RequestFactory: drops complete cookie/post when contain invalid chars (+ is faster)

Author: dg

src/Http/RequestFactory.php

@@ -79,8 +79,9 @@ public function createHttpRequest()
 		}
 
 		// path & query
+		$reChars = '#^[' . self::CHARS . ']*+\z#u';
 		$requestUrl = isset($_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI'] : '/';
-		if (!$this->binary && (!preg_match(self::CHARS, rawurldecode($requestUrl)) || preg_last_error())) {
+		if (!$this->binary && (!preg_match($reChars, rawurldecode($requestUrl)) || preg_last_error())) {
 			// TODO: invalid request
 		}
 		$requestUrl = Strings::replace($requestUrl, $this->urlFilters['url']);
@@ -106,24 +107,13 @@ public function createHttpRequest()
 		$cookies = $useFilter ? filter_input_array(INPUT_COOKIE, FILTER_UNSAFE_RAW) : (empty($_COOKIE) ? [] : $_COOKIE);
 
 		// remove invalid characters
-		$reChars = '#^[' . self::CHARS . ']*+\z#u';
 		if (!$this->binary) {
-			$list = array(& $post, & $cookies);
-			while (list($key, $val) = each($list)) {
-				foreach ($val as $k => $v) {
-					if (is_string($k) && (!preg_match($reChars, $k) || preg_last_error())) {
-						unset($list[$key][$k]);
-
-					} elseif (is_array($v)) {
-						$list[$key][$k] = $v;
-						$list[] = & $list[$key][$k];
-
-					} else {
-						$list[$key][$k] = (string) preg_replace('#[^' . self::CHARS . ']+#u', '', $v);
-					}
-				}
+			if (!preg_match($reChars, rawurldecode(http_build_query($post))) || preg_last_error()) {
+				$post = [];
+			}
+			if (!preg_match($reChars, rawurldecode(http_build_query($cookies))) || preg_last_error()) {
+				$cookies = [];
 			}
-			unset($list, $key, $val, $k, $v);
 		}