8000 Allow URL-encoded special characters in basic auth part of URLs · symfony/symfony@8a56c50 · GitHub
[go: up one dir, main page]
Skip to content

Commit 8a56c50

Browse files
cweiskefabpot
cweiske
authored and
fabpot
committed
Allow URL-encoded special characters in basic auth part of URLs
Resolves: #36285
1 parent 6dbf9eb commit 8a56c50

File tree

2 files changed

+5
-1
lines changed

2 files changed

+5
-1
lines changed

src/Symfony/Component/Validator/Constraints/UrlValidator.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -23,7 +23,7 @@ class UrlValidator extends ConstraintValidator
2323
{
2424
const PATTERN = '~^
2525
(%s):// # protocol
26-
(([\_\.\pL\pN-]+:)?([\_\.\pL\pN-]+)@)? # basic auth
26+
(((?:[\_\.\pL\pN-]|%%[0-9A-Fa-f]{2})+:)?((?:[\_\.\pL\pN-]|%%[0-9A-Fa-f]{2})+)@)? # basic auth
2727
(
2828
([\pL\pN\pS\-\_\.])+(\.?([\pL\pN]|xn\-\-[\pL\pN-]+)+\.?) # a domain name
2929
| # or

src/Symfony/Component/Validator/Tests/Constraints/UrlValidatorTest.php

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -122,6 +122,8 @@ public function getValidUrls()
122122
['http://user.name:pass.word@symfony.com'],
123123
['http://user-name@symfony.com'],
124124
['http://user_name@symfony.com'],
125+
['http://u%24er:password@symfony.com'],
126+
['http://user:pa%24%24word@symfony.com'],
125127
['http://symfony.com?'],
126128
['http://symfony.com?query=1'],
127129
['http://symfony.com/?query=1'],
@@ -168,6 +170,8 @@ public function getInvalidUrls()
168170
['http://:password@@symfony.com'],
169171
['http://username:passwordsymfony.com'],
170172
['http://usern@me:password@symfony.com'],
173+
['http://nota%hex:password@symfony.com'],
174+
['http://username:nota%hex@symfony.com'],
171175
['http://example.com/exploit.html?<script>alert(1);</script>'],
172176
['http://example.com/exploit.html?hel lo'],
173177
['http://example.com/exploit.html?not_a%hex'],

0 commit comments

Comments
 (0)
0