symfony
diff --git a/‎src/Symfony/Component/Validator/Constraints/Uuid.php
Lines changed: 4 additions & 0 deletions b/‎src/Symfony/Component/Validator/Constraints/Uuid.php
Lines changed: 4 additions & 0 deletions
diff --git a/‎src/Symfony/Component/Validator/Constraints/UuidValidator.php
Lines changed: 22 additions & 5 deletions b/‎src/Symfony/Component/Validator/Constraints/UuidValidator.php
Lines changed: 22 additions & 5 deletions
diff --git a/‎src/Symfony/Component/Validator/Tests/Constraints/UuidValidatorTest.php
Lines changed: 70 additions & 13 deletions b/‎src/Symfony/Component/Validator/Tests/Constraints/UuidValidatorTest.php
Lines changed: 70 additions & 13 deletions
@@ -30,6 +30,10 @@ class Uuid extends Constraint
     // Message to display when validation fails
     public $message = 'This is not a valid UUID.';
 
+    // Strict mode only allows UUIDs that meet the formal definition and formatting per RFC 4122
+    // Set this to `false` to allow legacy formats with different dash positioning or wrapping characters
+    public $strict = true;
+
     // Array of allowed versions (see version constants above)
     // All UUID versions are allowed by default
     public $versions = array(
 
@@ -26,9 +26,16 @@
 class UuidValidator extends ConstraintValidator
 {
     // Regular expression which verifies allowed characters and the proper format
-    const PATTERN = '/^[a-f0-9]{8}-[a-f0-9]{4}-[%s][a-f0-9]{3}-[89ab][a-f0-9]{3}-[a-f0-9]{12}$/i';
+    // The strict pattern matches UUIDs like this: xxxxxxxx-xxxx-Mxxx-Nxxx-xxxxxxxxxxxx
+    // Roughly speaking: x = any hexadecimal character, M = any allowed version, N = any allowed variant
+    const STRICT_PATTERN = '/^[a-f0-9]{8}-[a-f0-9]{4}-[%s][a-f0-9]{3}-[89ab][a-f0-9]{3}-[a-f0-9]{12}$/i';
+    // The loose pattern is similar, except it doesn't care about the dashes, and the whole thing can be wrapped
+    // with characters like []{} for backwards-compatibility with non-compliant UUIDs.
+    const LOOSE_PATTERN = '/^[a-f0-9]{4}(?:-?[a-f0-9]{4}){7}$/i';
+
     // Properly-formatted UUIDs contain 32 hex digits, separated by 4 dashes
-    const UUID_LENGTH = 36;
+    // We can use this to avoid performing a preg_match on strings of other sizes
+    const STRICT_UUID_LENGTH = 36;
 
     /**
      * {@inheritDoc}
@@ -45,10 +52,20 @@ public function validate($value, Constraint $constraint)
 
         $value = (string) $value;
 
-        $pattern = sprintf(static::PATTERN, implode('', $constraint->versions));
+        if ($constraint->strict) {
+            // Insert the allowed versions into the regular expression
+            $pattern = sprintf(static::STRICT_PATTERN, implode('', $constraint->versions));
+
+            if (strlen($value) !== static::STRICT_UUID_LENGTH || !preg_match($pattern, $value)) {
+                $this->context->addViolation($constraint->message, array('{{ value }}' => $value));
+            }
+        } else {
+            // Trim any wrapping characters like [] or {} used by some legacy systems
+            $value = trim($value, '[]{}');
 
-        if (strlen($value) !== static::UUID_LENGTH || !preg_match($pattern, $value)) {
-            $this->context->addViolation($constraint->message, array('{{ value }}' => $value));
+            if (!preg_match(static::LOOSE_PATTERN, $value)) {
+                $this->context->addViolation($constraint->message, array('{{ value }}' => $value));
+            }
         }
     }
 }
@@ -60,17 +60,17 @@ public function testExpectsStringCompatibleType()
     }
 
     /**
-     * @dataProvider getValidUuids
+     * @dataProvider getValidStrictUuids
      */
-    public function testValidUuids($uuid)
+    public function testValidStrictUuids($uuid)
     {
         $this->context->expects($this->never())
             ->method('addViolation');
 
         $this->validator->validate($uuid, new Uuid());
     }
 
-    public function getValidUuids()
+    public function getValidStrictUuids()
     {
         return array(
             array('216fff40-98d9-11e3-a5e2-0800200c9a66'), // Version 1 UUID in lowercase
@@ -81,9 +81,9 @@ public function getValidUuids()
     }
 
     /**
-     * @dataProvider getInvalidUuids
+     * @dataProvider getInvalidStrictUuids
      */
-    public function testInvalidUuids($uuid)
+    public function testInvalidStrictUuids($uuid)
     {
         $constraint = new Uuid(array(
             'message' => 'testMessage'
@@ -98,19 +98,22 @@ public function testInvalidUuids($uuid)
         $this->validator->validate($uuid, $constraint);
     }
 
-    public function getInvalidUuids()
+    public function getInvalidStrictUuids()
     {
         return array(
-            array('216fff40-98d9-11e3-a5e2-0800200c9a6'),   // Too few characters
-            array('216fff40-98d9-11e3-a5e2-0800200c9a666'), // Too many characters
-            array('V16fff40-98d9-11e3-a5e2-0800200c9a66'),  // Invalid character 'V'
-            array('216fff40-98d9-11e3-a5e20800-200c9a66'),  // Invalid dash position
-            array('216fff4098d911e3a5e20800200c9a66'),      // Missing dashes
+            array('216fff40-98d9-11e3-a5e2-0800200c9a6'),     // Too few characters
+            array('216fff40-98d9-11e3-a5e2-0800200c9a666'),   // Too many characters
+            array('V16fff40-98d9-11e3-a5e2-0800200c9a66'),    // Invalid character 'V'
+
+            // Non-standard UUIDs allowed by some other systems
+            array('216fff40-98d911e3-a5e20800-200c9a66'),    // Non-standard dash positions
+            array('216fff4098d911e3a5e20800200c9a66'),       // No dashes at all
+            array('{216fff40-98d9-11e3-a5e2-0800200c9a66}'), // Wrapped with curly braces
         );
     }
 
     /**
-     * @dataProvider getValidUuids
+     * @dataProvider getValidStrictUuids
      */
     public function testVersionConstraintIsValid($uuid)
     {
@@ -125,7 +128,7 @@ public function testVersionConstraintIsValid($uuid)
     }
 
     /**
-     * @dataProvider getValidUuids
+     * @dataProvider getValidStrictUuids
      */
     public function testVersionConstraintIsInvalid($uuid)
     {
@@ -138,4 +141,58 @@ public function testVersionConstraintIsInvalid($uuid)
 
         $this->validator->validate($uuid, $constraint);
     }
+
+    /**
+     * @dataProvider getValidNonStrictUuids
+     */
+    public function testValidNonStrictUuids($uuid)
+    {
+        $constraint = new Uuid(array(
+            'strict' => false
+        ));
+
+        $this->context->expects($this->never())
+            ->method('addViolation');
+
+        $this->validator->validate($uuid, $constraint);
+    }
+
+    public function getValidNonStrictUuids()
+    {
+        return array(
+            array('216fff40-98d9-11e3-a5e2-0800200c9a66'), // Version 1 UUID in lowercase
+            array('216FFF40-98D9-11E3-A5E2-0800200C9A66'), // Version 1 UUID in UPPERCASE
+            array('456daefb-5aa6-41b5-8dbc-068b05a8b201'), // Version 4 UUID in lowercase
+            array('456DAEFb-5AA6-41B5-8DBC-068B05A8B201'), // Version 4 UUID in UPPERCASE
+
+            // Non-standard UUIDs allowed by some other systems
+            array('216fff40-98d911e3-a5e20800-200c9a66'),    // Non-standard dash positions
+            array('216fff4098d911e3a5e20800200c9a66'),       // No dashes at all
+            array('{216fff40-98d9-11e3-a5e2-0800200c9a66}'), // Wrapped with curly braces
+        );
+    }
+
+    /**
+     * @dataProvider getInvalidNonStrictUuids
+     */
+    public function testInvalidNonStrictUuids($uuid)
+    {
+        $constraint = new Uuid(array(
+            'strict' => false
+        ));
+
+        $this->context->expects($this->once())
+            ->method('addViolation');
+
+        $this->validator->validate($uuid, $constraint);
+    }
+
+    public function getInvalidNonStrictUuids()
+    {
+        return array(
+            array('216fff40-98d9-11e3-a5e2-0800200c9a6'),     // Too few characters
+            array('216fff40-98d9-11e3-a5e2-0800200c9a666'),   // Too many characters
+            array('V16fff40-98d9-11e3-a5e2-0800200c9a66'),    // Invalid character 'V'
+        );
+    }
 }