Skip to content

Commit

Permalink
RequestFactory: rejects invalid URL [Closes #30]
Browse files Browse the repository at this point in the history
  • Loading branch information
dg committed Dec 27, 2014
1 parent 0bb4336 commit f4f966a
Showing 1 changed file with 5 additions and 5 deletions.
10 changes: 5 additions & 5 deletions src/Http/RequestFactory.php
Original file line number Diff line number Diff line change
Expand Up @@ -82,6 +82,9 @@ public function createHttpRequest()

// path & query
$requestUrl = isset($_SERVER['REQUEST_URI'][0]) && $_SERVER['REQUEST_URI'][0] === '/' ? $_SERVER['REQUEST_URI'] : '/';
if (!$this->binary && (!preg_match(self::CHARS, rawurldecode($requestUrl)) || preg_last_error())) {
// TODO: invalid request
}
$requestUrl = Strings::replace($requestUrl, $this->urlFilters['url']);
$tmp = explode('?', $requestUrl, 2);
$path = Strings::fixEncoding(Strings::replace($tmp[0], $this->urlFilters['path']));
Expand All @@ -97,10 +100,8 @@ public function createHttpRequest()
}
$url->setScriptPath($path);

// GET, POST, COOKIE
// POST, COOKIE
$useFilter = (!in_array(ini_get('filter.default'), array('', 'unsafe_raw')) || ini_get('filter.default_flags'));

$query = $url->getQueryParameters();
$post = $useFilter ? filter_input_array(INPUT_POST, FILTER_UNSAFE_RAW) : (empty($_POST) ? array() : $_POST);
$cookies = $useFilter ? filter_input_array(INPUT_COOKIE, FILTER_UNSAFE_RAW) : (empty($_COOKIE) ? array() : $_COOKIE);

Expand All @@ -111,7 +112,7 @@ public function createHttpRequest()

// remove invalid characters
if (!$this->binary) {
$list = array(& $query, & $post, & $cookies);
$list = array(& $post, & $cookies);
while (list($key, $val) = each($list)) {
foreach ($val as $k => $v) {
if (is_string($k) && (!preg_match(self::CHARS, $k) || preg_last_error())) {
Expand All @@ -128,7 +129,6 @@ public function createHttpRequest()
}
unset($list, $key, $val, $k, $v);
}
$url->setQuery($query);


// FILES and create FileUpload objects
Expand Down

0 comments on commit f4f966a

Please sign in to comment.