Skip to content

Commit 1aa7789

Browse files
dgdg
committed
RequestFactory: rejects invalid URL [Closes #30]
1 parent 0d9ef49 commit 1aa7789

File tree

1 file changed

+5
-5
lines changed

1 file changed

+5
-5
lines changed

src/Http/RequestFactory.php

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -80,6 +80,9 @@ public function createHttpRequest()
8080

8181
// path & query
8282
$requestUrl = isset($_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI'] : '/';
83+
if (!$this->binary && (!preg_match(self::CHARS, rawurldecode($requestUrl)) || preg_last_error())) {
84+
// TODO: invalid request
85+
}
8386
$requestUrl = Strings::replace($requestUrl, $this->urlFilters['url']);
8487
$tmp = explode('?', $requestUrl, 2);
8588
$path = Url::unescape($tmp[0], '%/?#');
@@ -97,17 +100,15 @@ public function createHttpRequest()
97100
}
98101
$url->setScriptPath($path);
99102

100-
// GET, POST, COOKIE
103+
// POST, COOKIE
101104
$useFilter = (!in_array(ini_get('filter.default'), ['', 'unsafe_raw']) || ini_get('filter.default_flags'));
102-
103-
$query = $url->getQueryParameters();
104105
$post = $useFilter ? filter_input_array(INPUT_POST, FILTER_UNSAFE_RAW) : (empty($_POST) ? [] : $_POST);
105106
$cookies = $useFilter ? filter_input_array(INPUT_COOKIE, FILTER_UNSAFE_RAW) : (empty($_COOKIE) ? [] : $_COOKIE);
106107

107108
// remove invalid characters
108109
$reChars = '#^[' . self::CHARS . ']*+\z#u';
109110
if (!$this->binary) {
110-
$list = [& $query, & $post, & $cookies];
111+
$list = array(& $post, & $cookies);
111112
while (list($key, $val) = each($list)) {
112113
foreach ($val as $k => $v) {
113114
if (is_string($k) && (!preg_match($reChars, $k) || preg_last_error())) {
@@ -124,7 +125,6 @@ public function createHttpRequest()
124125
}
125126
unset($list, $key, $val, $k, $v);
126127
}
127-
$url->setQuery($query);
128128

129129

130130
// FILES and create FileUpload objects

0 commit comments

Comments
 (0)