improve detection of file urls

spatie · Dec 13, 2024 · dfc3635 · dfc3635
1 parent fae8396
commit dfc3635
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 3 deletions.
diff --git a/src/Browsershot.php b/src/Browsershot.php
@@ -259,8 +259,12 @@ public function setUrl(string $url): static
     {
         $url = trim($url);
 
-        if (str_starts_with(strtolower($url), 'file://') || str_starts_with(strtolower($url), 'file:/')) {
-            throw FileUrlNotAllowed::make();
+        $unsupportedProtocols = ['file://', 'file:/', 'file:\\', 'file:\\\\'];
+
+        foreach($unsupportedProtocols as $unsupportedProtocol) {
+            if (str_starts_with(strtolower($url), $unsupportedProtocol)) {
+                throw FileUrlNotAllowed::make();
+            }
         }
 
         $this->url = $url;

diff --git a/tests/BrowsershotTest.php b/tests/BrowsershotTest.php
@@ -54,7 +54,12 @@
 
 it('will not allow a file url', function () {
     Browsershot::url('file://test');
-})->throws(FileUrlNotAllowed::class);
+})->throws(FileUrlNotAllowed::class)->with([
+    'file://test',
+    'file:/test',
+    'file:\test',
+    'file:\\test',
+]);
 
 it('will not allow a file url that has leading spaces', function () {
     Browsershot::url('    file://test');