mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-11-27 13:55:26 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Fixed #29528 -- Made URLValidator reject invalid characters in the username and password.

Browse source
This commit is contained in:
Tim Bell 2018-07-24 00:30:01 +10:00 committed by Tim Graham
parent 5a017eef4c
commit cdcf4164be
3 changed files with 8 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

2
django/core/validators.py
View file

@ -94,7 +94,7 @@ class URLValidator(RegexValidator):
regex = _lazy_re_compile(
r'^(?:[a-z0-9\.\-\+]*)://' # scheme is validated separately
r'(?:\S+(?::\S*)?@)?' # user:pass authentication
r'(?:[^\s:@/]+(?::[^\s:@/]*)?@)?' # user:pass authentication
r'(?:' + ipv4_re + '|' + ipv6_re + '|' + host_re + ')'
r'(?::\d{2,5})?' # port
r'(?:[/?#][^\s]*)?' # resource path