Skip to content

Commit

Permalink
fix(url): disallowed wonky path (#4386)
Browse files Browse the repository at this point in the history
  • Loading branch information
@dvikan
dvikan authored Jan 3, 2025
1 parent c44a76f commit be51ba1
Show file tree
Hide file tree
Showing 3 changed files with 10 additions and 3 deletions.
4 changes: 1 addition & 3 deletions bridges/RumbleBridge.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -74,9 +74,7 @@ public function collectData()
$item['timestamp'] = $publishedAt->getTimestamp();
}

if (isset($publishedAt) && $publishedAt > new \DateTimeImmutable('2025-01-31')) {
$href = ltrim($href, '/');
}
$href = ltrim($href, '/');
$itemUrl = Url::fromString(self::URI . $href);
// Remove tracking parameter in query string
$item['uri'] = $itemUrl->withQueryString(null)->__toString();
Expand Down
3 changes: 3 additions & 0 deletions lib/url.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -111,6 +111,9 @@ public function withPath(string $path): self
if (!str_starts_with($path, '/')) {
throw new UrlException(sprintf('Path must start with forward slash: %s', $path));
}
if (str_starts_with($path, '//')) {
throw new UrlException(sprintf('Illegal path (too many forward slashes): %s', $path));
}
$clone = clone $this;
$clone->path = $path;
return $clone;
Expand Down
6 changes: 6 additions & 0 deletions tests/UrlTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,12 @@ public function testNormalization()
}
}

public function testIllegalPath()
{
$this->expectException(\UrlException::class);
Url::fromString('https://example.com//foo');
}

public function testMutation()
{
$this->assertSame('http://example.com/foo', (Url::fromString('http://example.com/'))->withPath('/foo')->__toString());
Expand Down

0 comments on commit be51ba1

Please sign in to comment.