Skip to content
This repository was archived by the owner on Jan 30, 2020. It is now read-only.

Commit 26e502a

Browse files
weierophinneyweierophinney
committed
Merge branch 'hotfix/151'
Close #151
2 parents 6bd2e29 + e56efd1 commit 26e502a

File tree

3 files changed

+25
-1
lines changed

3 files changed

+25
-1
lines changed

CHANGELOG.md

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -22,7 +22,10 @@ All notable changes to this project will be documented in this file, in reverse
2222

2323
### Fixed
2424

25-
- Nothing.
25+
- [#151](https://github.com/zendframework/zend-http/pull/151) fixes how Referer and other location-based headers report problems with
26+
invalid URLs provided in the header value, raising a `Zend\Http\Exception\InvalidArgumentException`
27+
in such cases. This change ensures the behavior is consistent with behavior
28+
prior to the 2.8.0 release.
2629

2730
## 2.8.1 - 2018-08-01
2831

src/Header/AbstractLocation.php

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -76,6 +76,12 @@ public function setUri($uri)
7676
$e->getCode(),
7777
$e
7878
);
79+
} catch (UriException\InvalidArgumentException $e) {
80+
throw new Exception\InvalidArgumentException(
81+
sprintf('Invalid URI passed as string (%s)', (string) $uri),
82+
$e->getCode(),
83+
$e
84+
);
7985
}
8086
} elseif (! ($uri instanceof UriInterface)) {
8187
throw new Exception\InvalidArgumentException('URI must be an instance of Zend\Uri\Http or a string');

test/Header/RefererTest.php

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -9,8 +9,10 @@
99

1010
use PHPUnit\Framework\TestCase;
1111
use Zend\Http\Header\Exception\InvalidArgumentException;
12+
use Zend\Http\Header\GenericHeader;
1213
use Zend\Http\Header\HeaderInterface;
1314
use Zend\Http\Header\Referer;
15+
use Zend\Http\Headers;
1416
use Zend\Uri\Http;
1517
use Zend\Uri\Uri;
1618

@@ -77,4 +79,17 @@ public function testCRLFAttack()
7779
$this->expectException(InvalidArgumentException::class);
7880
Referer::fromString("Referer: http://www.example.com/\r\n\r\nevilContent");
7981
}
82+
83+
public function testInvalidUriShouldWrapException()
84+
{
85+
$headerString = "Referer: unknown-scheme://test";
86+
87+
$headers = Headers::fromString($headerString);
88+
89+
$result = $headers->get('Referer');
90+
91+
$this->assertInstanceOf(GenericHeader::class, $result);
92+
$this->assertNotInstanceOf(Referer::class, $result);
93+
$this->assertEquals('unknown-scheme://test', $result->getFieldValue());
94+
}
8095
}

0 commit comments

Comments
 (0)