[Validator] allow the asterisk to be passed as a string #61826
Conversation
carsonbot
changed the title
| throw new InvalidOptionsException('The "protocols" option must be "*" when it is a string to allow any protocol.', ['protocols']); | ||
| } | ||
|
|
||
| $protocols = ['*']; |
There was a problem hiding this comment.
symfony/src/Symfony/Component/Validator/Constraints/UrlValidator.php
Lines 76 to 81 in 6e48170
Should we handle this case here instead?
There was a problem hiding this comment.
I don't think the constraint itself should generate a regex pattern to store it in its public property:
- it is a BC break compared to the existing behavior (changing the type)
- it makes it harder to reuse the metadata for other purposes (generating documentation for instance)
The constraint validator is the one that would generate a regex pattern as it needs it.
There was a problem hiding this comment.
btw, your code allows regex injection as it does not escape protocols.
There was a problem hiding this comment.
I would accept any strings and cast them to an array: if is_string => (array)
in the validator, we're missing a call to preg_quote on array items!
|
Thank you @xabbuh. |
…` option (xabbuh) This PR was merged into the 7.4 branch. Discussion ---------- [Validator] rework the usage of `'*'` for the `protocols` option following #21398, related to symfony/symfony#61826 Commits ------- 83a9025 rework the usage of '*' for the protocols option
4 participants
making #60561 easier to use