symfony
diff --git a/‎src/Symfony/Component/Validator/CHANGELOG.md
Copy file name to clipboardExpand all lines: src/Symfony/Component/Validator/CHANGELOG.md
+2-1Lines changed: 2 additions & 1 deletion b/‎src/Symfony/Component/Validator/CHANGELOG.md
Copy file name to clipboardExpand all lines: src/Symfony/Component/Validator/CHANGELOG.md
+2-1Lines changed: 2 additions & 1 deletion
diff --git a/‎src/Symfony/Component/Validator/Constraints/Url.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Validator/Constraints/Url.php
+1Lines changed: 1 addition & 0 deletions b/‎src/Symfony/Component/Validator/Constraints/Url.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Validator/Constraints/Url.php
+1Lines changed: 1 addition & 0 deletions
diff --git a/‎src/Symfony/Component/Validator/Constraints/UrlValidator.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Validator/Constraints/UrlValidator.php
+6-1Lines changed: 6 additions & 1 deletion b/‎src/Symfony/Component/Validator/Constraints/UrlValidator.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Validator/Constraints/UrlValidator.php
+6-1Lines changed: 6 additions & 1 deletion
diff --git a/‎src/Symfony/Component/Validator/Tests/Constraints/UrlValidatorTest.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Validator/Tests/Constraints/UrlValidatorTest.php
+15Lines changed: 15 additions & 0 deletions b/‎src/Symfony/Component/Validator/Tests/Constraints/UrlValidatorTest.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Validator/Tests/Constraints/UrlValidatorTest.php
+15Lines changed: 15 additions & 0 deletions
@@ -9,7 +9,8 @@ CHANGELOG
  * added option `allowNull` to NotBlank constraint
  * added `Json` constraint
  * added `Unique` constraint
- 
+ * Added the `allowBrackets` option to the `Url` constraint to allow brackets in the optional query string.
+
 4.2.0
 -----
 
 
@@ -94,6 +94,7 @@ class Url extends Constraint
 
     public $message = 'This value is not a valid URL.';
 
+    public $allowBrackets = false;
     /**
      * @deprecated since Symfony 4.1
      */
 
@@ -62,7 +62,12 @@ public function validate($value, Constraint $constraint)
             return;
         }
 
-        $pattern = $constraint->relativeProtocol ? str_replace('(%s):', '(?:(%s):)?', static::PATTERN) : static::PATTERN;
+        $pattern = static::PATTERN;
+        if ($constraint->allowBrackets) {
+            $pattern = str_replace('(?:\? (?:[\pL\pN\-._\~!$&\'()*+,;=:@/?]|%%[0-9A-Fa-f]{2})* )?', '(?:\? (?:[\pL\pN\-._\~!$&\'\[\]()*+,;=:@/?]|%%[0-9A-Fa-f]{2})* )?', $pattern);
+        }
+
+        $pattern = $constraint->relativeProtocol ? str_replace('(%s):', '(?:(%s):)?', $pattern) : $pattern;
         $pattern = sprintf($pattern, implode('|', $constraint->protocols));
 
         if (!preg_match($pattern, $value)) {
 
@@ -171,6 +171,19 @@ public function testInvalidUrls($url)
             ->assertRaised();
     }
 
+    public function testUrlWithAllowedExtraChars()
+    {
+        $constraint = new Url([
+            'message' => 'myMessage',
+            'allowBrackets' => true,
+        ]);
+
+        $url = 'http://example.com/exploit.html?test[0]=symfony';
+        $this->validator->validate($url, $constraint);
+
+        $this->assertNoViolation();
+    }
+
     /**
      * @dataProvider getInvalidRelativeUrls
      * @dataProvider getInvalidUrls
@@ -206,6 +219,7 @@ public function getInvalidRelativeUrls()
             ['//usern@me:password@symfony.com'],
             ['//example.com/exploit.html?<script>alert(1);</script>'],
             ['//example.com/exploit.html?hel lo'],
+            ['//example.com/exploit.html?test[0]=symfony'],
             ['//example.com/exploit.html?not_a%hex'],
             ['//'],
         ];
@@ -233,6 +247,7 @@ public function getInvalidUrls()
             ['http://usern@me:password@symfony.com'],
             ['http://example.com/exploit.html?<script>alert(1);</script>'],
             ['http://example.com/exploit.html?hel lo'],
+            ['http://example.com/exploit.html?test[0]=symfony'],
             ['http://example.com/exploit.html?not_a%hex'],
             ['http://'],
         ];