10000 [Validator] support protocolless urls validation · symfony/symfony@d845406 · GitHub
[go: up one dir, main page]
Skip to content

Commit d845406

Browse files
MyDigitalLifenicolas-grekas
MyDigitalLife
authored and
nicolas-grekas
committed
[Validator] support protocolless urls validation
1 parent d7658d2 commit d845406

File tree

3 files changed

+67
-1
lines changed

3 files changed

+67
-1
lines changed

src/Symfony/Component/Validator/Constraints/Url.php

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -104,6 +104,7 @@ class Url extends Constraint
104104
* @deprecated since Symfony 4.1, to be removed in 5.0
105105
*/
106106
public $checkDNS = self::CHECK_DNS_TYPE_NONE;
107+
public $relativeProtocol = false;
107108

108109
public function __construct($options = null)
109110
{

src/Symfony/Component/Validator/Constraints/UrlValidator.php

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -61,7 +61,8 @@ public function validate($value, Constraint $constraint)
6161
return;
6262
}
6363

64-
$pattern = sprintf(static::PATTERN, implode('|', $constraint->protocols));
64+
$pattern = $constraint->relativeProtocol ? str_replace('(%s):', '(?:(%s):)?', static::PATTERN) : static::PATTERN;
65+
$pattern = sprintf($pattern, implode('|', $constraint->protocols));
6566

6667
if (!preg_match($pattern, $value)) {
6768
$this->context->buildViolation($constraint->message)

src/Symfony/Component/Validator/Tests/Constraints/UrlValidatorTest.php

Lines changed: 64 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -65,6 +65,30 @@ public function testValidUrls($url)
6565
$this->assertNoViolation();
6666
}
6767

68+
/**
69+
* @dataProvider getValidRelativeUrls
70+
* @dataProvider getValidUrls
71+
*/
72+
public function testValidRelativeUrl($url)
73+
{
74+
$constraint = new Url(array(
75+
'relativeProtocol' => true,
76+
));
77+
78+
$this->validator->validate($url, $constraint);
79+
80+
$this->assertNoViolation();
81+
}
82+
83+
public function getValidRelativeUrls()
84+
{
85+
return array(
86+
array('//google.com'),
87+
array('//symfony.fake/blog/'),
88+
array('//symfony.com/search?type=&q=url+validator'),
89+
);
90+
}
91+
6892
public function getValidUrls()
6993
{
7094
return array(
@@ -147,6 +171,46 @@ public function testInvalidUrls($url)
147171
->assertRaised();
148172
}
149173

174+
/**
175+
* @dataProvider getInvalidRelativeUrls
176+
* @dataProvider getInvalidUrls
177+
*/
178+
public function testInvalidRelativeUrl($url)
179+
{
180+
$constraint = new Url(array(
181+
'message' => 'myMessage',
182+
'relativeProtocol' => true,
183+
));
184+
185+
$this->validator->validate($url, $constraint);
186+
187+
$this->buildViolation('myMessage')
188+
->setParameter('{{ value }}', '"'.$url.'"')
189+
->setCode(Url::INVALID_URL_ERROR)
190+
->assertRaised();
191+
}
192+
193+
public function getInvalidRelativeUrls()
194+
{
195+
return array(
196+
array('/google.com'),
197+
array('//goog_le.com'),
198+
array('//google.com::aa'),
199+
array('//google.com:aa'),
200+
array('//127.0.0.1:aa/'),
201+
array('//[::1'),
202+
array('//hello.☎/'),
203+
array('//:password@symfony.com'),
204+
array('//:password@@symfony.com'),
205+
57AE array('//username:passwordsymfony.com'),
206+
array('//usern@me:password@symfony.com'),
207+
array('//example.com/exploit.html?<script>alert(1);</script>'),
208+
array('//example.com/exploit.html?hel lo'),
209+
array('//example.com/exploit.html?not_a%hex'),
210+
array('//'),
211+
);
212+
}
213+
150214
public function getInvalidUrls()
151215
{
152216
return array(

0 commit comments

Comments
 (0)
0