08-25-2016, 06:38 PM
I added a test user and used the + type of email address (xyz+abc@gmail.com) which allows my xyz@gmail.com address suddenly be multiplied into as many test emails as I want. However, the resulting verification link in the verification email looks like this:
http://localhost/imok/users/verify.php?e...ode=235269
The plus sign is in there, unencoded and I get an error when I click on it - unsuccessful verification.
When I manually copy/paste the link and edit the + sign to {3bc1fe685386cc4c3ab89a3f76566d8931e181ad17f08aed9ad73b30bf28114d}2b (practically speaking url-encoding it) then it works fine:
http://localhost/imok/users/verify.php?e...ode=235269
Something dimly rings a bell in the back of my mind that + is a non-standard google extension to valid email address characters, so an argument could be made that this isn't really a bug. I'm guessing with enough persistence and creativity I could come up with another use-case using standard email address characters that do need to be url-encoded. However, for now I'll be willing to agree that this is pretty close to the edge in terms of edge conditions.
http://localhost/imok/users/verify.php?e...ode=235269
The plus sign is in there, unencoded and I get an error when I click on it - unsuccessful verification.
When I manually copy/paste the link and edit the + sign to {3bc1fe685386cc4c3ab89a3f76566d8931e181ad17f08aed9ad73b30bf28114d}2b (practically speaking url-encoding it) then it works fine:
http://localhost/imok/users/verify.php?e...ode=235269
Something dimly rings a bell in the back of my mind that + is a non-standard google extension to valid email address characters, so an argument could be made that this isn't really a bug. I'm guessing with enough persistence and creativity I could come up with another use-case using standard email address characters that do need to be url-encoded. However, for now I'll be willing to agree that this is pretty close to the edge in terms of edge conditions.
