From 2bece6abde54881bb074dd44e7f87885eab4a777 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Sat, 29 Sep 2012 02:03:21 +0200 Subject: Proper escaping of URIs. --- TODO.org | 34 +++++++++++++++++++++++++++++----- 1 file changed, 29 insertions(+), 5 deletions(-) (limited to 'TODO.org') diff --git a/TODO.org b/TODO.org index 49c1154..d9aa4a1 100644 --- a/TODO.org +++ b/TODO.org @@ -1,4 +1,4 @@ -* DONE Email::Valid does not accept UTF-8 emails adresses (e.g., test@ƛ.net). +* DONE Email::Valid does not accept UTF-8 emails adresses (e.g., peace@☮.net). LDAP doesn't allow UTF-8 in the DNs anyway, so maybe convert the domains/emails to Punycode internally? @@ -17,6 +17,7 @@ Actually Postfix checks it and warns the administrator with a in the logs. So it's fine to do a partial check here. * TODO Write a script to check every runmode against the W3 validator. +(Cf. cgiapp_postrun); * DONE Use FastCGI. References - http://www.cgi-app.org/index.cgi?FastCGI @@ -24,10 +25,33 @@ in the logs. So it's fine to do a partial check here. * TODO Use HTML::Template::Pro. Not sure it's really worth it, though. -* TODO Forbid `/' and `\0' to appear in the domain/user name. +* DONE Escape reserved characters in URLs: +http://mark.stosberg.com/blog/2010/12/percent-encoding-uris-in-perl.html -* TODO How should we encode the URL for internationalized domain names? Punicode vs. unicode vs. HTML entities? -(Right now it's HTML entities.) +* CANCELED How should we encode the URL for internationalized domain names? Punicode vs. unicode vs. HTML entities? +CLOSED: [2012-09-27 Thu 00:03] +- CLOSING NOTE [2012-09-27 Thu 00:03] \\ +It's up to the browser (Firefox support unicode in URLs). -* TODO Forbid UTF8 in the domain part of lists? (Test if the list +* CANCELED Forbid UTF8 in the domain part of lists? (Test if the list managers support it at least.) +CLOSED: [2012-09-27 Thu 03:38] +- CLOSING NOTE [2012-09-27 Thu 03:38] \\ +Mailman and Schleuder do not support IDNs, but we convert the list name +into punicode first. + +* TODO Give the right for domain owners and postmaster to grant the right +to create aliases and lists. + +* TODO Give the right to appoint co owners (for list and aliases). + +* TODO Make every service use Kerberos, and remove the passphrase on +their private keys. + +* TODO Check list names against mailman's and schleuder's regexps? + +* TODO What to do when a list creation fails? Set up a new service +to clean out the pending lists and domains if they have not been fixed +within 24h (daemon). + +* TODO Automatically generated passwords. -- cgit v1.2.3