Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[7.x] Allow URL-encoded special characters in basic auth part of URLs #32181

Closed
wants to merge 1 commit into from
Closed

[7.x] Allow URL-encoded special characters in basic auth part of URLs #32181

wants to merge 1 commit into from

Conversation

cweiske
Copy link

@cweiske cweiske commented Mar 31, 2020

Special characters in HTTP Basic Auth passwords in an URL need to be url-encoded.
Example: foo@bar becomes foo%40bar, in an URL: http://user:foo%40bar@example.org

The UrlValidator did not allow percent signs in username and password, and this is changed now.

Related bugreport and fix for symfony:

@cweiske
Allow URL-encoded special characters in basic auth part of URLs
17307fd 
Special characters in HTTP Basic Auth passwords in an URL need to be url-encoded.
Example: foo@bar becomes foo%40bar, in an URL: http://user:foo%40bar@example.org

The UrlValidator did not allow percent signs in username and password, and this is changed now.

Related bugreport and fix for symfony:
- symfony/symfony#36285
- symfony/symfony#36286
@cweiske cweiske force-pushed the urlvalidator-special-characters branch from 54bd257 to 17307fd Compare March 31, 2020 11:40
@cweiske cweiske changed the title Allow URL-encoded special characters in basic auth part of URLs [7.x] Allow URL-encoded special characters in basic auth part of URLs Mar 31, 2020
@taylorotwell
Copy link
Member

We will wait to see what Symfony does. For now you could urldecode the value being sending it to the validator.

@cweiske
Copy link
Author

cweiske commented Mar 31, 2020

urldecoding does not help, because that decodes the special characters in the password, which could be an @, which breaks validation because http://user:foo@bar@example.org is invalid.

@cweiske
Copy link
Author

cweiske commented Apr 28, 2020

Symfony merged the patch and today released 3 versions that contain the patch:

@driesvints
Copy link
Member

I'll re-open this so Taylor can have another look.

@driesvints driesvints reopened this Apr 30, 2020
@driesvints
Copy link
Member

Loosk like there are some merge conflicts by now. @cweiske can you send in a new pr?

@driesvints driesvints closed this Apr 30, 2020
@driesvints
Copy link
Member

Best that you send this to 6.x

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@cweiske @taylorotwell @driesvints