diff options
| author | Guilhem Moulin <guilhem.moulin@fripost.org> | 2012-09-29 02:03:21 +0200 |
|---|---|---|
| committer | Guilhem Moulin <guilhem.moulin@fripost.org> | 2012-09-29 02:03:21 +0200 |
| commit | 2bece6abde54881bb074dd44e7f87885eab4a777 (patch) | |
| tree | bde87a2c98476847ab5082facade40062cb52e70 /TODO.org | |
| parent | aa3340e58fc5b993bfc88070edf543a2ed82ef94 (diff) | |
Proper escaping of URIs.
Diffstat (limited to 'TODO.org')
| -rw-r--r-- | TODO.org | 34 |
1 files changed, 29 insertions, 5 deletions
@@ -1,4 +1,4 @@ -* DONE Email::Valid does not accept UTF-8 emails adresses (e.g., test@ƛ.net). +* DONE Email::Valid does not accept UTF-8 emails adresses (e.g., peace@☮.net). LDAP doesn't allow UTF-8 in the DNs anyway, so maybe convert the domains/emails to Punycode internally? @@ -17,6 +17,7 @@ Actually Postfix checks it and warns the administrator with a in the logs. So it's fine to do a partial check here. * TODO Write a script to check every runmode against the W3 validator. +(Cf. cgiapp_postrun); * DONE Use FastCGI. References - http://www.cgi-app.org/index.cgi?FastCGI @@ -24,10 +25,33 @@ in the logs. So it's fine to do a partial check here. * TODO Use HTML::Template::Pro. Not sure it's really worth it, though. -* TODO Forbid `/' and `\0' to appear in the domain/user name. +* DONE Escape reserved characters in URLs: +http://mark.stosberg.com/blog/2010/12/percent-encoding-uris-in-perl.html -* TODO How should we encode the URL for internationalized domain names? Punicode vs. unicode vs. HTML entities? -(Right now it's HTML entities.) +* CANCELED How should we encode the URL for internationalized domain names? Punicode vs. unicode vs. HTML entities? +CLOSED: [2012-09-27 Thu 00:03] +- CLOSING NOTE [2012-09-27 Thu 00:03] \\ +It's up to the browser (Firefox support unicode in URLs). -* TODO Forbid UTF8 in the domain part of lists? (Test if the list +* CANCELED Forbid UTF8 in the domain part of lists? (Test if the list managers support it at least.) +CLOSED: [2012-09-27 Thu 03:38] +- CLOSING NOTE [2012-09-27 Thu 03:38] \\ +Mailman and Schleuder do not support IDNs, but we convert the list name +into punicode first. + +* TODO Give the right for domain owners and postmaster to grant the right +to create aliases and lists. + +* TODO Give the right to appoint co owners (for list and aliases). + +* TODO Make every service use Kerberos, and remove the passphrase on +their private keys. + +* TODO Check list names against mailman's and schleuder's regexps? + +* TODO What to do when a list creation fails? Set up a new service +to clean out the pending lists and domains if they have not been fixed +within 24h (daemon). + +* TODO Automatically generated passwords. |