UrlScript: added argument validation

Author: dg

src/Http/UrlScript.php

@@ -9,6 +9,8 @@
 
 namespace Nette\Http;
 
+use Nette;
+
 
 /**
  * Immutable representation of a URL with application base-path.
@@ -89,8 +91,12 @@ public function getPathInfo(): string
 	protected function build(): void
 	{
 		parent::build();
-		$this->scriptPath = $this->scriptPath ?: $this->getPath();
+		$path = $this->getPath();
+		$this->scriptPath = $this->scriptPath ?: $path;
 		$pos = strrpos($this->scriptPath, '/');
-		$this->basePath = $pos === false ? '' : substr($this->scriptPath, 0, $pos + 1);
+		if ($pos === false || strncmp($this->scriptPath, $path, $pos + 1)) {
+			throw new Nette\InvalidArgumentException("ScriptPath '$this->scriptPath' doesn't match path '$path'");
+		}
+		$this->basePath = substr($this->scriptPath, 0, $pos + 1);
 	}
 }

tests/Http/UrlScript.error.phpt

@@ -0,0 +1,29 @@
+<?php
+
+declare(strict_types=1);
+
+use Nette\Http\UrlScript;
+use Tester\Assert;
+
+
+require __DIR__ . '/../bootstrap.php';
+
+
+Assert::exception(function () {
+	new UrlScript('http://nette.org/file.php?q=search', '/a/');
+}, Nette\InvalidArgumentException::class);
+
+
+Assert::exception(function () {
+	new UrlScript('http://nette.org/file.php?q=search', 'a');
+}, Nette\InvalidArgumentException::class);
+
+
+Assert::exception(function () {
+	new UrlScript('http://nette.org/dir/', '/d/');
+}, Nette\InvalidArgumentException::class);
+
+
+Assert::exception(function () {
+	new UrlScript('http://nette.org/dir/', '/dir/index/');
+}, Nette\InvalidArgumentException::class);