Skip to content

Commit

Permalink
Merge branch '7.1' into 7.2
Browse files Browse the repository at this point in the history
* 7.1:
  reject URLs containing whitespaces
  Update validators.fa.xlf
  [HttpClient] Fix a typo in NoPrivateNetworkHttpClient
  • Loading branch information
fabpot committed Dec 30, 2024
2 parents 1d23de4 + f207dc5 commit f6bc679
Show file tree
Hide file tree
Showing 2 changed files with 21 additions and 15 deletions.
28 changes: 14 additions & 14 deletions Tests/TextSanitizer/UrlSanitizerTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -358,10 +358,10 @@ public static function provideParse(): iterable
'non-special://:@untrusted.com/x' => ['scheme' => 'non-special', 'host' => 'untrusted.com'],
'http:foo.com' => ['scheme' => 'http', 'host' => null],
" :foo.com \n" => null,
' foo.com ' => ['scheme' => null, 'host' => null],
' foo.com ' => null,
'a: foo.com' => null,
'http://f:21/ b ? d # e ' => ['scheme' => 'http', 'host' => 'f'],
'lolscheme:x x#x x' => ['scheme' => 'lolscheme', 'host' => null],
'http://f:21/ b ? d # e ' => null,
'lolscheme:x x#x x' => null,
'http://f:/c' => ['scheme' => 'http', 'host' => 'f'],
'http://f:0/c' => ['scheme' => 'http', 'host' => 'f'],
'http://f:00000000000000/c' => ['scheme' => 'http', 'host' => 'f'],
Expand Down Expand Up @@ -434,7 +434,7 @@ public static function provideParse(): iterable
'javascript:example.com/' => ['scheme' => 'javascript', 'host' => null],
'mailto:example.com/' => ['scheme' => 'mailto', 'host' => null],
'/a/b/c' => ['scheme' => null, 'host' => null],
'/a/ /c' => ['scheme' => null, 'host' => null],
'/a/ /c' => null,
'/a%2fc' => ['scheme' => null, 'host' => null],
'/a/%2f/c' => ['scheme' => null, 'host' => null],
'' => ['scheme' => null, 'host' => null],
Expand Down Expand Up @@ -495,10 +495,10 @@ public static function provideParse(): iterable
'http://example.com/你好你好' => ['scheme' => 'http', 'host' => 'example.com'],
'http://example.com/‥/foo' => ['scheme' => 'http', 'host' => 'example.com'],
"http://example.com/\u{feff}/foo" => ['scheme' => 'http', 'host' => 'example.com'],
"http://example.com\u{002f}\u{202e}\u{002f}\u{0066}\u{006f}\u{006f}\u{002f}\u{202d}\u{002f}\u{0062}\u{0061}\u{0072}\u{0027}\u{0020}" => ['scheme' => 'http', 'host' => 'example.com'],
"http://example.com\u{002f}\u{202e}\u{002f}\u{0066}\u{006f}\u{006f}\u{002f}\u{202d}\u{002f}\u{0062}\u{0061}\u{0072}\u{0027}\u{0020}" => null,
'http://www.google.com/foo?bar=baz#' => ['scheme' => 'http', 'host' => 'www.google.com'],
'http://www.google.com/foo?bar=baz# »' => ['scheme' => 'http', 'host' => 'www.google.com'],
'data:test# »' => ['scheme' => 'data', 'host' => null],
'http://www.google.com/foo?bar=baz# »' => null,
'data:test# »' => null,
'http://www.google.com' => ['scheme' => 'http', 'host' => 'www.google.com'],
'http://192.0x00A80001' => ['scheme' => 'http', 'host' => '192.0x00A80001'],
'http://www/foo%2Ehtml' => ['scheme' => 'http', 'host' => 'www'],
Expand Down Expand Up @@ -706,11 +706,11 @@ public static function provideParse(): iterable
'test-a-colon-slash-slash-b.html' => ['scheme' => null, 'host' => null],
'http://example.org/test?a#bc' => ['scheme' => 'http', 'host' => 'example.org'],
'http:\\/\\/f:b\\/c' => ['scheme' => 'http', 'host' => null],
'http:\\/\\/f: \\/c' => ['scheme' => 'http', 'host' => null],
'http:\\/\\/f: \\/c' => null,
'http:\\/\\/f:fifty-two\\/c' => ['scheme' => 'http', 'host' => null],
'http:\\/\\/f:999999\\/c' => ['scheme' => 'http', 'host' => null],
'non-special:\\/\\/f:999999\\/c' => ['scheme' => 'non-special', 'host' => null],
'http:\\/\\/f: 21 \\/ b ? d # e ' => ['scheme' => 'http', 'host' => null],
'http:\\/\\/f: 21 \\/ b ? d # e ' => null,
'http:\\/\\/[1::2]:3:4' => ['scheme' => 'http', 'host' => null],
'http:\\/\\/2001::1' => ['scheme' => 'http', 'host' => null],
'http:\\/\\/2001::1]' => ['scheme' => 'http', 'host' => null],
Expand All @@ -734,8 +734,8 @@ public static function provideParse(): iterable
'http:@:www.example.com' => ['scheme' => 'http', 'host' => null],
'http:\\/@:www.example.com' => ['scheme' => 'http', 'host' => null],
'http:\\/\\/@:www.example.com' => ['scheme' => 'http', 'host' => null],
'http:\\/\\/example example.com' => ['scheme' => 'http', 'host' => null],
'http:\\/\\/Goo%20 goo%7C|.com' => ['scheme' => 'http', 'host' => null],
'http:\\/\\/example example.com' => null,
'http:\\/\\/Goo%20 goo%7C|.com' => null,
'http:\\/\\/[]' => ['scheme' => 'http', 'host' => null],
'http:\\/\\/[:]' => ['scheme' => 'http', 'host' => null],
'http:\\/\\/GOO\\u00a0\\u3000goo.com' => ['scheme' => 'http', 'host' => null],
Expand All @@ -752,8 +752,8 @@ public static function provideParse(): iterable
'http:\\/\\/hello%00' => ['scheme' => 'http', 'host' => null],
'http:\\/\\/192.168.0.257' => ['scheme' => 'http', 'host' => null],
'http:\\/\\/%3g%78%63%30%2e%30%32%35%30%2E.01' => ['scheme' => 'http', 'host' => null],
'http:\\/\\/192.168.0.1 hello' => ['scheme' => 'http', 'host' => null],
'https:\\/\\/x x:12' => ['scheme' => 'https', 'host' => null],
'http:\\/\\/192.168.0.1 hello' => null,
'https:\\/\\/x x:12' => null,
'http:\\/\\/[www.google.com]\\/' => ['scheme' => 'http', 'host' => null],
'http:\\/\\/[google.com]' => ['scheme' => 'http', 'host' => null],
'http:\\/\\/[::1.2.3.4x]' => ['scheme' => 'http', 'host' => null],
Expand All @@ -763,7 +763,7 @@ public static function provideParse(): iterable
'..\\/i' => ['scheme' => null, 'host' => null],
'\\/i' => ['scheme' => null, 'host' => null],
'sc:\\/\\/\\u0000\\/' => ['scheme' => 'sc', 'host' => null],
'sc:\\/\\/ \\/' => ['scheme' => 'sc', 'host' => null],
'sc:\\/\\/ \\/' => null,
'sc:\\/\\/@\\/' => ['scheme' => 'sc', 'host' => null],
'sc:\\/\\/te@s:t@\\/' => ['scheme' => 'sc', 'host' => null],
'sc:\\/\\/:\\/' => ['scheme' => 'sc', 'host' => null],
Expand Down
8 changes: 7 additions & 1 deletion TextSanitizer/UrlSanitizer.php
Original file line number Diff line number Diff line change
Expand Up @@ -94,7 +94,13 @@ public static function parse(string $url): ?array
}

try {
return UriString::parse($url);
$parsedUrl = UriString::parse($url);

if (preg_match('/\s/', $url)) {
return null;
}

return $parsedUrl;
} catch (SyntaxError) {
return null;
}
Expand Down

0 comments on commit f6bc679

Please sign in to comment.