diff --git a/Request.php b/Request.php index 7ae19d875..5c8cd56cc 100644 --- a/Request.php +++ b/Request.php @@ -11,6 +11,7 @@ namespace Symfony\Component\HttpFoundation; +use Symfony\Component\HttpFoundation\Exception\BadRequestException; use Symfony\Component\HttpFoundation\Exception\ConflictingHeadersException; use Symfony\Component\HttpFoundation\Exception\JsonException; use Symfony\Component\HttpFoundation\Exception\SessionNotFoundException; @@ -275,6 +276,8 @@ public static function createFromGlobals(): static * @param array $files The request files ($_FILES) * @param array $server The server parameters ($_SERVER) * @param string|resource|null $content The raw body data + * + * @throws BadRequestException When the URI is invalid */ public static function create(string $uri, string $method = 'GET', array $parameters = [], array $cookies = [], array $files = [], array $server = [], $content = null): static { @@ -302,6 +305,20 @@ public static function create(string $uri, string $method = 'GET', array $parame throw new \InvalidArgumentException(\sprintf('Malformed URI "%s".', $uri)); } + if (false === $components) { + throw new BadRequestException('Invalid URI.'); + } + + if (false !== ($i = strpos($uri, '\\')) && $i < strcspn($uri, '?#')) { + throw new BadRequestException('Invalid URI: A URI cannot contain a backslash.'); + } + if (\strlen($uri) !== strcspn($uri, "\r\n\t")) { + throw new BadRequestException('Invalid URI: A URI cannot contain CR/LF/TAB characters.'); + } + if ('' !== $uri && (\ord($uri[0]) <= 32 || \ord($uri[-1]) <= 32)) { + throw new BadRequestException('Invalid URI: A URI must not start nor end with ASCII control characters or spaces.'); + } + if (isset($components['host'])) { $server['SERVER_NAME'] = $components['host']; $server['HTTP_HOST'] = $components['host']; diff --git a/Tests/RequestTest.php b/Tests/RequestTest.php index e23a88dde..dba25339d 100644 --- a/Tests/RequestTest.php +++ b/Tests/RequestTest.php @@ -12,6 +12,7 @@ namespace Symfony\Component\HttpFoundation\Tests; use PHPUnit\Framework\TestCase; +use Symfony\Component\HttpFoundation\Exception\BadRequestException; use Symfony\Component\HttpFoundation\Exception\ConflictingHeadersException; use Symfony\Component\HttpFoundation\Exception\JsonException; use Symfony\Component\HttpFoundation\Exception\SuspiciousOperationException; @@ -290,9 +291,34 @@ public function testCreateWithRequestUri() $this->assertTrue($request->isSecure()); // Fragment should not be included in the URI - $request = Request::create('http://test.com/foo#bar'); - $request->server->set('REQUEST_URI', 'http://test.com/foo#bar'); + $request = Request::create('http://test.com/foo#bar\\baz'); + $request->server->set('REQUEST_URI', 'http://test.com/foo#bar\\baz'); $this->assertEquals('http://test.com/foo', $request->getUri()); + + $request = Request::create('http://test.com/foo?bar=f\\o'); + $this->assertEquals('http://test.com/foo?bar=f%5Co', $request->getUri()); + $this->assertEquals('/foo', $request->getPathInfo()); + $this->assertEquals('bar=f%5Co', $request->getQueryString()); + } + + /** + * @testWith ["http://foo.com\\bar"] + * ["\\\\foo.com/bar"] + * ["a\rb"] + * ["a\nb"] + * ["a\tb"] + * ["\u0000foo"] + * ["foo\u0000"] + * [" foo"] + * ["foo "] + * [":"] + */ + public function testCreateWithBadRequestUri(string $uri) + { + $this->expectException(BadRequestException::class); + $this->expectExceptionMessage('Invalid URI'); + + Request::create($uri); } /** @@ -2666,13 +2692,6 @@ public function testReservedFlags() $this->assertNotSame(0b10000000, $value, \sprintf('The constant "%s" should not use the reserved value "0b10000000".', $constant)); } } - - public function testMalformedUriCreationException() - { - $this->expectException(\InvalidArgumentException::class); - $this->expectExceptionMessage('Malformed URI "/invalid-path:123".'); - Request::create('/invalid-path:123'); - } } class RequestContentProxy extends Request