From 66f34ff6876fa5ae4262f4a8d3f5f8bc846f6113 Mon Sep 17 00:00:00 2001
From: Tim van Dijen <tvdijen@gmail.com>
Date: Tue, 19 Nov 2024 18:46:36 +0100
Subject: [PATCH] Make regexps more strict and refuse trailing newlines

---
 src/CustomAssertionTrait.php  | 12 ++++++------
 tests/Assert/DurationTest.php |  2 ++
 tests/Assert/NCNameTest.php   |  2 ++
 tests/Assert/NMTokenTest.php  |  2 ++
 tests/Assert/NMTokensTest.php |  2 ++
 tests/Assert/QNameTest.php    |  2 ++
 6 files changed, 16 insertions(+), 6 deletions(-)

diff --git a/src/CustomAssertionTrait.php b/src/CustomAssertionTrait.php
index f8ed124..f8181f0 100644
--- a/src/CustomAssertionTrait.php
+++ b/src/CustomAssertionTrait.php
@@ -23,22 +23,22 @@
 trait CustomAssertionTrait
 {
     /** @var string */
-    private static string $nmtoken_regex = '/^[\w.:-]+$/u';
+    private static string $nmtoken_regex = '/^[\w.:-]+$/Du';
 
     /** @var string */
-    private static string $nmtokens_regex = '/^([\w.:-]+)([\s][\w.:-]+)*$/u';
+    private static string $nmtokens_regex = '/^([\w.:-]+)([\s][\w.:-]+)*$/Du';
 
     /** @var string */
-    private static string $datetime_regex = '/-?[0-9]{4}-(((0(1|3|5|7|8)|1(0|2))-(0[1-9]|(1|2)[0-9]|3[0-1]))|((0(4|6|9)|11)-(0[1-9]|(1|2)[0-9]|30))|(02-(0[1-9]|(1|2)[0-9])))T([0-1][0-9]|2[0-4]):(0[0-9]|[1-5][0-9]):(0[0-9]|[1-5][0-9])(\.[0-999])?((\+|-)([0-1][0-9]|2[0-4]):(0[0-9]|[1-5][0-9])|Z)?/i';
+    private static string $datetime_regex = '/-?[0-9]{4}-(((0(1|3|5|7|8)|1(0|2))-(0[1-9]|(1|2)[0-9]|3[0-1]))|((0(4|6|9)|11)-(0[1-9]|(1|2)[0-9]|30))|(02-(0[1-9]|(1|2)[0-9])))T([0-1][0-9]|2[0-4]):(0[0-9]|[1-5][0-9]):(0[0-9]|[1-5][0-9])(\.[0-999])?((\+|-)([0-1][0-9]|2[0-4]):(0[0-9]|[1-5][0-9])|Z)?/Di';
 
     /** @var string */
-    private static string $duration_regex = '/^([-+]?)P(?!$)(?:(?<years>\d+(?:[\.\,]\d+)?)Y)?(?:(?<months>\d+(?:[\.\,]\d+)?)M)?(?:(?<weeks>\d+(?:[\.\,]\d+)?)W)?(?:(?<days>\d+(?:[\.\,]\d+)?)D)?(T(?=\d)(?:(?<hours>\d+(?:[\.\,]\d+)?)H)?(?:(?<minutes>\d+(?:[\.\,]\d+)?)M)?(?:(?<seconds>\d+(?:[\.\,]\d+)?)S)?)?$/';
+    private static string $duration_regex = '/^([-+]?)P(?!$)(?:(?<years>\d+(?:[\.\,]\d+)?)Y)?(?:(?<months>\d+(?:[\.\,]\d+)?)M)?(?:(?<weeks>\d+(?:[\.\,]\d+)?)W)?(?:(?<days>\d+(?:[\.\,]\d+)?)D)?(T(?=\d)(?:(?<hours>\d+(?:[\.\,]\d+)?)H)?(?:(?<minutes>\d+(?:[\.\,]\d+)?)M)?(?:(?<seconds>\d+(?:[\.\,]\d+)?)S)?)?$/D';
 
     /** @var string */
-    private static string $qname_regex = '/^[a-zA-Z_][\w.-]*:[a-zA-Z_][\w.-]*$/';
+    private static string $qname_regex = '/^[a-zA-Z_][\w.-]*:[a-zA-Z_][\w.-]*$/D';
 
     /** @var string */
-    private static string $ncname_regex = '/^[a-zA-Z_][\w.-]*$/';
+    private static string $ncname_regex = '/^[a-zA-Z_][\w.-]*$/D';
 
     /** @var string */
     private static string $base64_regex = '/^(?:[a-z0-9+\/]{4})*(?:[a-z0-9+\/]{2}==|[a-z0-9+\/]{3}=)?$/i';
diff --git a/tests/Assert/DurationTest.php b/tests/Assert/DurationTest.php
index 37284c4..f624b5c 100644
--- a/tests/Assert/DurationTest.php
+++ b/tests/Assert/DurationTest.php
@@ -59,6 +59,8 @@ public static function provideDuration(): array
             [false, 'P2M1Y'],
             [false, 'P'],
             [false, 'PT15.S'],
+            // Trailing newlines are forbidden
+            [false, "P20M\n"],
         ];
     }
 }
diff --git a/tests/Assert/NCNameTest.php b/tests/Assert/NCNameTest.php
index c7c9d51..f6f68bf 100644
--- a/tests/Assert/NCNameTest.php
+++ b/tests/Assert/NCNameTest.php
@@ -46,6 +46,8 @@ public static function provideNCName(): array
             [false, 'Te*st'],
             [false, '1Test'],
             [false, 'Te:st'],
+            // Trailing newlines are forbidden
+            [false, "Test\n"],
         ];
     }
 }
diff --git a/tests/Assert/NMTokenTest.php b/tests/Assert/NMTokenTest.php
index 4fd15c9..bfd39d4 100644
--- a/tests/Assert/NMTokenTest.php
+++ b/tests/Assert/NMTokenTest.php
@@ -49,6 +49,8 @@ public static function provideNMToken(): array
             [false, 'foo bar'],
             // Commas are forbidden
             [false, 'foo,bar'],
+            // Trailing newlines are forbidden
+            [false, "foobar\n"],
         ];
     }
 }
diff --git a/tests/Assert/NMTokensTest.php b/tests/Assert/NMTokensTest.php
index 37b0f4b..845029c 100644
--- a/tests/Assert/NMTokensTest.php
+++ b/tests/Assert/NMTokensTest.php
@@ -50,6 +50,8 @@ public static function provideNMTokens(): array
             [false, 'foo "bar" baz'],
             // Commas are forbidden
             [false, 'foo,bar'],
+            // Trailing newlines are forbidden
+            [false, "foobar\n"],
         ];
     }
 }
diff --git a/tests/Assert/QNameTest.php b/tests/Assert/QNameTest.php
index 132b2ba..65d5003 100644
--- a/tests/Assert/QNameTest.php
+++ b/tests/Assert/QNameTest.php
@@ -46,6 +46,8 @@ public static function provideQName(): array
             [true, 'Test'],
             [false, '1Test'],
             [false, 'Te*st'],
+            // Trailing newlines are forbidden
+            [false, "some:Test\n"],
         ];
     }
 }