Skip to content

Commit 5d928d0

Browse files
committed
Merge branch '6.4' into 7.1
* 6.4: [FrameworkBundle] Add missing `not-compromised-password` entry in XSD [AssetMapper] Fix CssCompiler matches url in comments Add support for doctrine/persistence 4 Ensure TransportExceptionInterface populates stream debug data Fix typo in validators.sk.xlf [Mime] Fix body validity check in `Email` when using `Message::setBody()` Review Arabic translations for the validator Fixed mistakes in proper hebrew writing in the previous translation and confirmed the rest to be correct and in the same style. Review translation [Cache] Don't clear system caches on cache:clear [FrameworkBundle] Fix patching refs to the tmp warmup dir in files generated by optional cache warmers Mark Czech Validator translation as reviewed [PropertyInfo] Fix `TypeTest` duplicated assert [HtmlSanitizer] Avoid accessing non existent array key when checking for hosts validity Update validators.ar.xlf [DomCrawler] Make `ChoiceFormField::isDisabled` return `true` for unchecked disabled checkboxes
2 parents 9695906 + 28e9fb1 commit 5d928d0

File tree

2 files changed

+10
-1
lines changed

2 files changed

+10
-1
lines changed

Tests/TextSanitizer/UrlSanitizerTest.php

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -274,6 +274,15 @@ public static function provideSanitize(): iterable
274274
'expected' => null,
275275
];
276276

277+
yield [
278+
'input' => 'https://trusted.com/link.php',
279+
'allowedSchemes' => ['http', 'https'],
280+
'allowedHosts' => ['subdomain.trusted.com', 'trusted.com'],
281+
'forceHttps' => false,
282+
'allowRelative' => false,
283+
'expected' => 'https://trusted.com/link.php',
284+
];
285+
277286
// Allow relative
278287
yield [
279288
'input' => '/link.php',

TextSanitizer/UrlSanitizer.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -132,7 +132,7 @@ private static function matchAllowedHostParts(array $uriParts, array $trustedPar
132132
{
133133
// Check each chunk of the domain is valid
134134
foreach ($trustedParts as $key => $trustedPart) {
135-
if ($uriParts[$key] !== $trustedPart) {
135+
if (!array_key_exists($key, $uriParts) || $uriParts[$key] !== $trustedPart) {
136136
return false;
137137
}
138138
}

0 commit comments

Comments
 (0)