Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Validator] Allow URL-encoded special characters in basic auth part of URLs #36286

Closed

Conversation

cweiske
Copy link
Contributor

@cweiske cweiske commented Mar 31, 2020

Q A
Branch? 5.0
Bug fix? yes
New feature? no
Deprecations? no
Tickets Fix #36285
License MIT

Special characters in HTTP Basic Auth passwords in an URL need to be url-encoded.

Example: foo@bar becomes foo%40bar, in an URL: http://user:foo%40bar@example.org

The UrlValidator did not allow percent signs in username and password, and this is changed now.

cweiske added a commit to mogic-le/framework that referenced this pull request Mar 31, 2020
Special characters in HTTP Basic Auth passwords in an URL need to be url-encoded.
Example: foo@bar becomes foo%40bar, in an URL: http://user:foo%40bar@example.org

The UrlValidator did not allow percent signs in username and password, and this is changed now.

Related bugreport and fix for symfony:
- symfony/symfony#36285
- symfony/symfony#36286
Copy link
Member

@nicolas-grekas nicolas-grekas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(for 3.4)

@nicolas-grekas nicolas-grekas added this to the 3.4 milestone Mar 31, 2020
@nicolas-grekas nicolas-grekas changed the title Allow URL-encoded special characters in basic auth part of URLs [Validator] Allow URL-encoded special characters in basic auth part of URLs Mar 31, 2020
@fabpot
Copy link
Member

fabpot commented Apr 4, 2020

Thank you @cweiske.

fabpot added a commit that referenced this pull request Apr 4, 2020
…auth part of URLs (cweiske)

This PR was submitted for the master branch but it was merged into the 3.4 branch instead.

Discussion
----------

[Validator] Allow URL-encoded special characters in basic auth part of URLs

| Q             | A
| ------------- | ---
| Branch?       | 5.0
| Bug fix?      | yes
| New feature?  | no
| Deprecations? | no
| Tickets       | Fix #36285
| License       | MIT

Special characters in HTTP Basic Auth passwords in an URL need to be url-encoded.

Example: `foo@bar` becomes `foo%40bar`, in an URL: `http://user:foo%40bar@example.org`

The UrlValidator did not allow percent signs in username and password, and this is changed now.

Commits
-------

8a56c50 Allow URL-encoded special characters in basic auth part of URLs
@fabpot fabpot closed this Apr 4, 2020
This was referenced Apr 28, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

UrlValidator does not allow basic auth with encoded special characters
6 participants