From 1aa7789ae613e4a01d6b2209f5bea82185a75c01 Mon Sep 17 00:00:00 2001
From: David Grudl <david@grudl.com>
Date: Sat, 27 Dec 2014 07:08:32 +0100
Subject: [PATCH] RequestFactory: rejects invalid URL [Closes #30]

---
 src/Http/RequestFactory.php | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/Http/RequestFactory.php b/src/Http/RequestFactory.php
index 3681bafe..f980f645 100644
--- a/src/Http/RequestFactory.php
+++ b/src/Http/RequestFactory.php
@@ -80,6 +80,9 @@ public function createHttpRequest()
 
 		// path & query
 		$requestUrl = isset($_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI'] : '/';
+		if (!$this->binary && (!preg_match(self::CHARS, rawurldecode($requestUrl)) || preg_last_error())) {
+			// TODO: invalid request
+		}
 		$requestUrl = Strings::replace($requestUrl, $this->urlFilters['url']);
 		$tmp = explode('?', $requestUrl, 2);
 		$path = Url::unescape($tmp[0], '%/?#');
@@ -97,17 +100,15 @@ public function createHttpRequest()
 		}
 		$url->setScriptPath($path);
 
-		// GET, POST, COOKIE
+		// POST, COOKIE
 		$useFilter = (!in_array(ini_get('filter.default'), ['', 'unsafe_raw']) || ini_get('filter.default_flags'));
-
-		$query = $url->getQueryParameters();
 		$post = $useFilter ? filter_input_array(INPUT_POST, FILTER_UNSAFE_RAW) : (empty($_POST) ? [] : $_POST);
 		$cookies = $useFilter ? filter_input_array(INPUT_COOKIE, FILTER_UNSAFE_RAW) : (empty($_COOKIE) ? [] : $_COOKIE);
 
 		// remove invalid characters
 		$reChars = '#^[' . self::CHARS . ']*+\z#u';
 		if (!$this->binary) {
-			$list = [& $query, & $post, & $cookies];
+			$list = array(& $post, & $cookies);
 			while (list($key, $val) = each($list)) {
 				foreach ($val as $k => $v) {
 					if (is_string($k) && (!preg_match($reChars, $k) || preg_last_error())) {
@@ -124,7 +125,6 @@ public function createHttpRequest()
 			}
 			unset($list, $key, $val, $k, $v);
 		}
-		$url->setQuery($query);
 
 
 		// FILES and create FileUpload objects