Skip to content

Commit 1c598fe

Browse files
dgdg
committed
RequestFactory: rejects invalid URL [Closes #30]
1 parent 360dadc commit 1c598fe

File tree

1 file changed

+5
-5
lines changed

1 file changed

+5
-5
lines changed

src/Http/RequestFactory.php

+5-5
Original file line numberDiff line numberDiff line change
@@ -82,6 +82,9 @@ public function createHttpRequest()
8282

8383
// path & query
8484
$requestUrl = isset($_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI'] : '/';
85+
if (!$this->binary && (!preg_match(self::CHARS, rawurldecode($requestUrl)) || preg_last_error())) {
86+
// TODO: invalid request
87+
}
8588
$requestUrl = Strings::replace($requestUrl, $this->urlFilters['url']);
8689
$tmp = explode('?', $requestUrl, 2);
8790
$path = Url::unescape($tmp[0], '%/?#');
@@ -99,17 +102,15 @@ public function createHttpRequest()
99102
}
100103
$url->setScriptPath($path);
101104

102-
// GET, POST, COOKIE
105+
// POST, COOKIE
103106
$useFilter = (!in_array(ini_get('filter.default'), ['', 'unsafe_raw']) || ini_get('filter.default_flags'));
104-
105-
$query = $url->getQueryParameters();
106107
$post = $useFilter ? filter_input_array(INPUT_POST, FILTER_UNSAFE_RAW) : (empty($_POST) ? [] : $_POST);
107108
$cookies = $useFilter ? filter_input_array(INPUT_COOKIE, FILTER_UNSAFE_RAW) : (empty($_COOKIE) ? [] : $_COOKIE);
108109

109110
// remove invalid characters
110111
$reChars = '#^[' . self::CHARS . ']*+\z#u';
111112
if (!$this->binary) {
112-
$list = [& $query, & $post, & $cookies];
113+
$list = array(& $post, & $cookies);
113114
while (list($key, $val) = each($list)) {
114115
foreach ($val as $k => $v) {
115116
if (is_string($k) && (!preg_match($reChars, $k) || preg_last_error())) {
@@ -126,7 +127,6 @@ public function createHttpRequest()
126127
}
127128
unset($list, $key, $val, $k, $v);
128129
}
129-
$url->setQuery($query);
130130

131131

132132
// FILES and create FileUpload objects

0 commit comments

Comments
 (0)