Username and password in basic auth are allowed to contain '.'

Initially reported by Fede Isas in https://github.com/beberlei/assert/pull/234
2017-10-17 12:58:41 +01:00 · 2017-10-17 12:58:41 +01:00 · e5d57dd050
parent 4f9a411389
commit e5d57dd050
2 changed files with 4 additions and 1 deletions
--- a/src/Symfony/Component/Validator/Constraints/UrlValidator.php
+++ b/src/Symfony/Component/Validator/Constraints/UrlValidator.php
@ -24,7 +24,7 @@ class UrlValidator extends ConstraintValidator
 {
    const PATTERN = '~^
            (%s)://                                 # protocol
-            (([\pL\pN-]+:)?([\pL\pN-]+)@)?          # basic auth
+            (([\.\pL\pN-]+:)?([\.\pL\pN-]+)@)?      # basic auth
            (
                ([\pL\pN\pS-\.])+(\.?([\pL]|xn\-\-[\pL\pN-]+)+\.?) # a domain name
                    |                                              # or
--- a/src/Symfony/Component/Validator/Tests/Constraints/UrlValidatorTest.php
+++ b/src/Symfony/Component/Validator/Tests/Constraints/UrlValidatorTest.php
@ -103,6 +103,9 @@ class UrlValidatorTest extends AbstractConstraintValidatorTest
            array('http://xn--d1abbgf6aiiy.xn--p1ai/'),
            array('http://☎.com/'),
            array('http://username:password@symfony.com'),
+            array('http://user.name:password@symfony.com'),
+            array('http://username:pass.word@symfony.com'),
+            array('http://user.name:pass.word@symfony.com'),
            array('http://user-name@symfony.com'),
        );
    }