Bug #42511

"Uri" constructor silently accepts unparsable Uri strings

Added by Adrian Föder about 8 years ago. Updated about 8 years ago.

Status:
Resolved
Priority:
Must have
Assignee:
Category:
Http
Start date:
2012-10-30
Due date:
% Done:

100%

Estimated time:
PHP Version:
Has patch:
No
Complexity:

Description

The Uri::__construct() method basically relies on the parse_url() method. As of PHP documentation, http://de3.php.net/manual/en/function.parse-url.php, Changelog,

5.3.3 Removed the E_WARNING that was emitted when URL parsing failed.

So the constructor's code can, dependent of the PHP version in use, either throw a Warning exception or silently do nothing but let the Uri object be created since there is no other check:

    public function __construct($uriString) {
        if (!is_string($uriString)) throw new \InvalidArgumentException('The URI must be a valid string.', 1176550571);

        $uriParts = parse_url($uriString);
        if (is_array($uriParts)) {
            $this->scheme = isset($uriParts['scheme']) ? $uriParts['scheme'] : NULL;
            $this->username = isset($uriParts['user']) ? $uriParts['user'] : NULL;
            $this->password = isset($uriParts['pass']) ? $uriParts['pass'] : NULL;
            $this->host = isset($uriParts['host']) ? $uriParts['host'] : NULL;
            $this->port = isset($uriParts['port']) ? $uriParts['port'] : NULL;
            $this->path = isset($uriParts['path']) ? $uriParts['path'] : NULL;
            if (isset($uriParts['query'])) {
                $this->setQuery ($uriParts['query']);
            }
            $this->fragment = isset($uriParts['fragment']) ? $uriParts['fragment'] : NULL;
        }
    }

I recommend to catch the Warning, if any, and throw an exception if parse_url returned FALSE (or is not an array, i.e. the else-block of the if().


Related issues

Related to TYPO3.Fluid - Bug #42746: Functional WidgetTest is broken since URI bugfixResolvedKarsten Dambekalns2012-11-07

Actions
#1

Updated by Gerrit Code Review about 8 years ago

  • Status changed from New to Under Review

Patch set 1 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/16035

#2

Updated by Adrian Föder about 8 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100
#3

Updated by Gerrit Code Review about 8 years ago

  • Status changed from Resolved to Under Review

Patch set 1 for branch FLOW3-1.1 has been pushed to the review server.
It is available at https://review.typo3.org/17082

#4

Updated by Gerrit Code Review about 8 years ago

Patch set 2 for branch FLOW3-1.1 has been pushed to the review server.
It is available at https://review.typo3.org/17082

#5

Updated by Karsten Dambekalns about 8 years ago

  • Status changed from Under Review to Resolved

Also available in: Atom PDF