unquote
     from urlparse import parse_qsl
     import ConfigParser as configparser
     from StringIO import StringIO