[Validator] fix URL validator to detect non supported chars according to RFC 3986
This commit is contained in:
parent
2240ecfa14
commit
3599c476bf
@ -34,7 +34,9 @@ class UrlValidator extends ConstraintValidator
|
|||||||
\] # an IPv6 address
|
\] # an IPv6 address
|
||||||
)
|
)
|
||||||
(:[0-9]+)? # a port (optional)
|
(:[0-9]+)? # a port (optional)
|
||||||
(/?|/\S+|\?\S*|\#\S*) # a /, nothing, a / with something, a query or a fragment
|
(?:/ (?:[\pL\pN\-._\~!$&\'()*+,;=:@]|%%[0-9A-Fa-f]{2})* )* # a path
|
||||||
|
(?:\? (?:[\pL\pN\-._\~!$&\'()*+,;=:@/?]|%%[0-9A-Fa-f]{2})* )? # a query (optional)
|
||||||
|
(?:\# (?:[\pL\pN\-._\~!$&\'()*+,;=:@/?]|%%[0-9A-Fa-f]{2})* )? # a fragment (optional)
|
||||||
$~ixu';
|
$~ixu';
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -128,6 +128,7 @@ class UrlValidatorTest extends AbstractConstraintValidatorTest
|
|||||||
array('http://symfony.com#'),
|
array('http://symfony.com#'),
|
||||||
array('http://symfony.com#fragment'),
|
array('http://symfony.com#fragment'),
|
||||||
array('http://symfony.com/#fragment'),
|
array('http://symfony.com/#fragment'),
|
||||||
|
array('http://symfony.com/#one_more%20test'),
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -167,6 +168,9 @@ class UrlValidatorTest extends AbstractConstraintValidatorTest
|
|||||||
array('http://:password@@symfony.com'),
|
array('http://:password@@symfony.com'),
|
||||||
array('http://username:passwordsymfony.com'),
|
array('http://username:passwordsymfony.com'),
|
||||||
array('http://usern@me:password@symfony.com'),
|
array('http://usern@me:password@symfony.com'),
|
||||||
|
array('http://example.com/exploit.html?<script>alert(1);</script>'),
|
||||||
|
array('http://example.com/exploit.html?hel lo'),
|
||||||
|
array('http://example.com/exploit.html?not_a%hex'),
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Reference in New Issue
Block a user