Skip to content
This repository has been archived by the owner on Jan 31, 2020. It is now read-only.

Commit

Permalink
Merge branch 'hotfix/uri-validation' of https://github.com/Maks3w/zf2
Browse files Browse the repository at this point in the history
…into hotfix/validator-uri
  • Loading branch information
Show file tree
Hide file tree
Showing 5 changed files with 104 additions and 101 deletions.
22 changes: 0 additions & 22 deletions src/Exception/InvalidUriTypeException.php

This file was deleted.

97 changes: 51 additions & 46 deletions src/Uri.php
Original file line number Diff line number Diff line change
Expand Up @@ -257,13 +257,13 @@ public function parse($uri)
$this->setUserInfo($userInfo);
}

$colonPos = strrpos($authority, ':');
if ($colonPos !== false) {
$port = substr($authority, $colonPos + 1);
if ($port) {
$this->setPort((int) $port);
}
$authority = substr($authority, 0, $colonPos);
$nMatches = preg_match('/:[\d]{1,5}$/', $authority, $matches);
if ($nMatches === 1) {
$portLength = strlen($matches[0]);
$port = substr($matches[0], 1);

$this->setPort((int) $port);
$authority = substr($authority, 0, -$portLength);
}

$this->setHost($authority);
Expand Down Expand Up @@ -407,7 +407,7 @@ public function normalize()
* (@link http://tools.ietf.org/html/rfc3986#section-5.2)
*
* @param Uri|string $baseUri
* @throws Exception\InvalidUriTypeException
* @throws Exception\InvalidArgumentException
* @return Uri
*/
public function resolve($baseUri)
Expand All @@ -419,13 +419,10 @@ public function resolve($baseUri)

if (is_string($baseUri)) {
$baseUri = new static($baseUri);
}

if (!$baseUri instanceof static) {
throw new Exception\InvalidUriTypeException(sprintf(
'Provided base URL is not an instance of "%s"',
get_called_class()
));
} elseif (!$baseUri instanceof Uri) {
throw new Exception\InvalidArgumentException(
'Provided base URI must be a string or a Uri object'
);
}

// Merging starts here...
Expand Down Expand Up @@ -665,6 +662,8 @@ public function setScheme($scheme)
*
* @param string $userInfo
* @return Uri
* @throws Exception\InvalidUriPartException If the schema definition
* does not have this part
*/
public function setUserInfo($userInfo)
{
Expand All @@ -676,7 +675,7 @@ public function setUserInfo($userInfo)
* Set the URI host
*
* Note that the generic syntax for URIs allows using host names which
* are not neceserily IPv4 addresses or valid DNS host names. For example,
* are not necessarily IPv4 addresses or valid DNS host names. For example,
* IPv6 addresses are allowed as well, and also an abstract "registered name"
* which may be any name composed of a valid set of characters, including,
* for example, tilda (~) and underscore (_) which are not allowed in DNS
Expand Down Expand Up @@ -758,6 +757,8 @@ public function setQuery($query)
*
* @param string $fragment
* @return Uri
* @throws Exception\InvalidUriPartException If the schema definition
* does not have this part
*/
public function setFragment($fragment)
{
Expand Down Expand Up @@ -835,20 +836,25 @@ public static function validateUserInfo($userInfo)
*/
public static function validateHost($host, $allowed = self::HOST_ALL)
{
if ($allowed & self::HOST_REGNAME) {
if (static::isValidRegName($host)) {
/*
* "first-match-wins" algorithm (RFC 3986):
* If host matches the rule for IPv4address, then it should be
* considered an IPv4 address literal and not a reg-name
*/
if ($allowed & self::HOST_IPVANY) {
if (static::isValidIpAddress($host, $allowed)) {
return true;
}
}

if ($allowed & self::HOST_DNS) {
if (static::isValidDnsHostname($host)) {
if ($allowed & self::HOST_REGNAME) {
if (static::isValidRegName($host)) {
return true;
}
}

if ($allowed & self::HOST_IPVANY) {
if (static::isValidIpAddress($host, $allowed)) {
if ($allowed & self::HOST_DNS) {
if (static::isValidDnsHostname($host)) {
return true;
}
}
Expand Down Expand Up @@ -997,7 +1003,7 @@ public static function encodeQueryFragment($input)
* method if one wants to test a URI string for it's scheme before doing
* anything with it.
*
* Will return the scmeme if found, or NULL if no scheme found (URI may
* Will return the scheme if found, or NULL if no scheme found (URI may
* still be valid, but not full)
*
* @param string $uriString
Expand Down Expand Up @@ -1107,30 +1113,29 @@ public static function merge($baseUri, $relativeUri)
protected static function isValidIpAddress($host, $allowed)
{
$validatorParams = array(
'allowipv4' => (bool) ($allowed & self::HOST_IPV4),
'allowipv6' => (bool) ($allowed & self::HOST_IPV6),
'allowipv4' => (bool) ($allowed & self::HOST_IPV4),
'allowipv6' => false,
'allowipvfuture' => false,
'allowliteral' => false,
);

if ($allowed & (self::HOST_IPV6 | self::HOST_IPVFUTURE)) {
if (preg_match('/^\[(.+)\]$/', $host, $match)) {
$host = $match[1];
$validatorParams['allowipv4'] = false;
}
}

if ($allowed & (self::HOST_IPV4 | self::HOST_IPV6)) {
$validator = new Validator\Ip($validatorParams);
if ($validator->isValid($host)) {
return true;
}
}

if ($allowed & self::HOST_IPVFUTURE) {
$regex = '/^v\.[[:xdigit:]]+[' . self::CHAR_UNRESERVED . self::CHAR_SUB_DELIMS . ':]+$/';
return (bool) preg_match($regex, $host);
// Test only IPv4
$validator = new Validator\Ip($validatorParams);
$return = $validator->isValid($host);
if ($return) {
return true;
}

return false;
// IPv6 & IPvLiteral must be in literal format
$validatorParams = array(
'allowipv4' => false,
'allowipv6' => (bool) ($allowed & self::HOST_IPV6),
'allowipvfuture' => (bool) ($allowed & self::HOST_IPVFUTURE),
'allowliteral' => true,
);
static $regex = '/^\[.*\]$/';
$validator->setOptions($validatorParams);
return (preg_match($regex, $host) && $validator->isValid($host));
}

/**
Expand All @@ -1149,7 +1154,7 @@ protected static function isValidDnsHostname($host)
}

/**
* Check if an address is a valid registerd name (as defined by RFC-3986) address
* Check if an address is a valid registered name (as defined by RFC-3986) address
*
* @param string $host
* @return boolean
Expand All @@ -1171,7 +1176,7 @@ protected static function isValidRegName($host)
/**
* Normalize the scheme
*
* Usually this means simpy converting the scheme to lower case
* Usually this means simply converting the scheme to lower case
*
* @param string $scheme
* @return string
Expand Down Expand Up @@ -1261,7 +1266,7 @@ protected static function normalizeQuery($query)
/**
* Normalize the fragment part
*
* Currently this is exactly the same as _normalizeQuery().
* Currently this is exactly the same as normalizeQuery().
*
* @param string $fragment
* @return string
Expand Down
6 changes: 3 additions & 3 deletions src/UriFactory.php
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ abstract class UriFactory
*
* @var array
*/
static protected $schemeClasses = array(
protected static $schemeClasses = array(
'http' => 'Zend\Uri\Http',
'https' => 'Zend\Uri\Http',
'mailto' => 'Zend\Uri\Mailto',
Expand All @@ -47,7 +47,7 @@ abstract class UriFactory
* @param string $scheme
* @param string $class
*/
static public function registerScheme($scheme, $class)
public static function registerScheme($scheme, $class)
{
$scheme = strtolower($scheme);
static::$schemeClasses[$scheme] = $class;
Expand All @@ -61,7 +61,7 @@ static public function registerScheme($scheme, $class)
* @throws Exception\InvalidArgumentException
* @return \Zend\Uri\Uri
*/
static public function factory($uriString, $defaultScheme = null)
public static function factory($uriString, $defaultScheme = null)
{
if (!is_string($uriString)) {
throw new Exception\InvalidArgumentException(sprintf(
Expand Down
6 changes: 3 additions & 3 deletions test/MailtoTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ class MailtoTest extends TestCase
*
* @return array
*/
static public function validSchemeProvider()
public function validSchemeProvider()
{
return array(
array('mailto'),
Expand All @@ -59,7 +59,7 @@ static public function validSchemeProvider()
*
* @return array
*/
static public function invalidSchemeProvider()
public function invalidSchemeProvider()
{
return array(
array('file'),
Expand All @@ -69,7 +69,7 @@ static public function invalidSchemeProvider()
);
}

static public function invalidUris()
public function invalidUris()
{
return array(
array('mailto:/foo@example.com'),
Expand Down
Loading

0 comments on commit 6f5587c

Please sign in to comment.