首頁 探索 說明
註冊 登入
github
/
spring-security
镜像来自 https://github.com/spring-projects/spring-security
2
0
複刻 0
Files 問題管理 0 Wiki
瀏覽代碼

SEC-1802: Add digits to valid URL scheme regex.

Luke Taylor 14 年之前
父節點
2fd0a65049
當前提交
f1e63f3008
共有 2 個文件被更改,包括 2 次插入1 次删除
分割檢視 顯示文件統計
  1. 1 1
      web/src/main/java/org/springframework/security/web/util/UrlUtils.java
  2. 1 0
      web/src/test/java/org/springframework/security/web/util/UrlUtilsTests.java

+ 1 - 1
web/src/main/java/org/springframework/security/web/util/UrlUtils.java
查看文件 

@@ -129,7 +129,7 @@ public final class UrlUtils {
 
      * Decides if a URL is absolute based on whether it contains a valid scheme name, as defined in RFC 1738.
 
      */
 
     public static boolean isAbsoluteUrl(String url) {
 
-        final Pattern ABSOLUTE_URL = Pattern.compile("\\A[a-z.+-]+://.*", Pattern.CASE_INSENSITIVE);
 
+        final Pattern ABSOLUTE_URL = Pattern.compile("\\A[a-z0-9.+-]+://.*", Pattern.CASE_INSENSITIVE);
 
 
         return ABSOLUTE_URL.matcher(url).matches();
 
     }

+ 1 - 0
web/src/test/java/org/springframework/security/web/util/UrlUtilsTests.java
查看文件 

@@ -13,6 +13,7 @@ public class UrlUtilsTests {
 
     @Test
 
     public void absoluteUrlsAreMatchedAsAbsolute() throws Exception {
 
         assertTrue(UrlUtils.isAbsoluteUrl("http://something/"));
 
+        assertTrue(UrlUtils.isAbsoluteUrl("http1://something/"));
 
         assertTrue(UrlUtils.isAbsoluteUrl("HTTP://something/"));
 
         assertTrue(UrlUtils.isAbsoluteUrl("https://something/"));
 
         assertTrue(UrlUtils.isAbsoluteUrl("a://something/"));