Closed sergiodinizoswald closed 5 years ago
well, you can if you url-encode it, like any place where you put a password in an URL.
The weird thing is what happens when you use %2F
. After parsing, it should not be a %2F
but a /
. could it be that parse_url
does not properly url-decode each part ?
hmm, that's indeed the case. It does not decode each part: https://secure.php.net/parse_url
Doctrine DBAL is apply $url = array_map('rawurldecode', $url);
(where $url
is the equivalent of $parts
in your snippet)
Yeah, that is probably the solution, and actually someone already did a PR for that: #263, but are using urldecode instead of rawurldecode, and are using it only on the user/password fields, I think it would be better to do the same as Doctrine Dbal does.
@sergiodinizoswald want to submit a PR with a better solution then?
@naderman yeah sure.. not a problem!
@sergiodinizoswald looks like @eeemarv updated his PR already https://github.com/symfony/swiftmailer-bundle/pull/263#issuecomment-484363352 maybe just confirm if that version works too? @stof are there any other $parts that would need special decoding?
Symfony version(s) affected: 4.1.8
Description
Can't use / on the password for email authentication.
How to reproduce
Use an email that has a password for example: stuff/2018.
Meaning that MAILER_URL would be something like this:
MAILER_URL=smtp://test@gmail.com:stuff/2018@smtp.gmail.com?port=465&auth_mode=login&encryption=ssl
In my case I'm using gmail, and the password has a /, this completely breaks the MAILER_URL parameter, I've tried using %2F instead of /, even tried to use // to maybe escape or even
\/
but nothing.It basically breaks on: Symfony\Bundle\SwiftmailerBundle\DependencyInjection\SwiftmailerTransportFactory on the calling of parse_url around on line 102:
Using %2F as escaping works, and the password is correctly setup:
But it then get's rejected by gmail in this case ( could gmail be the culprit here, don't really think so ), because the password does not match since the password really is: stuff/2018.
I've managed to go around it, by basically passing all the parameters separately.
Possible Solution
Running url_decode on each part returned by the parse_url function? Don't really know if this is a valid solution and secure one,, and if it won't break already functioning code, for example: https://github.com/symfony/symfony-docs/pull/9824 ( I was the one that lost 3 hours trying to figure out what happened with the + sign ).
Is this really a bug? Or am I missing something really simple?