From dfc3635b83dd980e5c39f8f8c73e87723b99ca01 Mon Sep 17 00:00:00 2001
From: Freek Van der Herten <freek@spatie.be>
Date: Fri, 13 Dec 2024 17:09:34 +0100
Subject: [PATCH] improve detection of file urls

---
 src/Browsershot.php       | 8 ++++++--
 tests/BrowsershotTest.php | 7 ++++++-
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/src/Browsershot.php b/src/Browsershot.php
index 8445261..053c742 100644
--- a/src/Browsershot.php
+++ b/src/Browsershot.php
@@ -259,8 +259,12 @@ public function setUrl(string $url): static
     {
         $url = trim($url);
 
-        if (str_starts_with(strtolower($url), 'file://') || str_starts_with(strtolower($url), 'file:/')) {
-            throw FileUrlNotAllowed::make();
+        $unsupportedProtocols = ['file://', 'file:/', 'file:\\', 'file:\\\\'];
+
+        foreach($unsupportedProtocols as $unsupportedProtocol) {
+            if (str_starts_with(strtolower($url), $unsupportedProtocol)) {
+                throw FileUrlNotAllowed::make();
+            }
         }
 
         $this->url = $url;
diff --git a/tests/BrowsershotTest.php b/tests/BrowsershotTest.php
index 62cc4df..026a5e5 100644
--- a/tests/BrowsershotTest.php
+++ b/tests/BrowsershotTest.php
@@ -54,7 +54,12 @@
 
 it('will not allow a file url', function () {
     Browsershot::url('file://test');
-})->throws(FileUrlNotAllowed::class);
+})->throws(FileUrlNotAllowed::class)->with([
+    'file://test',
+    'file:/test',
+    'file:\test',
+    'file:\\test',
+]);
 
 it('will not allow a file url that has leading spaces', function () {
     Browsershot::url('    file://test');