[DependencyInjection][Routing][HttpClient] Reject URIs that contain i…

…nvalid characters
symfony · Nov 6, 2024 · 0782e32 · 0782e32
1 parent d304eeb
commit 0782e32
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 0 deletions.
diff --git a/RequestContext.php b/RequestContext.php
@@ -47,6 +47,13 @@ public function __construct(string $baseUrl = '', string $method = 'GET', string
 
     public static function fromUri(string $uri, string $host = 'localhost', string $scheme = 'http', int $httpPort = 80, int $httpsPort = 443): self
     {
+        if (false !== ($i = strpos($uri, '\\')) && $i < strcspn($uri, '?#')) {
+            $uri = '';
+        }
+        if ('' !== $uri && (\ord($uri[0]) <= 32 || \ord($uri[-1]) <= 32 || \strlen($uri) !== strcspn($uri, "\r\n\t"))) {
+            $uri = '';
+        }
+
         $uri = parse_url($uri);
         $scheme = $uri['scheme'] ?? $scheme;
         $host = $uri['host'] ?? $host;

diff --git a/Tests/RequestContextTest.php b/Tests/RequestContextTest.php
@@ -85,6 +85,28 @@ public function testFromUriBeingEmpty()
         $this->assertSame('/', $requestContext->getPathInfo());
     }
 
+    /**
+     * @testWith ["http://foo.com\\bar"]
+     *           ["\\\\foo.com/bar"]
+     *           ["a\rb"]
+     *           ["a\nb"]
+     *           ["a\tb"]
+     *           ["\u0000foo"]
+     *           ["foo\u0000"]
+     *           [" foo"]
+     *           ["foo "]
+     *           [":"]
+     */
+    public function testFromBadUri(string $uri)
+    {
+        $context = RequestContext::fromUri($uri);
+
+        $this->assertSame('http', $context->getScheme());
+        $this->assertSame('localhost', $context->getHost());
+        $this->assertSame('', $context->getBaseUrl());
+        $this->assertSame('/', $context->getPathInfo());
+    }
+
     public function testFromRequest()
     {
         $request = Request::create('https://test.com:444/foo?bar=baz');