Using backslahes / on MAILER_URL .env #270
Comments
well, you can if you url-encode it, like any place where you put a password in an URL. The weird thing is what happens when you use |
hmm, that's indeed the case. It does not decode each part: https://secure.php.net/parse_url |
Doctrine DBAL is apply |
Yeah, that is probably the solution, and actually someone already did a PR for that: #263, but are using urldecode instead of rawurldecode, and are using it only on the user/password fields, I think it would be better to do the same as Doctrine Dbal does. |
@sergiodinizoswald want to submit a PR with a better solution then? |
@naderman yeah sure.. not a problem! |
@sergiodinizoswald looks like @eeemarv updated his PR already #263 (comment) maybe just confirm if that version works too? @stof are there any other $parts that would need special decoding? |
Symfony version(s) affected: 4.1.8
Description
Can't use / on the password for email authentication.
How to reproduce
Use an email that has a password for example: stuff/2018.
Meaning that MAILER_URL would be something like this:
MAILER_URL=smtp://test@gmail.com:stuff/2018@smtp.gmail.com?port=465&auth_mode=login&encryption=ssl
In my case I'm using gmail, and the password has a /, this completely breaks the MAILER_URL parameter, I've tried using %2F instead of /, even tried to use // to maybe escape or even
\/
but nothing.It basically breaks on:
Symfony\Bundle\SwiftmailerBundle\DependencyInjection\SwiftmailerTransportFactory on the calling of parse_url around on line 102:
Using %2F as escaping works, and the password is correctly setup:
But it then get's rejected by gmail in this case ( could gmail be the culprit here, don't really think so ), because the password does not match since the password really is: stuff/2018.
I've managed to go around it, by basically passing all the parameters separately.
Possible Solution
Running url_decode on each part returned by the parse_url function? Don't really know if this is a valid solution and secure one,, and if it won't break already functioning code, for example: symfony/symfony-docs#9824 ( I was the one that lost 3 hours trying to figure out what happened with the + sign ).
Is this really a bug? Or am I missing something really simple?
The text was updated successfully, but these errors were encountered: