1
0
Fork 0

Allow Url::sanitize to escape URLs without scheme

pull/9324/head
Jordi Boggiano 2020-10-23 13:27:46 +02:00
parent 8feb83b22b
commit 8564dd8dac
No known key found for this signature in database
GPG Key ID: 7BBD42C429EC80BC
2 changed files with 12 additions and 3 deletions

View File

@ -109,12 +109,12 @@ class Url
// e.g. https://api.github.com/repositories/9999999999?access_token=github_token
$url = preg_replace('{([&?]access_token=)[^&]+}', '$1***', $url);
$url = preg_replace_callback('{://(?P<user>[^:/\s@]+):(?P<password>[^@\s/]+)@}i', function ($m) {
$url = preg_replace_callback('{(?P<prefix>://|^)(?P<user>[^:/\s@]+):(?P<password>[^@\s/]+)@}i', function ($m) {
if (preg_match('{^[a-f0-9]{12,}$}', $m['user'])) {
return '://***:***@';
return $m['prefix'].'***:***@';
}
return '://'.$m['user'].':***@';
return $m['prefix'].$m['user'].':***@';
}, $url);
return $url;

View File

@ -70,6 +70,7 @@ class UrlTest extends TestCase
public static function sanitizeProvider()
{
return array(
// with scheme
array('https://foo:***@example.org/', 'https://foo:bar@example.org/'),
array('https://foo@example.org/', 'https://foo@example.org/'),
array('https://example.org/', 'https://example.org/'),
@ -77,6 +78,14 @@ class UrlTest extends TestCase
array('https://foo:***@example.org:123/', 'https://foo:bar@example.org:123/'),
array('https://example.org/foo/bar?access_token=***', 'https://example.org/foo/bar?access_token=abcdef'),
array('https://example.org/foo/bar?foo=bar&access_token=***', 'https://example.org/foo/bar?foo=bar&access_token=abcdef'),
// without scheme
array('foo:***@example.org/', 'foo:bar@example.org/'),
array('foo@example.org/', 'foo@example.org/'),
array('example.org/', 'example.org/'),
array('***:***@example.org', '10a8f08e8d7b7b9:foo@example.org'),
array('foo:***@example.org:123/', 'foo:bar@example.org:123/'),
array('example.org/foo/bar?access_token=***', 'example.org/foo/bar?access_token=abcdef'),
array('example.org/foo/bar?foo=bar&access_token=***', 'example.org/foo/bar?foo=bar&access_token=abcdef'),
);
}
}