From 2f6ba97fd48782e2810272927d648743dad423dc Mon Sep 17 00:00:00 2001
From: Tim van Dijen <tvdijen@gmail.com>
Date: Tue, 19 Nov 2024 20:28:06 +0100
Subject: [PATCH] Bugfix: stricter regex; disallow trailing newline

---
 library/EngineBlock/Validator/Urn.php                | 2 +-
 tests/library/EngineBlock/Test/Validator/UrnTest.php | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/library/EngineBlock/Validator/Urn.php b/library/EngineBlock/Validator/Urn.php
index d79ba5b84..7d7fb92c8 100644
--- a/library/EngineBlock/Validator/Urn.php
+++ b/library/EngineBlock/Validator/Urn.php
@@ -28,7 +28,7 @@ class EngineBlock_Validator_Urn
      * Taken from: https://stackoverflow.com/a/59048720/5494155
      */
     const REGEX = <<<'REGEX'
-/\A(?i:urn:(?!urn:)(?<nid>[a-z0-9][a-z0-9-]{1,31}):(?<nss>(?:[-a-z0-9()+,.:=@;$_!*\'&~\/]|%[0-9a-f]{2})+)(?:\?\+(?<rcomponent>.*?))?(?:\?=(?<qcomponent>.*?))?(?:#(?<fcomponent>.*?))?)\z/
+/\A(?i:urn:(?!urn:)(?<nid>[a-z0-9][a-z0-9-]{1,31}):(?<nss>(?:[-a-z0-9()+,.:=@;$_!*\'&~\/]|%[0-9a-f]{2})+)(?:\?\+(?<rcomponent>.*?))?(?:\?=(?<qcomponent>.*?))?(?:#(?<fcomponent>.*?))?)\z/D
 REGEX;
 
     public function validate(string $urn): bool
diff --git a/tests/library/EngineBlock/Test/Validator/UrnTest.php b/tests/library/EngineBlock/Test/Validator/UrnTest.php
index 42b72de5d..ce307fd4e 100644
--- a/tests/library/EngineBlock/Test/Validator/UrnTest.php
+++ b/tests/library/EngineBlock/Test/Validator/UrnTest.php
@@ -68,6 +68,7 @@ public function invalidUrnProvider()
         yield ['urn:org.openconext.licenseInfo'];
         yield ['foo:bar:baz'];
         yield ['urn:f:bar'];
+        yield ["urn:mace:dir:attribute-def:eduPersonPrincipalName\n"];
         yield [' urn:collab:person:example.org:jdoe'];
         yield ['urn:collab:person:example.org:jdoe '];
         yield ['urn:collab:person:example org:jdoe'];