Re: [RFC] imap-send: escape backslash in password
- Date: Fri, 4 Aug 2017 16:22:55 -0400
- From: Jeff King <peff@xxxxxxxx>
- Subject: Re: [RFC] imap-send: escape backslash in password
On Fri, Aug 04, 2017 at 09:46:49PM +0200, Andreas Schwab wrote:
> > For example, FRC3501 "9. Formal Syntax" says that both "password"
> > and "userid" are "astring"; it looks strange that the code with this
> > patch only touches cred.password while sending cred.username as-is.
> astring = ... / string
> string = quoted / ...
> quoted = DQUOTE *QUOTED-CHAR DQUOTE
> QUOTED-CHAR = <any TEXT-CHAR except quoted-specials> /
> "\" quoted-specials
> quoted-specials = DQUOTE / "\"
> Thus the quoting applies to any element that is a string (and a double
> quote needs to be quoted as well).
It's been a long time since I've done anything with IMAP, but I think
another alternative would be to send it as a "literal", like:
That's relatively easy to format correctly using the current printf
specifiers that imap_exec() takes. Though as I said elsewhere in the
thread, perhaps imap_exec() should provide a different interface.
I also think it might be reasonable to scrap all of this ad-hoc imap
code in favor of curl, which already gets these cases right. We already
have a curl-backed implementation. I think we just left the old code out
of conservatism. But it seems somewhat buggy and unmaintained, and I
wonder if we aren't better off to simply encourage people to install