[TYPO3-dev] Password reset links breaking - felogin

Jigal van Hemert jigal at xs4all.nl
Tue Feb 15 14:13:41 CET 2011


Hi,

On 15-2-2011 12:52, Michael wrote:
> On 14/02/11 23:35, Jigal van Hemert wrote:
>> I checked the URLs a while ago and according to the web RFCs they are
>> completely valid.
>
> hmmm... I am not 100% sure about this statement to be honest :-)
>
> According to RFC 1738 square brackets should be encoded as %5B and %5D.

According to RFC 3986 [1] (which updates 1738), section 2.2 Reserved 
Characters, square bracked are Reserved Characters (category 
gen-delims). The text says that these can be used "by the 
implementation-specific syntax of a URI's dereferencing algorithm". If 
these characters are used as part of normal data in a URI (e.g. part of 
a path, value of a query parameter) they should be percent-encoded.

No matter how the square brackets are used at the receiving end a URL 
must never be cut off when a reserved character is found. This becomes 
very clear when you look at the list of gen-delims:
	gen-delims  = ":" / "/" / "?" / "#" / "[" / "]" / "@"

IMO this behaviour of mail clients is simply wrong.

[1] http://www.faqs.org/rfcs/rfc3986.html

> ...and I am pretty sure, someone will name two, three other RFCs which
> disprove RFC 1738 ;-)

Absolutely spot on! :-D

Maybe it'd be a nice feature to provide a generic URL shortener in TYPO3

-- 
Kind regards / met vriendelijke groet,

Jigal van Hemert
skype:jigal.van.hemert
msn: jigal at xs4all.nl
http://twitter.com/jigalvh




More information about the TYPO3-dev mailing list