bug #24589 Username and password in basic auth are allowed to contain '.' (Richard Quadling)
This PR was merged into the 2.7 branch.
Discussion
----------
Username and password in basic auth are allowed to contain '.'
Initially reported by Fede Isas in https://github.com/beberlei/assert/pull/234
| Q | A
| ------------- | ---
| Branch? | 2.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Commits
-------
e5d57dd050
Username and password in basic auth are allowed to contain '.'
This commit is contained in:
commit
2fc9b57f65
|
@ -23,7 +23,7 @@ class UrlValidator extends ConstraintValidator
|
|||
{
|
||||
const PATTERN = '~^
|
||||
(%s):// # protocol
|
||||
(([\pL\pN-]+:)?([\pL\pN-]+)@)? # basic auth
|
||||
(([\.\pL\pN-]+:)?([\.\pL\pN-]+)@)? # basic auth
|
||||
(
|
||||
([\pL\pN\pS-\.])+(\.?([\pL\pN]|xn\-\-[\pL\pN-]+)+\.?) # a domain name
|
||||
| # or
|
||||
|
|
|
@ -121,6 +121,9 @@ class UrlValidatorTest extends AbstractConstraintValidatorTest
|
|||
array('http://xn--d1abbgf6aiiy.xn--p1ai/'),
|
||||
array('http://☎.com/'),
|
||||
array('http://username:password@symfony.com'),
|
||||
array('http://user.name:password@symfony.com'),
|
||||
array('http://username:pass.word@symfony.com'),
|
||||
array('http://user.name:pass.word@symfony.com'),
|
||||
array('http://user-name@symfony.com'),
|
||||
array('http://symfony.com?'),
|
||||
array('http://symfony.com?query=1'),
|
||||
|
|
Reference in New Issue