Merge branch '6.4' into 7.1

fabpot · fabpot · commit f207dc5c29ae · 2024-12-30T19:35:03.000+01:00
* 6.4:
  reject URLs containing whitespaces
  Update validators.fa.xlf
  [HttpClient] Fix a typo in NoPrivateNetworkHttpClient
diff --git a/Tests/TextSanitizer/UrlSanitizerTest.php b/Tests/TextSanitizer/UrlSanitizerTest.php
@@ -358,10 +358,10 @@ public static function provideParse(): iterable
             'non-special://:@untrusted.com/x' => ['scheme' => 'non-special', 'host' => 'untrusted.com'],
             'http:foo.com' => ['scheme' => 'http', 'host' => null],
             "	   :foo.com   \n" => null,
-            ' foo.com  ' => ['scheme' => null, 'host' => null],
+            ' foo.com  ' => null,
             'a:	 foo.com' => null,
-            'http://f:21/ b ? d # e ' => ['scheme' => 'http', 'host' => 'f'],
-            'lolscheme:x x#x x' => ['scheme' => 'lolscheme', 'host' => null],
+            'http://f:21/ b ? d # e ' => null,
+            'lolscheme:x x#x x' => null,
             'http://f:/c' => ['scheme' => 'http', 'host' => 'f'],
             'http://f:0/c' => ['scheme' => 'http', 'host' => 'f'],
             'http://f:00000000000000/c' => ['scheme' => 'http', 'host' => 'f'],
@@ -434,7 +434,7 @@ public static function provideParse(): iterable
             'javascript:example.com/' => ['scheme' => 'javascript', 'host' => null],
             'mailto:example.com/' => ['scheme' => 'mailto', 'host' => null],
             '/a/b/c' => ['scheme' => null, 'host' => null],
-            '/a/ /c' => ['scheme' => null, 'host' => null],
+            '/a/ /c' => null,
             '/a%2fc' => ['scheme' => null, 'host' => null],
             '/a/%2f/c' => ['scheme' => null, 'host' => null],
             '#β' => ['scheme' => null, 'host' => null],
@@ -495,10 +495,10 @@ public static function provideParse(): iterable
             'http://example.com/你好你好' => ['scheme' => 'http', 'host' => 'example.com'],
             'http://example.com/‥/foo' => ['scheme' => 'http', 'host' => 'example.com'],
             "http://example.com/\u{feff}/foo" => ['scheme' => 'http', 'host' => 'example.com'],
-            "http://example.com\u{002f}\u{202e}\u{002f}\u{0066}\u{006f}\u{006f}\u{002f}\u{202d}\u{002f}\u{0062}\u{0061}\u{0072}\u{0027}\u{0020}" => ['scheme' => 'http', 'host' => 'example.com'],
+            "http://example.com\u{002f}\u{202e}\u{002f}\u{0066}\u{006f}\u{006f}\u{002f}\u{202d}\u{002f}\u{0062}\u{0061}\u{0072}\u{0027}\u{0020}" => null,
             'http://www.google.com/foo?bar=baz#' => ['scheme' => 'http', 'host' => 'www.google.com'],
-            'http://www.google.com/foo?bar=baz# »' => ['scheme' => 'http', 'host' => 'www.google.com'],
-            'data:test# »' => ['scheme' => 'data', 'host' => null],
+            'http://www.google.com/foo?bar=baz# »' => null,
+            'data:test# »' => null,
             'http://www.google.com' => ['scheme' => 'http', 'host' => 'www.google.com'],
             'http://192.0x00A80001' => ['scheme' => 'http', 'host' => '192.0x00A80001'],
             'http://www/foo%2Ehtml' => ['scheme' => 'http', 'host' => 'www'],
@@ -706,11 +706,11 @@ public static function provideParse(): iterable
             'test-a-colon-slash-slash-b.html' => ['scheme' => null, 'host' => null],
             'http://example.org/test?a#bc' => ['scheme' => 'http', 'host' => 'example.org'],
             'http:\\/\\/f:b\\/c' => ['scheme' => 'http', 'host' => null],
-            'http:\\/\\/f: \\/c' => ['scheme' => 'http', 'host' => null],
+            'http:\\/\\/f: \\/c' => null,
             'http:\\/\\/f:fifty-two\\/c' => ['scheme' => 'http', 'host' => null],
             'http:\\/\\/f:999999\\/c' => ['scheme' => 'http', 'host' => null],
             'non-special:\\/\\/f:999999\\/c' => ['scheme' => 'non-special', 'host' => null],
-            'http:\\/\\/f: 21 \\/ b ? d # e ' => ['scheme' => 'http', 'host' => null],
+            'http:\\/\\/f: 21 \\/ b ? d # e ' => null,
             'http:\\/\\/[1::2]:3:4' => ['scheme' => 'http', 'host' => null],
             'http:\\/\\/2001::1' => ['scheme' => 'http', 'host' => null],
             'http:\\/\\/2001::1]' => ['scheme' => 'http', 'host' => null],
@@ -734,8 +734,8 @@ public static function provideParse(): iterable
             'http:@:www.example.com' => ['scheme' => 'http', 'host' => null],
             'http:\\/@:www.example.com' => ['scheme' => 'http', 'host' => null],
             'http:\\/\\/@:www.example.com' => ['scheme' => 'http', 'host' => null],
-            'http:\\/\\/example example.com' => ['scheme' => 'http', 'host' => null],
-            'http:\\/\\/Goo%20 goo%7C|.com' => ['scheme' => 'http', 'host' => null],
+            'http:\\/\\/example example.com' => null,
+            'http:\\/\\/Goo%20 goo%7C|.com' => null,
             'http:\\/\\/[]' => ['scheme' => 'http', 'host' => null],
             'http:\\/\\/[:]' => ['scheme' => 'http', 'host' => null],
             'http:\\/\\/GOO\\u00a0\\u3000goo.com' => ['scheme' => 'http', 'host' => null],
@@ -752,8 +752,8 @@ public static function provideParse(): iterable
             'http:\\/\\/hello%00' => ['scheme' => 'http', 'host' => null],
             'http:\\/\\/192.168.0.257' => ['scheme' => 'http', 'host' => null],
             'http:\\/\\/%3g%78%63%30%2e%30%32%35%30%2E.01' => ['scheme' => 'http', 'host' => null],
-            'http:\\/\\/192.168.0.1 hello' => ['scheme' => 'http', 'host' => null],
-            'https:\\/\\/x x:12' => ['scheme' => 'https', 'host' => null],
+            'http:\\/\\/192.168.0.1 hello' => null,
+            'https:\\/\\/x x:12' => null,
             'http:\\/\\/[www.google.com]\\/' => ['scheme' => 'http', 'host' => null],
             'http:\\/\\/[google.com]' => ['scheme' => 'http', 'host' => null],
             'http:\\/\\/[::1.2.3.4x]' => ['scheme' => 'http', 'host' => null],
@@ -763,7 +763,7 @@ public static function provideParse(): iterable
             '..\\/i' => ['scheme' => null, 'host' => null],
             '\\/i' => ['scheme' => null, 'host' => null],
             'sc:\\/\\/\\u0000\\/' => ['scheme' => 'sc', 'host' => null],
-            'sc:\\/\\/ \\/' => ['scheme' => 'sc', 'host' => null],
+            'sc:\\/\\/ \\/' => null,
             'sc:\\/\\/@\\/' => ['scheme' => 'sc', 'host' => null],
             'sc:\\/\\/te@s:t@\\/' => ['scheme' => 'sc', 'host' => null],
             'sc:\\/\\/:\\/' => ['scheme' => 'sc', 'host' => null],
diff --git a/TextSanitizer/UrlSanitizer.php b/TextSanitizer/UrlSanitizer.php
@@ -94,7 +94,13 @@ public static function parse(string $url): ?array
         }
 
         try {
-            return UriString::parse($url);
+            $parsedUrl = UriString::parse($url);
+
+            if (preg_match('/\s/', $url)) {
+                return null;
+            }
+
+            return $parsedUrl;
         } catch (SyntaxError) {
             return null;
         }

Original file line number	Diff line number	Diff line change
`@@ -94,7 +94,13 @@ public static function parse(string $url): ?array`
`94`	`94`	`}`
`95`	`95`
`96`	`96`	`try {`
`97`		`- return UriString::parse($url);`
	`97`	`+ $parsedUrl = UriString::parse($url);`
	`98`	`+`
	`99`	`+ if (preg_match('/\s/', $url)) {`
	`100`	`+ return null;`
	`101`	`+ }`
	`102`	`+`
	`103`	`+ return $parsedUrl;`
`98`	`104`	`} catch (SyntaxError) {`
`99`	`105`	`return null;`
`100`	`106`	`}`