From be51ba17df892fde0c371c181425dd636f0f4d37 Mon Sep 17 00:00:00 2001 From: Dag Date: Fri, 3 Jan 2025 05:40:30 +0100 Subject: [PATCH] fix(url): disallowed wonky path (#4386) --- bridges/RumbleBridge.php | 4 +--- lib/url.php | 3 +++ tests/UrlTest.php | 6 ++++++ 3 files changed, 10 insertions(+), 3 deletions(-) diff --git a/bridges/RumbleBridge.php b/bridges/RumbleBridge.php index 11755b51420..c1a565bbccb 100644 --- a/bridges/RumbleBridge.php +++ b/bridges/RumbleBridge.php @@ -74,9 +74,7 @@ public function collectData() $item['timestamp'] = $publishedAt->getTimestamp(); } - if (isset($publishedAt) && $publishedAt > new \DateTimeImmutable('2025-01-31')) { - $href = ltrim($href, '/'); - } + $href = ltrim($href, '/'); $itemUrl = Url::fromString(self::URI . $href); // Remove tracking parameter in query string $item['uri'] = $itemUrl->withQueryString(null)->__toString(); diff --git a/lib/url.php b/lib/url.php index 993fef96c10..9a1b59adc3f 100644 --- a/lib/url.php +++ b/lib/url.php @@ -111,6 +111,9 @@ public function withPath(string $path): self if (!str_starts_with($path, '/')) { throw new UrlException(sprintf('Path must start with forward slash: %s', $path)); } + if (str_starts_with($path, '//')) { + throw new UrlException(sprintf('Illegal path (too many forward slashes): %s', $path)); + } $clone = clone $this; $clone->path = $path; return $clone; diff --git a/tests/UrlTest.php b/tests/UrlTest.php index d45f319b0d7..72b9ac4c478 100644 --- a/tests/UrlTest.php +++ b/tests/UrlTest.php @@ -36,6 +36,12 @@ public function testNormalization() } } + public function testIllegalPath() + { + $this->expectException(\UrlException::class); + Url::fromString('https://example.com//foo'); + } + public function testMutation() { $this->assertSame('http://example.com/foo', (Url::fromString('http://example.com/'))->withPath('/foo')->__toString());