1
0
mirror of https://github.com/django/django.git synced 2024-12-23 01:25:58 +00:00

Fixed #29528 -- Made URLValidator reject invalid characters in the username and password.

This commit is contained in:
Tim Bell 2018-07-24 00:30:01 +10:00 committed by Tim Graham
parent 5a017eef4c
commit cdcf4164be
3 changed files with 8 additions and 2 deletions

View File

@ -94,7 +94,7 @@ class URLValidator(RegexValidator):
regex = _lazy_re_compile( regex = _lazy_re_compile(
r'^(?:[a-z0-9\.\-\+]*)://' # scheme is validated separately r'^(?:[a-z0-9\.\-\+]*)://' # scheme is validated separately
r'(?:\S+(?::\S*)?@)?' # user:pass authentication r'(?:[^\s:@/]+(?::[^\s:@/]*)?@)?' # user:pass authentication
r'(?:' + ipv4_re + '|' + ipv6_re + '|' + host_re + ')' r'(?:' + ipv4_re + '|' + ipv6_re + '|' + host_re + ')'
r'(?::\d{2,5})?' # port r'(?::\d{2,5})?' # port
r'(?:[/?#][^\s]*)?' # resource path r'(?:[/?#][^\s]*)?' # resource path

View File

@ -57,3 +57,9 @@ http://example.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.
http://example.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa http://example.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
http://aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.aaaaaaaaaaaaaaaaaaaaaaaaaaaaa.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.aaaaaaaaaaaaaaaaaaaaaaaaa http://aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.aaaaaaaaaaaaaaaaaaaaaaaaaaaaa.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.aaaaaaaaaaaaaaaaaaaaaaaaa
https://test.[com https://test.[com
http://foo@bar@example.com
http://foo/bar@example.com
http://foo:bar:baz@example.com
http://foo:bar@baz@example.com
http://foo:bar/baz@example.com
http://invalid-.com/?m=foo@example.com

View File

@ -48,7 +48,7 @@ http://foo.bar/?q=Test%20URL-encoded%20stuff
http://مثال.إختبار http://مثال.إختبار
http://例子.测试 http://例子.测试
http://उदाहरण.परीक्षा http://उदाहरण.परीक्षा
http://-.~_!$&'()*+,;=:%40:80%2f::::::@example.com http://-.~_!$&'()*+,;=%40:80%2f@example.com
http://xn--7sbb4ac0ad0be6cf.xn--p1ai http://xn--7sbb4ac0ad0be6cf.xn--p1ai
http://1337.net http://1337.net
http://a.b-c.de http://a.b-c.de