Permalink
Browse files

Exclude domain names starting with `-`

Related to 479aefc

Refs #3414
  • Loading branch information...
markstory committed Apr 30, 2013
1 parent ac94d11 commit 2b0e10eebb0783c6a85afd5516919633065114e2
Showing with 5 additions and 5 deletions.
  1. +1 −0 lib/Cake/Test/Case/Utility/ValidationTest.php
  2. +4 −5 lib/Cake/Utility/Validation.php
@@ -1856,6 +1856,7 @@ public function testUrl() {
$this->assertFalse(Validation::url('http://_jabber._tcp.g_mail.com'));
$this->assertFalse(Validation::url('http://en.(wikipedia).org/'));
$this->assertFalse(Validation::url('http://www.domain.com/fakeenco%ode'));
+ $this->assertFalse(Validation::url('--.example.com'));
$this->assertFalse(Validation::url('www.cakephp.org', true));
$this->assertTrue(Validation::url('http://example.com/~userdir/subdir/index.html'));
@@ -1,7 +1,5 @@
<?php
/**
- * Validation Class. Used for validation of model data
- *
* PHP Version 5.x
*
* CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
@@ -13,24 +11,25 @@
*
* @copyright Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
* @link http://cakephp.org CakePHP(tm) Project
- * @package Cake.Utility
* @since CakePHP(tm) v 1.2.0.3830
* @license MIT License (http://www.opensource.org/licenses/mit-license.php)
*/
App::uses('Multibyte', 'I18n');
App::uses('File', 'Utility');
App::uses('CakeNumber', 'Utility');
+
// Load multibyte if the extension is missing.
if (!function_exists('mb_strlen')) {
class_exists('Multibyte');
}
/**
+ * Validation Class. Used for validation of model data
+ *
* Offers different validation methods.
*
* @package Cake.Utility
- * @since CakePHP v 1.2.0.3830
*/
class Validation {
@@ -40,7 +39,7 @@ class Validation {
* @var array
*/
protected static $_pattern = array(
- 'hostname' => '(?:[-_a-z0-9][-_a-z0-9]*\.)*(?:[a-z0-9][-a-z0-9]{0,62})\.(?:(?:[a-z]{2}\.)?[a-z]{2,})'
+ 'hostname' => '(?:[_a-z0-9][-_a-z0-9]*\.)*(?:[a-z0-9][-a-z0-9]{0,62})\.(?:(?:[a-z]{2}\.)?[a-z]{2,})'
);
/**

1 comment on commit 2b0e10e

@spiliot

This comment has been minimized.

Show comment Hide comment
@spiliot

spiliot Apr 30, 2013

Contributor

Now '--.example.com' is fixed but '_-' or '__.example.com' are still allowed. You need to make it [a-z] as numbers can't be in the first position of a (sub)domain either.

Contributor

spiliot commented on 2b0e10e Apr 30, 2013

Now '--.example.com' is fixed but '_-' or '__.example.com' are still allowed. You need to make it [a-z] as numbers can't be in the first position of a (sub)domain either.

Please sign in to comment.