Home GnuPG
Diffusion libphutil fb9e0642c4ea

Reject ambiguous URIs with unescaped "#" or "?" in username/password parts
fb9e0642c4eaUnpublished
Actions

Unpublished Commit ยท Learn More

Publishing Disabled: All publishing is disabled for this repository.

Description

Reject ambiguous URIs with unescaped "#" or "?" in username/password parts

Summary:
Fixes T12526. These URIs are ambiguous and nonstandard, and different versions of different clients parse them differently.

Instead of trying to get this right across PHP versions, just reject these outright. No normal user will ever expect these to work.

Test Plan: Ran unit tests in PHP 7.1, got clean results. See T12526 for more discussion.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T12526

Differential Revision: https://secure.phabricator.com/D17647

Details

Provenance
epriestley <git@epriestley.com>Authored on Apr 10 2017, 6:48 PM
marcusPushed on Apr 24 2017, 9:51 AM
Parents
rPHUTIL6427dbef7801: Make Calendar recurrence sets return the indexes of recurrence dates properly
Branches
Unknown
Tags
Unknown

Event Timeline

epriestley <git@epriestley.com> committed rPHUTILfb9e0642c4ea: Reject ambiguous URIs with unescaped "#" or "?" in username/password parts (authored by epriestley <git@epriestley.com>).Apr 10 2017, 7:34 PM

Changes (2)

PathSize
src/
parser/
__tests__/

rPHUTILfb9e0642c4ea

View Options

src/parser/PhutilURI.php

Loading...
View Options

src/parser/__tests__/PhutilURITestCase.php

Loading...