RequestFactory: drops complete cookie/post when contain invalid chars (+ is faster)

dg · dg · commit e76600ed7554 · 2015-06-19T19:03:53.000+02:00
diff --git a/src/Http/RequestFactory.php b/src/Http/RequestFactory.php
@@ -81,8 +81,9 @@ public function createHttpRequest()
 		}
 
 		// path & query
+		$reChars = '#^[' . self::CHARS . ']*+\z#u';
 		$requestUrl = isset($_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI'] : '/';
-		if (!$this->binary && (!preg_match(self::CHARS, rawurldecode($requestUrl)) || preg_last_error())) {
+		if (!$this->binary && (!preg_match($reChars, rawurldecode($requestUrl)) || preg_last_error())) {
 			// TODO: invalid request
 		}
 		$requestUrl = Strings::replace($requestUrl, $this->urlFilters['url']);
@@ -108,24 +109,13 @@ public function createHttpRequest()
 		$cookies = $useFilter ? filter_input_array(INPUT_COOKIE, FILTER_UNSAFE_RAW) : (empty($_COOKIE) ? [] : $_COOKIE);
 
 		// remove invalid characters
-		$reChars = '#^[' . self::CHARS . ']*+\z#u';
 		if (!$this->binary) {
-			$list = array(& $post, & $cookies);
-			while (list($key, $val) = each($list)) {
-				foreach ($val as $k => $v) {
-					if (is_string($k) && (!preg_match($reChars, $k) || preg_last_error())) {
-						unset($list[$key][$k]);
-
-					} elseif (is_array($v)) {
-						$list[$key][$k] = $v;
-						$list[] = & $list[$key][$k];
-
-					} else {
-						$list[$key][$k] = (string) preg_replace('#[^' . self::CHARS . ']+#u', '', $v);
-					}
-				}
+			if (!preg_match($reChars, rawurldecode(http_build_query($post))) || preg_last_error()) {
+				$post = [];
+			}
+			if (!preg_match($reChars, rawurldecode(http_build_query($cookies))) || preg_last_error()) {
+				$cookies = [];
 			}
-			unset($list, $key, $val, $k, $v);
 		}
 
 
