Invalid parsing/encoding of the URI userinfo

[weierophinney]

Some characters are not properly parsed from string, and encoded when converted to string, in the userinfo. For example, the "@" char should be represented in strings as "%40" (but passed as "@" to the Authorization header for HTTP), and userinfo containing percent-encoded chars should be decoded/encoded the right way.

It seems that the following comment about "@" in https://github.com/zendframework/zend-uri/blob/master/src/Uri.php#L297 is wrong:

                // The userInfo can also contain '@' symbols; split $authority
                // into segments, and set it to the last segment.

form my understanding of the RFC-3986:

    userinfo    = *( unreserved / pct-encoded / sub-delims / ":" )
    unreserved  = ALPHA / DIGIT / "-" / "." / "_" / "~"
    pct-encoded = "%" HEXDIG HEXDIG
    sub-delims  = "!" / "$" / "&" / "'" / "(" / ")" / "*" / "+" / "," / ";" / "="

---

Originally posted by @cricog at zendframework/zend-uri#20

[weierophinney]

This package is considered feature-complete, and is now in security-only maintenance mode, following a decision by the Technical Steering Committee.
If you have a security issue, please follow our security reporting guidelines.
If you wish to take on the role of maintainer, please nominate yourself

If you are looking for an actively maintained package alternative, we recommend:

• league/uri