bug #22022 [Validator] fix URL validator to detect non supported chars according to RFC 3986 (e-moe)
This PR was submitted for the 3.2 branch but it was merged into the 2.7 branch instead (closes #22022).
Discussion
----------
[Validator] fix URL validator to detect non supported chars according to RFC 3986
| Q | A
| ------------- | ---
| Branch? | 3.2
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #21961
| License | MIT
| Doc PR | none
Commits
-------
3599c476bf [Validator] fix URL validator to detect non supported chars according to RFC 3986
This commit is contained in:
Fabien Potencier
commit
3aa7658399
@ -34,7 +34,9 @@ class UrlValidator extends ConstraintValidator
|
||||
\] # an IPv6 address
|
||||
)
|
||||
(:[0-9]+)? # a port (optional)
|
||||
(/?|/\S+|\?\S*|\#\S*) # a /, nothing, a / with something, a query or a fragment
|
||||
(?:/ (?:[\pL\pN\-._\~!$&\'()*+,;=:@]|%%[0-9A-Fa-f]{2})* )* # a path
|
||||
(?:\? (?:[\pL\pN\-._\~!$&\'()*+,;=:@/?]|%%[0-9A-Fa-f]{2})* )? # a query (optional)
|
||||
(?:\# (?:[\pL\pN\-._\~!$&\'()*+,;=:@/?]|%%[0-9A-Fa-f]{2})* )? # a fragment (optional)
|
||||
$~ixu';
|
||||
|
||||
/**
|
||||
|
||||
@ -128,6 +128,7 @@ class UrlValidatorTest extends AbstractConstraintValidatorTest
|
||||
array('http://symfony.com#'),
|
||||
array('http://symfony.com#fragment'),
|
||||
array('http://symfony.com/#fragment'),
|
||||
array('http://symfony.com/#one_more%20test'),
|
||||
);
|
||||
}
|
||||
|
||||
@ -167,6 +168,9 @@ class UrlValidatorTest extends AbstractConstraintValidatorTest
|
||||
array('http://:password@@symfony.com'),
|
||||
array('http://username:passwordsymfony.com'),
|
||||
array('http://usern@me:password@symfony.com'),
|
||||
array('http://example.com/exploit.html?<script>alert(1);</script>'),
|
||||
array('http://example.com/exploit.html?hel lo'),
|
||||
array('http://example.com/exploit.html?not_a%hex'),
|
||||
);
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user