[HttpFoundation] Fix request uri when it starts with double slashes

alquerci · alquerci · commit ee1d77f3df94 · 2018-12-09T21:38:02.000+01:00
diff --git a/src/Symfony/Component/HttpFoundation/Request.php b/src/Symfony/Component/HttpFoundation/Request.php
@@ -1837,15 +1837,23 @@ protected function prepareRequestUri()
         } elseif ($this->server->has('REQUEST_URI')) {
             $requestUri = $this->server->get('REQUEST_URI');
 
-            // HTTP proxy reqs setup request URI with scheme and host [and port] + the URL path, only use URL path
-            $uriComponents = parse_url($requestUri);
+            if ('' !== $requestUri && '/' === $requestUri[0]) {
+                // To only use path and query remove the fragment.
+                if (false !== $pos = strpos($requestUri, '#')) {
+                    $requestUri = substr($requestUri, 0, $pos);
+                }
+            } else {
+                // HTTP proxy reqs setup request URI with scheme and host [and port] + the URL path,
+                // only use URL path.
+                $uriComponents = parse_url($requestUri);
 
-            if (isset($uriComponents['path'])) {
-                $requestUri = $uriComponents['path'];
-            }
+                if (isset($uriComponents['path'])) {
+                    $requestUri = $uriComponents['path'];
+                }
 
-            if (isset($uriComponents['query'])) {
-                $requestUri .= '?'.$uriComponents['query'];
+                if (isset($uriComponents['query'])) {
+                    $requestUri .= '?'.$uriComponents['query'];
+                }
             }
         } elseif ($this->server->has('ORIG_PATH_INFO')) {
             // IIS 5.0, PHP as CGI
diff --git a/src/Symfony/Component/HttpFoundation/Tests/RequestTest.php b/src/Symfony/Component/HttpFoundation/Tests/RequestTest.php
@@ -238,49 +238,53 @@ public function testCreate()
         $this->assertEquals('http://test.com/foo', $request->getUri());
     }
 
-    public function testCreateWithRequestUri()
+    /**
+     * @dataProvider getRequestUriData
+     */
+    public function testGetRequestUri($serverRequestUri, $expected, $message)
     {
-        $request = Request::create('http://test.com:80/foo');
-        $request->server->set('REQUEST_URI', 'http://test.com:80/foo');
-        $this->assertEquals('http://test.com/foo', $request->getUri());
-        $this->assertEquals('/foo', $request->getPathInfo());
-        $this->assertEquals('test.com', $request->getHost());
-        $this->assertEquals('test.com', $request->getHttpHost());
-        $this->assertEquals(80, $request->getPort());
-        $this->assertFalse($request->isSecure());
+        $request = new Request();
+        $request->server->add(array(
+            'REQUEST_URI' => $serverRequestUri,
 
-        $request = Request::create('http://test.com:8080/foo');
-        $request->server->set('REQUEST_URI', 'http://test.com:8080/foo');
-        $this->assertEquals('http://test.com:8080/foo', $request->getUri());
-        $this->assertEquals('/foo', $request->getPathInfo());
-        $this->assertEquals('test.com', $request->getHost());
-        $this->assertEquals('test.com:8080', $request->getHttpHost());
-        $this->assertEquals(8080, $request->getPort());
-        $this->assertFalse($request->isSecure());
+            // For having http://test.com
+            'SERVER_NAME' => 'test.com',
+            'SERVER_PORT' => 80,
+        ));
 
-        $request = Request::create('http://test.com/foo?bar=foo', 'GET', array('bar' => 'baz'));
-        $request->server->set('REQUEST_URI', 'http://test.com/foo?bar=foo');
-        $this->assertEquals('http://test.com/foo?bar=baz', $request->getUri());
-        $this->assertEquals('/foo', $request->getPathInfo());
-        $this->assertEquals('bar=baz', $request->getQueryString());
-        $this->assertEquals('test.com', $request->getHost());
-        $this->assertEquals('test.com', $request->getHttpHost());
-        $this->assertEquals(80, $request->getPort());
-        $this->assertFalse($request->isSecure());
+        $this->assertSame($expected, $request->getRequestUri(), $message);
+        $this->assertSame($expected, $request->server->get('REQUEST_URI'), 'Normalize the request URI.');
+    }
 
-        $request = Request::create('https://test.com:443/foo');
-        $request->server->set('REQUEST_URI', 'https://test.com:443/foo');
-        $this->assertEquals('https://test.com/foo', $request->getUri());
-        $this->assertEquals('/foo', $request->getPathInfo());
-        $this->assertEquals('test.com', $request->getHost());
-        $this->assertEquals('test.com', $request->getHttpHost());
-        $this->assertEquals(443, $request->getPort());
-        $this->assertTrue($request->isSecure());
+    public function getRequestUriData()
+    {
+        $message = 'Do not modify the path.';
+        yield array('/foo', '/foo', $message);
+        yield array('//bar/foo', '//bar/foo', $message);
+        yield array('///bar/foo', '///bar/foo', $message);
 
-        // Fragment should not be included in the URI
-        $request = Request::create('http://test.com/foo#bar');
-        $request->server->set('REQUEST_URI', 'http://test.com/foo#bar');
-        $this->assertEquals('http://test.com/foo', $request->getUri());
+        $message = 'Handle when the scheme, host are on REQUEST_URI.';
+        yield array('http://test.com/foo?bar=baz', '/foo?bar=baz', $message);
+
+        $message = 'Handle when the scheme, host and port are on REQUEST_URI.';
+        yield array('http://test.com:80/foo', '/foo', $message);
+        yield array('https://test.com:8080/foo', '/foo', $message);
+        yield array('https://test.com:443/foo', '/foo', $message);
+
+        $message = 'Fragment should not be included in the URI';
+        yield array('http://test.com/foo#bar', '/foo', $message);
+        yield array('/foo#bar', '/foo', $message);
+    }
+
+    public function testGetRequestUriWithoutRequiredHeader()
+    {
+        $expected = '';
+
+        $request = new Request();
+
+        $message = 'Fallback to empty URI when headers are missing.';
+        $this->assertSame($expected, $request->getRequestUri(), $message);
+        $this->assertSame($expected, $request->server->get('REQUEST_URI'), 'Normalize the request URI.');
     }
 
     public function testCreateCheckPrecedence()
