Skip to content

Work around parse_url() bug (bis) #58836

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Nov 13, 2024
Merged

Work around parse_url() bug (bis) #58836

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions src/Symfony/Component/DomCrawler/Tests/UriResolverTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -87,6 +87,8 @@ public static function provideResolverTests()

['http://', 'http://localhost', 'http://'],
['/foo:123', 'http://localhost', 'http://localhost/foo:123'],
['foo:123', 'http://localhost/', 'foo:123'],
['foo/bar:1/baz', 'http://localhost/', 'http://localhost/foo/bar:1/baz'],
];
}
}
6 changes: 1 addition & 5 deletions src/Symfony/Component/DomCrawler/UriResolver.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,12 +32,8 @@ public static function resolve(string $uri, ?string $baseUri): string
{
$uri = trim($uri);

if (false === ($scheme = parse_url($uri, \PHP_URL_SCHEME)) && '/' === ($uri[0] ?? '')) {
$scheme = parse_url($uri.'#', \PHP_URL_SCHEME);
}

// absolute URL?
if (null !== $scheme) {
if (null !== parse_url(\strlen($uri) !== strcspn($uri, '?#') ? $uri : $uri.'#', \PHP_URL_SCHEME)) {
return $uri;
}

Expand Down
9 changes: 6 additions & 3 deletions src/Symfony/Component/HttpClient/CurlHttpClient.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -421,8 +421,9 @@ private static function createRedirectResolver(array $options, string $host): \C
}
}

return static function ($ch, string $location, bool $noContent) use (&$redirectHeaders, $options) {
return static function ($ch, string $location, bool $noContent, bool &$locationHasHost) use (&$redirectHeaders, $options) {
try {
$locationHasHost = false;
$location = self::parseUrl($location);
} catch (InvalidArgumentException $e) {
return null;
Expand All @@ -436,8 +437,10 @@ private static function createRedirectResolver(array $options, string $host): \C
$redirectHeaders['with_auth'] = array_filter($redirectHeaders['with_auth'], $filterContentHeaders);
}

if ($redirectHeaders && $host = parse_url('http:'.$location['authority'], \PHP_URL_HOST)) {
$requestHeaders = $redirectHeaders['host'] === $host ? $redirectHeaders['with_auth'] : $redirectHeaders['no_auth'];
$locationHasHost = isset($location['authority']);

if ($redirectHeaders && $locationHasHost) {
$requestHeaders = parse_url($location['authority'], \PHP_URL_HOST) === $redirectHeaders['host'] ? $redirectHeaders['with_auth'] : $redirectHeaders['no_auth'];
curl_setopt($ch, \CURLOPT_HTTPHEADER, $requestHeaders);
} elseif ($noContent && $redirectHeaders) {
curl_setopt($ch, \CURLOPT_HTTPHEADER, $redirectHeaders['with_auth']);
Expand Down
26 changes: 17 additions & 9 deletions src/Symfony/Component/HttpClient/HttpClientTrait.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -514,29 +514,37 @@ private static function resolveUrl(array $url, ?array $base, array $queryDefault
*/
private static function parseUrl(string $url, array $query = [], array $allowedSchemes = ['http' => 80, 'https' => 443]): array
{
if (false === $parts = parse_url($url)) {
if ('/' !== ($url[0] ?? '') || false === $parts = parse_url($url.'#')) {
throw new InvalidArgumentException(sprintf('Malformed URL "%s".', $url));
}
unset($parts['fragment']);
$tail = '';

if (false === $parts = parse_url(\strlen($url) !== strcspn($url, '?#') ? $url : $url.$tail = '#')) {
throw new InvalidArgumentException(sprintf('Malformed URL "%s".', $url));
}

if ($query) {
$parts['query'] = self::mergeQueryString($parts['query'] ?? null, $query, true);
}

$scheme = $parts['scheme'] ?? null;
$host = $parts['host'] ?? null;

if (!$scheme && $host && !str_starts_with($url, '//')) {
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wondered if we could add the same logic to Request::create() but we have a test case that ensure Request::create("test.com:80") is parsed as host+port (which is not how the URL spec would parse it)

$parts = parse_url(':/'.$url.$tail);
$parts['path'] = substr($parts['path'], 2);
$scheme = $host = null;
}

$port = $parts['port'] ?? 0;

if (null !== $scheme = $parts['scheme'] ?? null) {
if (null !== $scheme) {
if (!isset($allowedSchemes[$scheme = strtolower($scheme)])) {
throw new InvalidArgumentException(sprintf('Unsupported scheme in "%s".', $url));
throw new InvalidArgumentException(sprintf('Unsupported scheme in "%s": "%s" expected.', $url, implode('" or "', array_keys($allowedSchemes))));
}

$port = $allowedSchemes[$scheme] === $port ? 0 : $port;
$scheme .= ':';
}

if (null !== $host = $parts['host'] ?? null) {
if (null !== $host) {
if (!\defined('INTL_IDNA_VARIANT_UTS46') && preg_match('/[\x80-\xFF]/', $host)) {
throw new InvalidArgumentException(sprintf('Unsupported IDN "%s", try enabling the "intl" PHP extension or running "composer require symfony/polyfill-intl-idn".', $host));
}
Expand Down Expand Up @@ -564,7 +572,7 @@ private static function parseUrl(string $url, array $query = [], array $allowedS
'authority' => null !== $host ? '//'.(isset($parts['user']) ? $parts['user'].(isset($parts['pass']) ? ':'.$parts['pass'] : '').'@' : '').$host : null,
'path' => isset($parts['path'][0]) ? $parts['path'] : null,
'query' => isset($parts['query']) ? '?'.$parts['query'] : null,
'fragment' => isset($parts['fragment']) ? '#'.$parts['fragment'] : null,
'fragment' => isset($parts['fragment']) && !$tail ? '#'.$parts['fragment'] : null,
];
}

Expand Down
3 changes: 2 additions & 1 deletion src/Symfony/Component/HttpClient/NativeHttpClient.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -389,6 +389,7 @@ private static function createRedirectResolver(array $options, string $host, ?ar
return null;
}

$locationHasHost = isset($url['authority']);
$url = self::resolveUrl($url, $info['url']);
$info['redirect_url'] = implode('', $url);

Expand Down Expand Up @@ -424,7 +425,7 @@ private static function createRedirectResolver(array $options, string $host, ?ar

[$host, $port] = self::parseHostPort($url, $info);

if (false !== (parse_url($location.'#', \PHP_URL_HOST) ?? false)) {
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

stop using parse_url on user-input

if ($locationHasHost) {
// Authorization and Cookie headers MUST NOT follow except for the initial host name
$requestHeaders = $redirectHeaders['host'] === $host ? $redirectHeaders['with_auth'] : $redirectHeaders['no_auth'];
$requestHeaders[] = 'Host: '.$host.$port;
Expand Down
11 changes: 6 additions & 5 deletions src/Symfony/Component/HttpClient/Response/CurlResponse.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -436,17 +436,18 @@ private static function parseHeaderLine($ch, string $data, array &$info, array &
$info['http_method'] = 'HEAD' === $info['http_method'] ? 'HEAD' : 'GET';
curl_setopt($ch, \CURLOPT_CUSTOMREQUEST, $info['http_method']);
}
$locationHasHost = false;

if (null === $info['redirect_url'] = $resolveRedirect($ch, $location, $noContent)) {
if (null === $info['redirect_url'] = $resolveRedirect($ch, $location, $noContent, $locationHasHost)) {
$options['max_redirects'] = curl_getinfo($ch, \CURLINFO_REDIRECT_COUNT);
curl_setopt($ch, \CURLOPT_FOLLOWLOCATION, false);
curl_setopt($ch, \CURLOPT_MAXREDIRS, $options['max_redirects']);
} else {
$url = parse_url($location ?? ':');
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

stop using parse_url on user-input here also

} elseif ($locationHasHost) {
$url = parse_url($info['redirect_url']);

if (isset($url['host']) && null !== $ip = $multi->dnsCache->hostnames[$url['host'] = strtolower($url['host'])] ?? null) {
if (null !== $ip = $multi->dnsCache->hostnames[$url['host'] = strtolower($url['host'])] ?? null) {
// Populate DNS cache for redirects if needed
$port = $url['port'] ?? ('http' === ($url['scheme'] ?? parse_url(curl_getinfo($ch, \CURLINFO_EFFECTIVE_URL), \PHP_URL_SCHEME)) ? 80 : 443);
$port = $url['port'] ?? ('http' === $url['scheme'] ? 80 : 443);
curl_setopt($ch, \CURLOPT_RESOLVE, ["{$url['host']}:$port:$ip"]);
$multi->dnsCache->removals["-{$url['host']}:$port"] = "-{$url['host']}:$port";
}
Expand Down
9 changes: 9 additions & 0 deletions src/Symfony/Component/HttpClient/Tests/HttpClientTestCase.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -489,4 +489,13 @@ public function testNoPrivateNetworkWithResolve()

$client->request('GET', 'http://symfony.com', ['resolve' => ['symfony.com' => '127.0.0.1']]);
}

public function testNoRedirectWithInvalidLocation()
{
$client = $this->getHttpClient(__FUNCTION__);

$response = $client->request('GET', 'http://localhost:8057/302-no-scheme');

$this->assertSame(302, $response->getStatusCode());
}
}
7 changes: 4 additions & 3 deletions src/Symfony/Component/HttpClient/Tests/HttpClientTraitTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -102,6 +102,7 @@ public static function provideResolveUrl(): array
[self::RFC3986_BASE, 'g/../h', 'http://a/b/c/h'],
[self::RFC3986_BASE, 'g;x=1/./y', 'http://a/b/c/g;x=1/y'],
[self::RFC3986_BASE, 'g;x=1/../y', 'http://a/b/c/y'],
[self::RFC3986_BASE, 'g/h:123/i', 'http://a/b/c/g/h:123/i'],
// dot-segments in the query or fragment
[self::RFC3986_BASE, 'g?y/./x', 'http://a/b/c/g?y/./x'],
[self::RFC3986_BASE, 'g?y/../x', 'http://a/b/c/g?y/../x'],
Expand All @@ -127,14 +128,14 @@ public static function provideResolveUrl(): array
public function testResolveUrlWithoutScheme()
{
$this->expectException(InvalidArgumentException::class);
$this->expectExceptionMessage('Invalid URL: scheme is missing in "//localhost:8080". Did you forget to add "http(s)://"?');
$this->expectExceptionMessage('Unsupported scheme in "localhost:8080": "http" or "https" expected.');
self::resolveUrl(self::parseUrl('localhost:8080'), null);
}

public function testResolveBaseUrlWitoutScheme()
public function testResolveBaseUrlWithoutScheme()
{
$this->expectException(InvalidArgumentException::class);
$this->expectExceptionMessage('Invalid URL: scheme is missing in "//localhost:8081". Did you forget to add "http(s)://"?');
$this->expectExceptionMessage('Unsupported scheme in "localhost:8081": "http" or "https" expected.');
self::resolveUrl(self::parseUrl('/foo'), self::parseUrl('localhost:8081'));
}

Expand Down
2 changes: 1 addition & 1 deletion src/Symfony/Component/HttpClient/composer.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@
"php": ">=7.2.5",
"psr/log": "^1|^2|^3",
"symfony/deprecation-contracts": "^2.1|^3",
"symfony/http-client-contracts": "^2.5.3",
"symfony/http-client-contracts": "^2.5.4",
"symfony/polyfill-php73": "^1.11",
"symfony/polyfill-php80": "^1.16",
"symfony/service-contracts": "^1.0|^2|^3"
Expand Down
11 changes: 4 additions & 7 deletions src/Symfony/Component/HttpFoundation/Request.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -358,12 +358,7 @@ public static function create(string $uri, string $method = 'GET', array $parame
$server['PATH_INFO'] = '';
$server['REQUEST_METHOD'] = strtoupper($method);

if (false === ($components = parse_url($uri)) && '/' === ($uri[0] ?? '')) {
$components = parse_url($uri.'#');
unset($components['fragment']);
}

if (false === $components) {
if (false === $components = parse_url(\strlen($uri) !== strcspn($uri, '?#') ? $uri : $uri.'#')) {
throw new BadRequestException('Invalid URI.');
}

Expand All @@ -386,9 +381,11 @@ public static function create(string $uri, string $method = 'GET', array $parame
if ('https' === $components['scheme']) {
$server['HTTPS'] = 'on';
$server['SERVER_PORT'] = 443;
} else {
} elseif ('http' === $components['scheme']) {
unset($server['HTTPS']);
$server['SERVER_PORT'] = 80;
} else {
throw new BadRequestException('Invalid URI: http(s) scheme expected.');
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks like a missing check here, Request::create('random-scheme:foo') cannot give port 80

}
}

Expand Down
3 changes: 2 additions & 1 deletion src/Symfony/Component/HttpFoundation/Tests/RequestTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -310,7 +310,8 @@ public function testCreateWithRequestUri()
* ["foo\u0000"]
* [" foo"]
* ["foo "]
* [":"]
* ["//"]
* ["foo:bar"]
*/
public function testCreateWithBadRequestUri(string $uri)
{
Expand Down
6 changes: 6 additions & 0 deletions src/Symfony/Contracts/HttpClient/Test/Fixtures/web/index.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -98,6 +98,12 @@
}
break;

case '/302-no-scheme':
if (!isset($vars['HTTP_AUTHORIZATION'])) {
header('Location: localhost:8067', true, 302);
}
break;

case '/302/relative':
header('Location: ..', true, 302);
break;
Expand Down
Loading