AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-03-01 03:14:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

Updated symfony/http-foundation from 7.3.3 to 7.3.7

Browse Source
This commit is contained in:
johnnyq
2025-11-16 15:49:11 -05:00
parent efcc0fd5cb
commit 612041635d
11 changed files with 82 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
plugins/vendor/symfony/http-foundation/Request.php vendored
View File

@@ -300,10 +300,21 @@ class Request
$server['PATH_INFO'] = '';
$server['REQUEST_METHOD'] = strtoupper($method);
if (($i = strcspn($uri, ':/?#')) && ':' === ($uri[$i] ?? null) && (strspn($uri, 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+-.') !== $i || strcspn($uri, 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'))) {
throw new BadRequestException('Invalid URI: Scheme is malformed.');
}
if (false === $components = parse_url(\strlen($uri) !== strcspn($uri, '?#') ? $uri : $uri.'#')) {
throw new BadRequestException('Invalid URI.');
}
$part = ($components['user'] ?? '').':'.($components['pass'] ?? '');
if (':' !== $part && \strlen($part) !== strcspn($part, '[]')) {
throw new BadRequestException('Invalid URI: Userinfo is malformed.');
}
if (($part = $components['host'] ?? '') && !self::isHostValid($part)) {
throw new BadRequestException('Invalid URI: Host is malformed.');
}
if (false !== ($i = strpos($uri, '\\')) && $i < strcspn($uri, '?#')) {
throw new BadRequestException('Invalid URI: A URI cannot contain a backslash.');
}
@@ -1091,10 +1102,8 @@ class Request
// host is lowercase as per RFC 952/2181
$host = strtolower(preg_replace('/:\d+$/', '', trim($host)));
// as the host can come from the user (HTTP_HOST and depending on the configuration, SERVER_NAME too can come from the user)
// check that it does not contain forbidden characters (see RFC 952 and RFC 2181)
// use preg_replace() instead of preg_match() to prevent DoS attacks with long host names
if ($host && '' !== preg_replace('/(?:^\[)?[a-zA-Z0-9-:\]_]+\.?/', '', $host)) {
// the host can come from the user (HTTP_HOST and depending on the configuration, SERVER_NAME too can come from the user)
if ($host && !self::isHostValid($host)) {
if (!$this->isHostValid) {
return '';
}
@@ -1236,15 +1245,22 @@ class Request
static::initializeFormats();
}
$exactFormat = null;
$canonicalFormat = null;
foreach (static::$formats as $format => $mimeTypes) {
if (\in_array($mimeType, (array) $mimeTypes, true)) {
return $format;
if (\in_array($mimeType, $mimeTypes, true)) {
$exactFormat = $format;
}
if (null !== $canonicalMimeType && \in_array($canonicalMimeType, (array) $mimeTypes, true)) {
return $format;
if (null !== $canonicalMimeType && \in_array($canonicalMimeType, $mimeTypes, true)) {
$canonicalFormat = $format;
}
}
if ($format = $exactFormat ?? $canonicalFormat) {
return $format;
}
return null;
}
@@ -1259,7 +1275,7 @@ class Request
static::initializeFormats();
}
static::$formats[$format] = \is_array($mimeTypes) ? $mimeTypes : [$mimeTypes];
static::$formats[$format ?? ''] = (array) $mimeTypes;
}
/**
@@ -1892,9 +1908,8 @@ class Request
}
$pathInfo = substr($requestUri, \strlen($baseUrl));
if ('' === $pathInfo) {
// If substr() returns false then PATH_INFO is set to an empty string
return '/';
if ('' === $pathInfo || '/' !== $pathInfo[0]) {
return '/'.$pathInfo;
}
return $pathInfo;
@@ -2101,4 +2116,21 @@ class Request
return $this->isIisRewrite;
}
/**
* See https://url.spec.whatwg.org/.
*/
private static function isHostValid(string $host): bool
{
if ('[' === $host[0]) {
return ']' === $host[-1] && filter_var(substr($host, 1, -1), \FILTER_VALIDATE_IP, \FILTER_FLAG_IPV6);
}
if (preg_match('/\.[0-9]++\.?$/D', $host)) {
return null !== filter_var($host, \FILTER_VALIDATE_IP, \FILTER_FLAG_IPV4 | \FILTER_NULL_ON_FAILURE);
}
// use preg_replace() instead of preg_match() to prevent DoS attacks with long host names
return '' === preg_replace('/[-a-zA-Z0-9_]++\.?/', '', $host);
}
}