8000 UrlValidator does not allow basic auth with encoded special characters · Issue #36285 · symfony/symfony · GitHub
[go: up one dir, main page]
Skip to content

UrlValidator does not allow basic auth with encoded special characters #36285

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
cweiske opened this issue Mar 31, 2020 · 0 comments
Closed

UrlValidator does not allow basic auth with encoded special characters #36285

cweiske opened this issue Mar 31, 2020 · 0 comments
Labels
Bug Status: Needs Review Validator

Comments

@cweiske
Copy link
Contributor
cweiske commented Mar 31, 2020

Symfony version(s) affected: 5.0.7 (all versions since #11601)

Description
Special characters in HTTP Basic Auth passwords in an URL need to be url-encoded.

Example: foo@bar becomes foo%40bar, in an URL: http://user:foo%40bar@example.org

The UrlValidator does not allow percent signs in username and password.

Possible Solution
Allow % in username and password part of UrlValidator regex.
@cweiske cweiske added the Bug label Mar 31, 2020
cweiske added a commit to mogic-le/symfony that referenced this issue Mar 31, 2020
@cweiske
Allow URL-encoded special characters in basic auth part of URLs
caa81e9 
Resolves: symfony#36285
This was referenced Mar 31, 2020
Closed
Closed
cweiske added a commit to mogic-le/framework that referenced this issue Mar 31, 2020
@cweiske
Allow URL-encoded special characters in basic auth part of URLs
17307fd 
Special characters in HTTP Basic Auth passwords in an URL need to be url-encoded.
Example: foo@bar becomes foo%40bar, in an URL: http://user:foo%40bar@example.org

The UrlValidator did not allow percent signs in username and password, and this is changed now.

Related bugreport and fix for symfony:
- symfony/symfony#36285
- symfony/symfony#36286
fabpot pushed a commit that referenced this issue Apr 4, 2020
@cweiske @fabpot
Allow URL-encoded special characters in basic auth part of URLs
8a56c50 
Resolves: #36285
fabpot added a commit that referenced this issue Apr 4, 2020
@fabpot
bug #36286 [Validator] Allow URL-encoded special characters in basic …
6254cdb 
…auth part of URLs (cweiske)

This PR was submitted for the master branch but it was merged into the 3.4 branch instead.

Discussion
----------

[Validator] Allow URL-encoded special characters in basic auth part of URLs

| Q             | A
| ------------- | ---
| Branch?       | 5.0
| Bug fix?      | yes
| New feature?  | no
| Deprecations? | no
| Tickets       | Fix #36285
| License       | MIT

Special characters in HTTP Basic Auth passwords in an URL need to be url-encoded.

Example: `foo@bar` becomes `foo%40bar`, in an URL: `http://user:foo%40bar@example.org`

The UrlValidator did not allow percent signs in username and password, and this is changed now.

Commits
-------

8a56c50 Allow URL-encoded special characters in basic auth part of URLs
@fabpot fabpot closed this as completed Apr 4, 2020
symfony-splitter pushed a commit to symfony/validator that referenced this issue Apr 4, 2020
@cweiske @fabpot
Allow URL-encoded special characters in basic auth part of URLs
adab212 
Resolves: symfony/symfony#36285
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug Status: Needs Review Validator
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[Validator] Allow URL-encoded special characters in basic auth part of URLs mogic-le/symfony
4 participants
@fabpot @cweiske @xabbuh @carsonbot
0