fix(url): disallowed wonky path (#4386)

This commit is contained in:
Dag 2025-01-03 05:40:30 +01:00 committed by GitHub
parent c44a76ff17
commit be51ba17df
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 10 additions and 3 deletions

View file

@ -74,9 +74,7 @@ class RumbleBridge extends BridgeAbstract
$item['timestamp'] = $publishedAt->getTimestamp(); $item['timestamp'] = $publishedAt->getTimestamp();
} }
if (isset($publishedAt) && $publishedAt > new \DateTimeImmutable('2025-01-31')) {
$href = ltrim($href, '/'); $href = ltrim($href, '/');
}
$itemUrl = Url::fromString(self::URI . $href); $itemUrl = Url::fromString(self::URI . $href);
// Remove tracking parameter in query string // Remove tracking parameter in query string
$item['uri'] = $itemUrl->withQueryString(null)->__toString(); $item['uri'] = $itemUrl->withQueryString(null)->__toString();

View file

@ -111,6 +111,9 @@ final class Url
if (!str_starts_with($path, '/')) { if (!str_starts_with($path, '/')) {
throw new UrlException(sprintf('Path must start with forward slash: %s', $path)); throw new UrlException(sprintf('Path must start with forward slash: %s', $path));
} }
if (str_starts_with($path, '//')) {
throw new UrlException(sprintf('Illegal path (too many forward slashes): %s', $path));
}
$clone = clone $this; $clone = clone $this;
$clone->path = $path; $clone->path = $path;
return $clone; return $clone;

View file

@ -36,6 +36,12 @@ class UrlTest extends TestCase
} }
} }
public function testIllegalPath()
{
$this->expectException(\UrlException::class);
Url::fromString('https://example.com//foo');
}
public function testMutation() public function testMutation()
{ {
$this->assertSame('http://example.com/foo', (Url::fromString('http://example.com/'))->withPath('/foo')->__toString()); $this->assertSame('http://example.com/foo', (Url::fromString('http://example.com/'))->withPath('/foo')->__toString());