From:  tklingenberg@lastflood.net
Date:  27 Nov 2014 18:52:09 Hong Kong Time
Newsgroup:  news.php.net/php.pear.bugs
Subject:  

[PEAR-BUG] Bug #20425 [Opn]: Incomplete percent-encoding of userinfo, path and query

NNTP-Posting-Host:  null

Edit report at https://pear.php.net/bugs/bug.php?id=20425&edit=1

 ID:               20425
 Updated by:       tklingenberg@lastflood.net
 Reported By:      jan dot prachar at gmail dot com
 Summary:          Incomplete percent-encoding of userinfo, path and
                    query
 Status:           Open
 Type:             Bug
 Package:          Net_URL2
 Package Version:  2.0.9
 PHP Version:      Irrelevant
 Roadmap Versions: 
 New Comment:

Hi Jan,

some help would be great. A compilation which browser auto-converts
which characters in a 
structured manner would be great (for which part) so it is easier to
review (and implement) an 
accepted / safe way to deal with "readable" URLs as input.

Additionally any kind of feedback is always welcome!


Previous Comments:
------------------------------------------------------------------------

[2014-11-24 10:18:32] pracj3am

Do you need any help?

------------------------------------------------------------------------

[2014-10-10 00:23:36] tkli

at least the documentation problem will be resolved in the next 2.0.10
release (just around the 
corner).

------------------------------------------------------------------------

[2014-10-09 14:24:28] tkli

colons in path perhaps shouldn't be translated for interoperability
reasons:

http://en.wikipedia.org/wiki/File_URI_scheme#Windows_2

------------------------------------------------------------------------

[2014-10-09 14:14:32] tkli

That's good info.

I think we should do a matrix specifying which part (userinfo, host,
path, query, fragment) should 
deal with which characters.

E.g. the Firefox issue you refer to is about the query if I grasped it
right.

We then can put it to a test and have it properly specified. This should
make clear what the intend 
is and how it was solved.

------------------------------------------------------------------------

[2014-10-09 13:38:51] pracj3am

I also experimented with different browsers. For eaxmple following URL
'http://example.com/ "<>[]\{}|`^? "<>[]\{}|`^'

Chromium turn into
GET /%20%22%3C%3E[]/%7B%7D%7C%60%5E?%20%22%3C%3E[]\{}|`^

Firefox
GET /%20%22%3C%3E%5B%5D%5C%7B%7D|%60%5E?%20%22%3C%3E[]\{}|%60^

So in the path component Chromium encodes everything except square
brackets and backslash (turned into slash). While Firefox encodes
everything but |. In the query component they are quite permitive.

Notice that not encoding square brackets was reported as bug in Firefox
and fixed recently see
https://bugzilla.mozilla.org/show_bug.cgi?id=473822

Anyway I think you cannot make any harmm if you ancode all invalid
characters.

------------------------------------------------------------------------

The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
    http://pear.php.net/bugs/bug.php?id=20425

-- 
Edit this bug report at https://pear.php.net/bugs/bug.php?id=20425&edit=1