Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
bug #22022 [Validator] fix URL validator to detect non supported char…
…s according to RFC 3986 (e-moe)

This PR was submitted for the 3.2 branch but it was merged into the 2.7 branch instead (closes #22022).

Discussion
----------

[Validator] fix URL validator to detect non supported chars according to RFC 3986

| Q             | A
| ------------- | ---
| Branch?       | 3.2
| Bug fix?      | yes
| New feature?  | no
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | #21961
| License       | MIT
| Doc PR        | none

Commits
-------

3599c47 [Validator] fix URL validator to detect non supported chars according to RFC 3986
  • Loading branch information
fabpot committed Mar 22, 2017
2 parents 2240ecf + 3599c47 commit 3aa7658
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 1 deletion.
4 changes: 3 additions & 1 deletion src/Symfony/Component/Validator/Constraints/UrlValidator.php
Expand Up @@ -34,7 +34,9 @@ class UrlValidator extends ConstraintValidator
\] # an IPv6 address
)
(:[0-9]+)? # a port (optional)
(/?|/\S+|\?\S*|\#\S*) # a /, nothing, a / with something, a query or a fragment
(?:/ (?:[\pL\pN\-._\~!$&\'()*+,;=:@]|%%[0-9A-Fa-f]{2})* )* # a path
(?:\? (?:[\pL\pN\-._\~!$&\'()*+,;=:@/?]|%%[0-9A-Fa-f]{2})* )? # a query (optional)
(?:\# (?:[\pL\pN\-._\~!$&\'()*+,;=:@/?]|%%[0-9A-Fa-f]{2})* )? # a fragment (optional)
$~ixu';

/**
Expand Down
Expand Up @@ -128,6 +128,7 @@ public function getValidUrls()
array('http://symfony.com#'),
array('http://symfony.com#fragment'),
array('http://symfony.com/#fragment'),
array('http://symfony.com/#one_more%20test'),
);
}

Expand Down Expand Up @@ -167,6 +168,9 @@ public function getInvalidUrls()
array('http://:password@@symfony.com'),
array('http://username:passwordsymfony.com'),
array('http://usern@me:password@symfony.com'),
array('http://example.com/exploit.html?<script>alert(1);</script>'),
array('http://example.com/exploit.html?hel lo'),
array('http://example.com/exploit.html?not_a%hex'),
);
}

Expand Down

0 comments on commit 3aa7658

Please sign in to comment.