From e5d57dd0500e6dc9f313deeb97fc1fbc4a9be052 Mon Sep 17 00:00:00 2001 From: Richard Quadling Date: Tue, 17 Oct 2017 12:58:41 +0100 Subject: [PATCH] Username and password in basic auth are allowed to contain '.' Initially reported by Fede Isas in https://github.com/beberlei/assert/pull/234 --- src/Symfony/Component/Validator/Constraints/UrlValidator.php | 2 +- .../Component/Validator/Tests/Constraints/UrlValidatorTest.php | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/src/Symfony/Component/Validator/Constraints/UrlValidator.php b/src/Symfony/Component/Validator/Constraints/UrlValidator.php index 1ba47ffd1d91b..40ac709fe843a 100644 --- a/src/Symfony/Component/Validator/Constraints/UrlValidator.php +++ b/src/Symfony/Component/Validator/Constraints/UrlValidator.php @@ -24,7 +24,7 @@ class UrlValidator extends ConstraintValidator { const PATTERN = '~^ (%s):// # protocol - (([\pL\pN-]+:)?([\pL\pN-]+)@)? # basic auth + (([\.\pL\pN-]+:)?([\.\pL\pN-]+)@)? # basic auth ( ([\pL\pN\pS-\.])+(\.?([\pL]|xn\-\-[\pL\pN-]+)+\.?) # a domain name | # or diff --git a/src/Symfony/Component/Validator/Tests/Constraints/UrlValidatorTest.php b/src/Symfony/Component/Validator/Tests/Constraints/UrlValidatorTest.php index 5406b354ce065..c921fce933137 100644 --- a/src/Symfony/Component/Validator/Tests/Constraints/UrlValidatorTest.php +++ b/src/Symfony/Component/Validator/Tests/Constraints/UrlValidatorTest.php @@ -103,6 +103,9 @@ public function getValidUrls() array('http://xn--d1abbgf6aiiy.xn--p1ai/'), array('http://☎.com/'), array('http://username:password@symfony.com'), + array('http://user.name:password@symfony.com'), + array('http://username:pass.word@symfony.com'), + array('http://user.name:pass.word@symfony.com'), array('http://user-name@symfony.com'), ); } pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy