mirror of
https://github.com/django/django.git
synced 2024-12-23 01:25:58 +00:00
Fixed #25637 -- Added URLValidator hostname length validation.
URLValidator now validates the maximum length of a hostname and the maximum length of all labels inside the hostname.
This commit is contained in:
parent
d7a58f285b
commit
82976e5c3f
@ -83,9 +83,10 @@ class URLValidator(RegexValidator):
|
||||
ipv6_re = r'\[[0-9a-f:\.]+\]' # (simple regex, validated later)
|
||||
|
||||
# Host patterns
|
||||
hostname_re = r'[a-z' + ul + r'0-9](?:[a-z' + ul + r'0-9-]*[a-z' + ul + r'0-9])?'
|
||||
domain_re = r'(?:\.(?!-)[a-z' + ul + r'0-9-]+(?<!-))*'
|
||||
tld_re = r'\.(?:[a-z' + ul + r']{2,}|xn--[a-z0-9]+)\.?'
|
||||
hostname_re = r'[a-z' + ul + r'0-9](?:[a-z' + ul + r'0-9-]{0,61}[a-z' + ul + r'0-9])?'
|
||||
# Max length for domain name labels is 63 characters per RFC 1034 sec. 3.1
|
||||
domain_re = r'(?:\.(?!-)[a-z' + ul + r'0-9-]{1,63}(?<!-))*'
|
||||
tld_re = r'\.(?:[a-z' + ul + r']{2,63}|xn--[a-z0-9]{1,59})\.?'
|
||||
host_re = '(' + hostname_re + domain_re + tld_re + '|localhost)'
|
||||
|
||||
regex = _lazy_re_compile(
|
||||
@ -136,6 +137,13 @@ class URLValidator(RegexValidator):
|
||||
raise ValidationError(self.message, code=self.code)
|
||||
url = value
|
||||
|
||||
# The maximum length of a full host name is 253 characters per RFC 1034
|
||||
# section 3.1. It's defined to be 255 bytes or less, but this includes
|
||||
# one byte for the length of the name and one byte for the trailing dot
|
||||
# that's used to indicate absolute names in DNS.
|
||||
if len(urlsplit(value).netloc) > 253:
|
||||
raise ValidationError(self.message, code=self.code)
|
||||
|
||||
integer_validator = RegexValidator(
|
||||
_lazy_re_compile('^-?\d+\Z'),
|
||||
message=_('Enter a valid integer.'),
|
||||
|
@ -258,7 +258,9 @@ URLs
|
||||
Validators
|
||||
^^^^^^^^^^
|
||||
|
||||
* ...
|
||||
* :class:`~django.core.validators.URLValidator` now limits the length of
|
||||
domain name labels to 63 characters and the total length of domain
|
||||
names to 253 characters per :rfc:`1034`.
|
||||
|
||||
Backwards incompatible changes in 1.10
|
||||
======================================
|
||||
|
@ -50,3 +50,7 @@ http://[::1:2::3]:8080/
|
||||
http://[]
|
||||
http://[]:8080
|
||||
http://example..com/
|
||||
http://aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.example.com
|
||||
http://example.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.com
|
||||
http://example.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
|
||||
http://aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.aaaaaaaaaaaaaaaaaaaaaaaaaaaaa.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.aaaaaaaaaaaaaaaaaaaaaaaaa
|
||||
|
@ -63,3 +63,7 @@ http://0.0.0.0/
|
||||
http://255.255.255.255
|
||||
http://224.0.0.0
|
||||
http://224.1.1.1
|
||||
http://aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.example.com
|
||||
http://example.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.com
|
||||
http://example.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
|
||||
http://aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.aaaaaaaaaaaaaaaaaaaaaaaaaaa.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.aaaaaaaaaaaaaaaaaaaaaaaaaaaa
|
||||
|
Loading…
Reference in New Issue
Block a user