From 99dcc59237f384d7ade98acfd1cae8d90e6d60ab Mon Sep 17 00:00:00 2001 From: Justin Thurman Date: Wed, 16 Oct 2024 09:43:02 -0400 Subject: [PATCH] Fixed #35845 -- Updated DomainNameValidator to require entire string to be a valid domain name. Bug in 4971a9afe5642569f3dcfcd3972ebb39e88dd457. Thank you to kazet for the report and Claude Paroz for the review. --- django/core/validators.py | 9 ++++++--- docs/releases/5.1.3.txt | 5 ++++- tests/validators/tests.py | 14 ++++++++++++-- 3 files changed, 22 insertions(+), 6 deletions(-) diff --git a/django/core/validators.py b/django/core/validators.py index b1c5c053b8..8732ddf7ad 100644 --- a/django/core/validators.py +++ b/django/core/validators.py @@ -101,13 +101,16 @@ class DomainNameValidator(RegexValidator): if self.accept_idna: self.regex = _lazy_re_compile( - self.hostname_re + self.domain_re + self.tld_re, re.IGNORECASE + r"^" + self.hostname_re + self.domain_re + self.tld_re + r"$", + re.IGNORECASE, ) else: self.regex = _lazy_re_compile( - self.ascii_only_hostname_re + r"^" + + self.ascii_only_hostname_re + self.ascii_only_domain_re - + self.ascii_only_tld_re, + + self.ascii_only_tld_re + + r"$", re.IGNORECASE, ) super().__init__(**kwargs) diff --git a/docs/releases/5.1.3.txt b/docs/releases/5.1.3.txt index 5541a8824a..e3c62072b5 100644 --- a/docs/releases/5.1.3.txt +++ b/docs/releases/5.1.3.txt @@ -10,4 +10,7 @@ Django 5.1.3 fixes several bugs in 5.1.2 and adds compatibility with Python Bugfixes ======== -* ... +* Fixed a bug in Django 5.1 where + :class:`~django.core.validators.DomainNameValidator` accepted any input value + that contained a valid domain name, rather than only input values that were a + valid domain name (:ticket:`35845`). diff --git a/tests/validators/tests.py b/tests/validators/tests.py index ba1db5ea46..4ae0f6413e 100644 --- a/tests/validators/tests.py +++ b/tests/validators/tests.py @@ -635,8 +635,8 @@ TEST_DATA = [ (validate_domain_name, "python-python.com", None), (validate_domain_name, "python.name.uk", None), (validate_domain_name, "python.tips", None), - (validate_domain_name, "http://例子.测试", None), - (validate_domain_name, "http://dashinpunytld.xn---c", None), + (validate_domain_name, "例子.测试", None), + (validate_domain_name, "dashinpunytld.xn---c", None), (validate_domain_name, "python..org", ValidationError), (validate_domain_name, "python-.org", ValidationError), (validate_domain_name, "too-long-name." * 20 + "com", ValidationError), @@ -652,6 +652,16 @@ TEST_DATA = [ ), (DomainNameValidator(accept_idna=False), "ıçğü.com", ValidationError), (DomainNameValidator(accept_idna=False), "not-domain-name", ValidationError), + ( + DomainNameValidator(accept_idna=False), + "not-domain-name, but-has-domain-name-suffix.com", + ValidationError, + ), + ( + DomainNameValidator(accept_idna=False), + "not-domain-name.com, but has domain prefix", + ValidationError, + ), ] # Add valid and invalid URL tests.