Bugfix: stricter regex; disallow trailing newline

OpenConext · Nov 19, 2024 · 2f6ba97 · 2f6ba97
1 parent 4c6d149
commit 2f6ba97
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 1 deletion.
diff --git a/library/EngineBlock/Validator/Urn.php b/library/EngineBlock/Validator/Urn.php
@@ -28,7 +28,7 @@ class EngineBlock_Validator_Urn
      * Taken from: https://stackoverflow.com/a/59048720/5494155
      */
     const REGEX = <<<'REGEX'
-/\A(?i:urn:(?!urn:)(?<nid>[a-z0-9][a-z0-9-]{1,31}):(?<nss>(?:[-a-z0-9()+,.:=@;$_!*\'&~\/]|%[0-9a-f]{2})+)(?:\?\+(?<rcomponent>.*?))?(?:\?=(?<qcomponent>.*?))?(?:#(?<fcomponent>.*?))?)\z/
+/\A(?i:urn:(?!urn:)(?<nid>[a-z0-9][a-z0-9-]{1,31}):(?<nss>(?:[-a-z0-9()+,.:=@;$_!*\'&~\/]|%[0-9a-f]{2})+)(?:\?\+(?<rcomponent>.*?))?(?:\?=(?<qcomponent>.*?))?(?:#(?<fcomponent>.*?))?)\z/D
 REGEX;
 
     public function validate(string $urn): bool

diff --git a/tests/library/EngineBlock/Test/Validator/UrnTest.php b/tests/library/EngineBlock/Test/Validator/UrnTest.php
@@ -68,6 +68,7 @@ public function invalidUrnProvider()
         yield ['urn:org.openconext.licenseInfo'];
         yield ['foo:bar:baz'];
         yield ['urn:f:bar'];
+        yield ["urn:mace:dir:attribute-def:eduPersonPrincipalName\n"];
         yield [' urn:collab:person:example.org:jdoe'];
         yield ['urn:collab:person:example.org:jdoe '];
         yield ['urn:collab:person:example org:jdoe'];