Home Explore Help
Sign In
githab
/
cakephp
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Merge pull request #11211 from occitech/fix/support-kibana-urls

False positive URL validation (Test case only)
Mark Story 8 years ago
parent
6ffbfe3760 b6f439f487
commit
aeff92a1f1
2 changed files with 10 additions and 5 deletions
Split View Show Diff Stats
  1. 9 5
      src/Validation/Validation.php
  2. 1 0
      tests/TestCase/Validation/ValidationTest.php

+ 9 - 5
src/Validation/Validation.php
View File 

@@ -899,7 +899,7 @@ class Validation
 
      *   with an optional port number
 
      * - an optional valid path
 
      * - an optional query string (get parameters)
 
-     * - an optional fragment (anchor tag)
 
+     * - an optional fragment (anchor tag) as defined in RFC 3986
 
      *
 
      * @param string $check Value to check
 
      * @param bool $strict Require URL to be prefixed by a valid scheme (one of http(s)/ftp(s)/file/news/gopher)
 
@@ -908,12 +908,16 @@ class Validation
 
     public static function url($check, $strict = false)
 
     {
 
         static::_populateIp();
 
-        $validChars = '([' . preg_quote('!"$&\'()*+,-.@_:;=~[]') . '\/0-9\p{L}\p{N}]|(%[0-9a-f]{2}))';
 
+        $alpha = '0-9\p{L}\p{N}';
 
+        $hex = '(%[0-9a-f]{2})';
 
+        $subDelimiters = preg_quote('/!"$&\'()*+,-.@_:;=~[]', '/');
 
+        $path = '([' . $subDelimiters . $alpha . ']|' . $hex . ')';
 
+        $fragmentAndQuery = '([\?' . $subDelimiters . $alpha . ']|' . $hex . ')';
 
         $regex = '/^(?:(?:https?|ftps?|sftp|file|news|gopher):\/\/)' . (!empty($strict) ? '' : '?') .
 
             '(?:' . static::$_pattern['IPv4'] . '|\[' . static::$_pattern['IPv6'] . '\]|' . static::$_pattern['hostname'] . ')(?::[1-9][0-9]{0,4})?' .
 
-            '(?:\/?|\/' . $validChars . '*)?' .
 
-            '(?:\?' . $validChars . '*)?' .
 
-            '(?:#' . $validChars . '*)?$/iu';
 
+            '(?:\/' . $path . '*)?' .
 
+            '(?:\?' . $fragmentAndQuery . '*)?' .
 
+            '(?:#' . $fragmentAndQuery . '*)?$/iu';
 
 
         return static::_check($check, $regex);
 
     }

+ 1 - 0
tests/TestCase/Validation/ValidationTest.php
View File 

@@ -2138,6 +2138,7 @@ class ValidationTest extends TestCase
 
         $this->assertTrue(Validation::url('https://cakephp.org'));
 
         $this->assertTrue(Validation::url('https://www.cakephp.org/somewhere#anchor'));
 
         $this->assertTrue(Validation::url('https://192.168.0.1'));
 
+        $this->assertTrue(Validation::url('https://example.com/kibana/app/kibana#/dashboard/4422c500-8e1b?_g=()'));
 
         $this->assertTrue(Validation::url('ftps://www.cakephp.org/pub/cake'));
 
         $this->assertTrue(Validation::url('ftps://cakephp.org/pub/cake'));
 
         $this->assertTrue(Validation::url('ftps://192.168.0.1/pub/cake'));