1
0
mirror of https://github.com/django/django.git synced 2024-12-22 09:05:43 +00:00

Fixed #29528 -- Made URLValidator reject invalid characters in the username and password.

This commit is contained in:
Tim Bell 2018-07-24 00:30:01 +10:00 committed by Tim Graham
parent 5a017eef4c
commit cdcf4164be
3 changed files with 8 additions and 2 deletions

View File

@ -94,7 +94,7 @@ class URLValidator(RegexValidator):
regex = _lazy_re_compile(
r'^(?:[a-z0-9\.\-\+]*)://' # scheme is validated separately
r'(?:\S+(?::\S*)?@)?' # user:pass authentication
r'(?:[^\s:@/]+(?::[^\s:@/]*)?@)?' # user:pass authentication
r'(?:' + ipv4_re + '|' + ipv6_re + '|' + host_re + ')'
r'(?::\d{2,5})?' # port
r'(?:[/?#][^\s]*)?' # resource path

View File

@ -57,3 +57,9 @@ http://example.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.
http://example.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
http://aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.aaaaaaaaaaaaaaaaaaaaaaaaaaaaa.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.aaaaaaaaaaaaaaaaaaaaaaaaa
https://test.[com
http://foo@bar@example.com
http://foo/bar@example.com
http://foo:bar:baz@example.com
http://foo:bar@baz@example.com
http://foo:bar/baz@example.com
http://invalid-.com/?m=foo@example.com

View File

@ -48,7 +48,7 @@ http://foo.bar/?q=Test%20URL-encoded%20stuff
http://مثال.إختبار
http://例子.测试
http://उदाहरण.परीक्षा
http://-.~_!$&'()*+,;=:%40:80%2f::::::@example.com
http://-.~_!$&'()*+,;=%40:80%2f@example.com
http://xn--7sbb4ac0ad0be6cf.xn--p1ai
http://1337.net
http://a.b-c.de