mirror of
https://github.com/django/django.git
synced 2024-12-23 01:25:58 +00:00
Fixed #29528 -- Made URLValidator reject invalid characters in the username and password.
This commit is contained in:
parent
5a017eef4c
commit
cdcf4164be
@ -94,7 +94,7 @@ class URLValidator(RegexValidator):
|
|||||||
|
|
||||||
regex = _lazy_re_compile(
|
regex = _lazy_re_compile(
|
||||||
r'^(?:[a-z0-9\.\-\+]*)://' # scheme is validated separately
|
r'^(?:[a-z0-9\.\-\+]*)://' # scheme is validated separately
|
||||||
r'(?:\S+(?::\S*)?@)?' # user:pass authentication
|
r'(?:[^\s:@/]+(?::[^\s:@/]*)?@)?' # user:pass authentication
|
||||||
r'(?:' + ipv4_re + '|' + ipv6_re + '|' + host_re + ')'
|
r'(?:' + ipv4_re + '|' + ipv6_re + '|' + host_re + ')'
|
||||||
r'(?::\d{2,5})?' # port
|
r'(?::\d{2,5})?' # port
|
||||||
r'(?:[/?#][^\s]*)?' # resource path
|
r'(?:[/?#][^\s]*)?' # resource path
|
||||||
|
@ -57,3 +57,9 @@ http://example.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.
|
|||||||
http://example.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
|
http://example.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
|
||||||
http://aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.aaaaaaaaaaaaaaaaaaaaaaaaaaaaa.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.aaaaaaaaaaaaaaaaaaaaaaaaa
|
http://aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.aaaaaaaaaaaaaaaaaaaaaaaaaaaaa.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.aaaaaaaaaaaaaaaaaaaaaaaaa
|
||||||
https://test.[com
|
https://test.[com
|
||||||
|
http://foo@bar@example.com
|
||||||
|
http://foo/bar@example.com
|
||||||
|
http://foo:bar:baz@example.com
|
||||||
|
http://foo:bar@baz@example.com
|
||||||
|
http://foo:bar/baz@example.com
|
||||||
|
http://invalid-.com/?m=foo@example.com
|
||||||
|
@ -48,7 +48,7 @@ http://foo.bar/?q=Test%20URL-encoded%20stuff
|
|||||||
http://مثال.إختبار
|
http://مثال.إختبار
|
||||||
http://例子.测试
|
http://例子.测试
|
||||||
http://उदाहरण.परीक्षा
|
http://उदाहरण.परीक्षा
|
||||||
http://-.~_!$&'()*+,;=:%40:80%2f::::::@example.com
|
http://-.~_!$&'()*+,;=%40:80%2f@example.com
|
||||||
http://xn--7sbb4ac0ad0be6cf.xn--p1ai
|
http://xn--7sbb4ac0ad0be6cf.xn--p1ai
|
||||||
http://1337.net
|
http://1337.net
|
||||||
http://a.b-c.de
|
http://a.b-c.de
|
||||||
|
Loading…
Reference in New Issue
Block a user