Chung Leong wrote:
Chung Leong wrote upsidedown:
header("Location: http://username:pa******@somewhere.net/page.php");
How's that not an absolute URL?
Because it does not conform to the syntax of http URLs.
RFC2396 defines the *generic* syntax of URIs; the syntax and
semantics of http URLs are defined in RFC2616, section 3.2.2 (and
formerly in RFC1738, section 3.3). There, we're given:
http_URL = "http:" "//" host [ ":" port ] [ abs_path [ "?" query ]]
RFC2616, in a previous section, delegates RFC2396 to define the
components host, port and abs_path. The relevant excerpts from
RFC2396, then, are (not in original order):
host = hostname | IPv4address
hostname = *( domainlabel "." ) toplabel [ "." ]
domainlabel = alphanum | alphanum *( alphanum | "-" ) alphanum
toplabel = alpha | alpha *( alphanum | "-" ) alphanum
IPv4address = 1*digit "." 1*digit "." 1*digit "." 1*digit
port = *digit
alphanum = alpha | digit
alpha = lowalpha | upalpha
lowalpha = "a" | "b" | "c" | "d" | "e" | "f" | "g" | "h" | "i" |
"j" | "k" | "l" | "m" | "n" | "o" | "p" | "q" | "r" |
"s" | "t" | "u" | "v" | "w" | "x" | "y" | "z"
upalpha = "A" | "B" | "C" | "D" | "E" | "F" | "G" | "H" | "I" |
"J" | "K" | "L" | "M" | "N" | "O" | "P" | "Q" | "R" |
"S" | "T" | "U" | "V" | "W" | "X" | "Y" | "Z"
digit = "0" | "1" | "2" | "3" | "4" | "5" | "6" | "7" |
"8" | "9"
The only characters allowed in the host component of an http URL,
therefore, are alphanumerics, periods and hyphens, with further
constraints on what can appear where. Although RFC2396 allows the
format user:password@hostport in URIs, it is forbidden in http URLs;
it was *expressly* prohibited by RFC1738 -- "No user name or password
is allowed." -- so relying on it being allowed would be unwise.
--
Jock