Skip to content

Commit ab9e844

Browse files
neclimdulneclimdul
committed
[HttpFoundation] Deprecate passing invalid URI to Request::create
Fixes: #47084 Passing an invalid URI to Request::create triggers an undefined code path. In PHP7 the false value returned by parse_url would quietly be treated as a an array through type coercion leading to unexpected results. In PHP8 this triggers a deprecation exposing the bug.
1 parent e16aea4 commit ab9e844

File tree

2 files changed

+13
-0
lines changed

2 files changed

+13
-0
lines changed

src/Symfony/Component/HttpFoundation/Request.php

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -342,6 +342,10 @@ public static function create(string $uri, string $method = 'GET', array $parame
342342
$server['REQUEST_METHOD'] = strtoupper($method);
343343

344344
$components = parse_url($uri);
345+
if (false === $components) {
346+
trigger_deprecation('symfony/http-foundation', '6.3', 'Calling "%s()" without an invalid URI is deprecated.', __METHOD__ );
347+
$components = [];
348+
}
345349
if (isset($components['host'])) {
346350
$server['SERVER_NAME'] = $components['host'];
347351
$server['HTTP_HOST'] = $components['host'];

src/Symfony/Component/HttpFoundation/Tests/RequestTest.php

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2554,6 +2554,15 @@ public function testReservedFlags()
25542554
$this->assertNotSame(0b10000000, $value, sprintf('The constant "%s" should not use the reserved value "0b10000000".', $constant));
25552555
}
25562556
}
2557+
2558+
/**
2559+
* @group legacy
2560+
*/
2561+
public function testInvalidUriCreationDeprecated()
2562+
{
2563+
$this->expectDeprecation('Since symfony/http-foundation 6.3: Calling "Symfony\Component\HttpFoundation\Request::create()" without an invalid URI is deprecated.');
2564+
Request::create('/invalid-path:123');
2565+
}
25572566
}
25582567

25592568
class RequestContentProxy extends Request

0 commit comments

Comments
 (0)