Skip to content

Encode user info#2327

Merged
silentworks merged 1 commit into
slimphp:3.xfrom
akrabat:encode-user-info
Nov 3, 2017
Merged

Encode user info#2327
silentworks merged 1 commit into
slimphp:3.xfrom
akrabat:encode-user-info

Conversation

@akrabat
Copy link
Copy Markdown
Member

@akrabat akrabat commented Nov 3, 2017
edited
Loading

If the username or password includes an @, : or other reserved
characters, they need to be encoded.

Fixes #2201

@akrabat akrabat added this to the 3.9.0 milestone Nov 3, 2017
@akrabat
Encode user info
72309b2 
If the username or password includes an `@`, `:` or other reserved
characters, they need to be encoded.

Fixes #2201
akrabat added a commit to akrabat/Slim-Http that referenced this pull request Nov 3, 2017
@akrabat
Encode user info
7b7845d 
If the username or password includes an `@` or `:` or other reserved
characters, they need to be encoded.

Forward ports slimphp/Slim#2327.
akrabat added a commit to akrabat/Slim-Http that referenced this pull request Nov 3, 2017
@akrabat
Encode user info
70921a5 
If the username or password includes an `@` or `:` or other reserved
characters, they need to be encoded.

Fixes slimphp#34
Forward ports slimphp/Slim#2327.
@akrabat akrabat mentioned this pull request Nov 3, 2017
Merged
@coveralls
Copy link
Copy Markdown

coveralls commented Nov 3, 2017

Coverage Status

Coverage increased (+0.03%) to 93.283% when pulling 72309b2 on akrabat:encode-user-info into 67a6cb3 on slimphp:3.x.

@coveralls
Copy link
Copy Markdown

coveralls commented Nov 3, 2017

Coverage Status

Coverage increased (+0.03%) to 93.283% when pulling 72309b2 on akrabat:encode-user-info into 67a6cb3 on slimphp:3.x.

@silentworks silentworks merged commit e42b86a into slimphp:3.x Nov 3, 2017
@mahagr
Copy link
Copy Markdown

mahagr commented Nov 6, 2017

Just a note: filterUserInfo() has /u modifier, but filterPath() and filterQuery() do not. Should they all have the modifier?

@akrabat
Copy link
Copy Markdown
Member Author

akrabat commented Nov 6, 2017

@mahagr Now that is a very good question :)

I think that they should all have /u as I think unicode is allowed in URIs. (e.g http://☃.net)

@mahagr
Copy link
Copy Markdown

mahagr commented Nov 6, 2017

Also another thing... Should __construct() also escape user and password?

@mahagr
Copy link
Copy Markdown

mahagr commented Nov 6, 2017

And from your example: hostname isn't filtered either...

@akrabat
Copy link
Copy Markdown
Member Author

akrabat commented Nov 6, 2017

Yes - I would appreciate a PR :)

@akrabat
Copy link
Copy Markdown
Member Author

akrabat commented Nov 6, 2017

Re hostname: is there any reason to filter it?

@mahagr
Copy link
Copy Markdown

mahagr commented Nov 6, 2017
edited
Loading

You can use Uri class outside of request to build a new URL to be shown your page.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@silentworks silentworks silentworks approved these changes

@geggleto geggleto Awaiting requested review from geggleto

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

3.9.0

Development

Successfully merging this pull request may close these issues.

4 participants

@akrabat @coveralls @mahagr @silentworks