Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Update regular expression in URL validator #62028

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: 7.4
Choose a base branch
Loading
from
Open

Update regular expression in URL validator #62028

wants to merge 1 commit into from
+5 −1

Conversation

mjaschen
Copy link

The UrlValidator::validate() method currently fails for some valid URLs, particularly URLs containing login data with special characters.

Example failing case:

https://user-123:foo+bar-baz@example.com/path/file.txt.gz

The current regular expression only accepts a subset of allowed characters in the userinfo part of the URL, see UrlValidator.php:26.

Changes in this pull request:

  • Update the regular expression in UrlValidator::PATTERN to support all characters permitted in the userinfo part of a URL according to RFC 3986.
  • remove unneeded escaping in regular expression character class ([\_\.][_.])
  • Add new test cases covering all special characters in the userinfo part of URLs.

References:

  • RFC 3986 describing: Uniform Resource Identifier (URI) Generic Syntax
  • Appendix A, “Collected ABNF for URI”

Relevant ABNF for userinfo in URIs:

userinfo      = *( unreserved / pct-encoded / sub-delims / ":" )
unreserved    = ALPHA / DIGIT / "-" / "." / "_" / "~"
pct-encoded   = "%" HEXDIG HEXDIG
sub-delims    = "!" / "$" / "&" / "'" / "(" / ")" / "*" / "+" / "," / ";" / "="
Q A
Branch? 7.4
Bug fix? no
New feature? yes (compatibility)
Deprecations? no
Issues
License MIT

@mjaschen
Update regular expression in URL validator
d385f3e 
To achieve better compatibility with RFC 3986, the regular expression
which validates URLs now allows more characters in the userinfo part.

Add test cases; update change log.
@carsonbot carsonbot added this to the 7.4 milestone Oct 10, 2025
@carsonbot
Copy link

Hey!

I see that this is your first PR. That is great! Welcome!

Symfony has a contribution guide which I suggest you to read.

In short:

  • Always add tests
  • Keep backward compatibility (see https://symfony.com/bc).
  • Bug fixes must be submitted against the lowest maintained branch where they apply (see https://symfony.com/releases)
  • Features and deprecations must be submitted against the 7.4 branch.

Review the GitHub status checks of your pull request and try to solve the reported issues. If some tests are failing, try to see if they are failing because of this change.

When two Symfony core team members approve this change, it will be merged and you will become an official Symfony contributor!
If this PR is merged in a lower version branch, it will be merged up to all maintained branches within a few days.

I am going to sit back now and wait for the reviews.

Cheers!

Carsonbot

@carsonbot carsonbot changed the title Update regular expression in URL validator Update regular expression in URL validator Oct 10, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

Feature Status: Needs Review

Projects

None yet

Milestone

7.4

Development

Successfully merging this pull request may close these issues.

2 participants

@mjaschen @carsonbot
Morty Proxy This is a proxified and sanitized view of the page, visit original site.