diff --git a/uri/FactoryTest.php b/uri/FactoryTest.php index 94d0eb73..a94680ea 100644 --- a/uri/FactoryTest.php +++ b/uri/FactoryTest.php @@ -703,6 +703,7 @@ public static function provideInvalidHeaderLinkValue(): iterable yield 'header value with missing semicolon' => ['html' => ' title="stylesheet"']; yield 'header value with missing parameters' => ['html' => '']; yield 'header value with missing rel parameter' => ['html' => ' title="stylesheet"']; + yield 'header value with invalid parameters' => ['html' => ' title="prev"; rel="Previous Page"']; } #[Test] diff --git a/uri/README.md b/uri/README.md index 2654eda8..7f104cbd 100644 --- a/uri/README.md +++ b/uri/README.md @@ -28,6 +28,8 @@ IPv4 conversion requires at least one of the following: otherwise an exception will be thrown when attempting to convert a host as an IPv4 address. +Parsing or generating HTML related content requires the `dom` extension. + Dependencies ------- diff --git a/uri/Uri.php b/uri/Uri.php index 5c6ecb5e..1fab79f0 100644 --- a/uri/Uri.php +++ b/uri/Uri.php @@ -759,8 +759,13 @@ public static function fromHeaderLinkValue(Stringable|string $headerValue, Strin throw new InvalidArgumentException('As per RFC8288, the URI must be defined inside two `<>` characters.'); } + $parameters = ltrim($matches['parameters']); + if (!str_starts_with($parameters, ';')) { + throw new InvalidArgumentException('The value `'.$headerValue.'` contains invalid characters.'); + } + $attributes = []; - if (false !== preg_match_all('/;\s*(?\w*)\*?="(?[^"]*)"/', $matches['parameters'], $attrMatches, PREG_SET_ORDER)) { + if (false !== preg_match_all('/;\s*(?\w*)\*?="(?[^"]*)"/', $parameters, $attrMatches, PREG_SET_ORDER)) { foreach ($attrMatches as $attrMatch) { $attributes[$attrMatch['name']] = $attrMatch['value']; }