Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

Appearance settings

Commit 32e04f7

Browse filesBrowse files
[DependencyInjection][HttpClient][Routing] Reject vertical tab in URIs
1 parent 7a16efe commit 32e04f7
Copy full SHA for 32e04f7

File tree

6 files changed

+53
-33
lines changed
Filter options

6 files changed

+53
-33
lines changed

‎src/Symfony/Component/DependencyInjection/EnvVarProcessor.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/DependencyInjection/EnvVarProcessor.php
+1-1Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -313,7 +313,7 @@ public function getEnv(string $prefix, string $name, \Closure $getEnv): mixed
313313
if (('\\' !== \DIRECTORY_SEPARATOR || 'file' !== $params['scheme']) && false !== ($i = strpos($env, '\\')) && $i < strcspn($env, '?#')) {
314314
throw new RuntimeException(\sprintf('Invalid URL in env var "%s": backslashes are not allowed.', $name));
315315
}
316-
if (\ord($env[0]) <= 32 || \ord($env[-1]) <= 32 || \strlen($env) !== strcspn($env, "\r\n\t")) {
316+
if (\ord($env[0]) <= 32 || \ord($env[-1]) <= 32 || \strlen($env) !== strcspn($env, "\r\n\t\v")) {
317317
throw new RuntimeException(\sprintf('Invalid URL in env var "%s": leading/trailing ASCII control characters or whitespaces are not allowed.', $name));
318318
}
319319
$params += [

‎src/Symfony/Component/DependencyInjection/Tests/EnvVarProcessorTest.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/DependencyInjection/Tests/EnvVarProcessorTest.php
+16-10Lines changed: 16 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -997,16 +997,7 @@ public static function provideGetEnvUrlPath()
997997
}
998998

999999
/**
1000-
* @testWith ["http://foo.com\\bar"]
1001-
* ["\\\\foo.com/bar"]
1002-
* ["a\rb"]
1003-
* ["a\nb"]
1004-
* ["a\tb"]
1005-
* ["\u0000foo"]
1006-
* ["foo\u0000"]
1007-
* [" foo"]
1008-
* ["foo "]
1009-
* [":"]
1000+
* @dataProvider provideEnvBadUrl
10101001
*/
10111002
public function testGetEnvBadUrl(string $url)
10121003
{
@@ -1017,6 +1008,21 @@ public function testGetEnvBadUrl(string $url)
10171008
});
10181009
}
10191010

1011+
public static function provideEnvBadUrl(): iterable
1012+
{
1013+
yield ['http://foo.com\\bar'];
1014+
yield ['\\\\foo.com/bar'];
1015+
yield ["a\rb"];
1016+
yield ["a\nb"];
1017+
yield ["a\tb"];
1018+
yield ["a\vb"];
1019+
yield ["\u0000foo"];
1020+
yield ["foo\u0000"];
1021+
yield [" foo"];
1022+
yield ["foo "];
1023+
yield [":"];
1024+
}
1025+
10201026
/**
10211027
* @testWith ["", "string"]
10221028
* [null, ""]

‎src/Symfony/Component/HttpClient/HttpClientTrait.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpClient/HttpClientTrait.php
+1-1Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -640,7 +640,7 @@ private static function parseUrl(string $url, array $query = [], array $allowedS
640640
if (false !== ($i = strpos($url, '\\')) && $i < strcspn($url, '?#')) {
641641
throw new InvalidArgumentException(\sprintf('Malformed URL "%s": backslashes are not allowed.', $url));
642642
}
643-
if (\strlen($url) !== strcspn($url, "\r\n\t")) {
643+
if (\strlen($url) !== strcspn($url, "\r\n\t\v")) {
644644
throw new InvalidArgumentException(\sprintf('Malformed URL "%s": CR/LF/TAB characters are not allowed.', $url));
645645
}
646646
if ('' !== $url && (\ord($url[0]) <= 32 || \ord($url[-1]) <= 32)) {

‎src/Symfony/Component/HttpClient/Tests/HttpClientTraitTest.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpClient/Tests/HttpClientTraitTest.php
+16-10Lines changed: 16 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -248,16 +248,7 @@ public function testResolveBaseUrlWithoutScheme()
248248
}
249249

250250
/**
251-
* @testWith ["http://foo.com\\bar"]
252-
* ["\\\\foo.com/bar"]
253-
* ["a\rb"]
254-
* ["a\nb"]
255-
* ["a\tb"]
256-
* ["\u0000foo"]
257-
* ["foo\u0000"]
258-
* [" foo"]
259-
* ["foo "]
260-
* ["//"]
251+
* @dataProvider provideMalformedUrl
261252
*/
262253
public function testParseMalformedUrl(string $url)
263254
{
@@ -266,6 +257,21 @@ public function testParseMalformedUrl(string $url)
266257
self::parseUrl($url);
267258
}
268259

260+
public static function provideMalformedUrl(): iterable
261+
{
262+
yield ["http://foo.com\\bar"];
263+
yield ["\\\\foo.com/bar"];
264+
yield ["a\rb"];
265+
yield ["a\nb"];
266+
yield ["a\tb"];
267+
yield ["a\vb"];
268+
yield ["\u0000foo"];
269+
yield ["foo\u0000"];
270+
yield [" foo"];
271+
yield ["foo "];
272+
yield ["//"];
273+
}
274+
269275
/**
270276
* @dataProvider provideParseUrl
271277
*/

‎src/Symfony/Component/Routing/RequestContext.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/Routing/RequestContext.php
+1-1Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -50,7 +50,7 @@ public static function fromUri(string $uri, string $host = 'localhost', string $
5050
if (false !== ($i = strpos($uri, '\\')) && $i < strcspn($uri, '?#')) {
5151
$uri = '';
5252
}
53-
if ('' !== $uri && (\ord($uri[0]) <= 32 || \ord($uri[-1]) <= 32 || \strlen($uri) !== strcspn($uri, "\r\n\t"))) {
53+
if ('' !== $uri && (\ord($uri[0]) <= 32 || \ord($uri[-1]) <= 32 || \strlen($uri) !== strcspn($uri, "\r\n\t\v"))) {
5454
$uri = '';
5555
}
5656

‎src/Symfony/Component/Routing/Tests/RequestContextTest.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/Routing/Tests/RequestContextTest.php
+18-10Lines changed: 18 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -86,16 +86,7 @@ public function testFromUriBeingEmpty()
8686
}
8787

8888
/**
89-
* @testWith ["http://foo.com\\bar"]
90-
* ["\\\\foo.com/bar"]
91-
* ["a\rb"]
92-
* ["a\nb"]
93-
* ["a\tb"]
94-
* ["\u0000foo"]
95-
* ["foo\u0000"]
96-
* [" foo"]
97-
* ["foo "]
98-
* [":"]
89+
* @dataProvider provideBadUri
9990
*/
10091
public function testFromBadUri(string $uri)
10192
{
@@ -107,6 +98,23 @@ public function testFromBadUri(string $uri)
10798
$this->assertSame('/', $context->getPathInfo());
10899
}
109100

101+
public static function provideBadUri(): iterable
102+
{
103+
return [
104+
["http://foo.com\\bar"],
105+
["\\\\foo.com/bar"],
106+
["a\rb"],
107+
["a\nb"],
108+
["a\tb"],
109+
["a\vb"],
110+
["\u0000foo"],
111+
["foo\u0000"],
112+
[" foo"],
113+
["foo "],
114+
[":"],
115+
];
116+
}
117+
110118
public function testFromRequest()
111119
{
112120
$request = Request::create('https://test.com:444/foo?bar=baz');

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.