feature #30606 [Validator] allow brackets in the optional query string (Emmanuel BORGES)

fabpot · fabpot · commit 71c33c15316e · 2019-03-27T13:34:45.000+01:00
This PR was squashed before being merged into the 4.3-dev branch (closes #30606). Discussion ---------- [Validator] allow brackets in the optional query string | Q | A | ------------- | --- | Branch? | master | Bug fix? | no | New feature? | yes | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | #30603 | License | MIT | Doc PR | symfony/symfony-docs#...  Add the `allowBrackets` option from the Url constraint to allow brackets in the optional query string. Commits ------- 40dc4c8 [Validator] allow brackets in the optional query string
diff --git a/src/Symfony/Component/Validator/Constraints/UrlValidator.php b/src/Symfony/Component/Validator/Constraints/UrlValidator.php
@@ -35,9 +35,9 @@ class UrlValidator extends ConstraintValidator
                 \]  # an IPv6 address
             )
             (:[0-9]+)?                              # a port (optional)
-            (?:/ (?:[\pL\pN\-._\~!$&\'()*+,;=:@]|%%[0-9A-Fa-f]{2})* )*      # a path
-            (?:\? (?:[\pL\pN\-._\~!$&\'()*+,;=:@/?]|%%[0-9A-Fa-f]{2})* )?   # a query (optional)
-            (?:\# (?:[\pL\pN\-._\~!$&\'()*+,;=:@/?]|%%[0-9A-Fa-f]{2})* )?   # a fragment (optional)
+            (?:/ (?:[\pL\pN\-._\~!$&\'()*+,;=:@]|%%[0-9A-Fa-f]{2})* )*          # a path
+            (?:\? (?:[\pL\pN\-._\~!$&\'\[\]()*+,;=:@/?]|%%[0-9A-Fa-f]{2})* )?   # a query (optional)
+            (?:\# (?:[\pL\pN\-._\~!$&\'()*+,;=:@/?]|%%[0-9A-Fa-f]{2})* )?       # a fragment (optional)
         $~ixu';
 
     /**
diff --git a/src/Symfony/Component/Validator/Tests/Constraints/UrlValidatorTest.php b/src/Symfony/Component/Validator/Tests/Constraints/UrlValidatorTest.php
@@ -151,6 +151,7 @@ public function getValidUrls()
             ['http://symfony.com#fragment'],
             ['http://symfony.com/#fragment'],
             ['http://symfony.com/#one_more%20test'],
+            ['http://example.com/exploit.html?hello[0]=test'],
         ];
     }
 

Original file line number	Diff line number	Diff line change
`@@ -151,6 +151,7 @@ public function getValidUrls()`
`151`	`151`	`['http://symfony.com#fragment'],`
`152`	`152`	`['http://symfony.com/#fragment'],`
`153`	`153`	`['http://symfony.com/#one_more%20test'],`
	`154`	`+ ['http://example.com/exploit.html?hello[0]=test'],`
`154`	`155`	`];`
`155`	`156`	`}`
`156`	`157`