From 43abd411da734db2ca44710b2307e2d850f89ff5 Mon Sep 17 00:00:00 2001 From: Auke van Slooten Date: Thu, 2 Jun 2022 09:57:47 +0200 Subject: [PATCH] added scheme check --- src/http/ClientStream.php | 7 +++++++ tests/http_clientstream.Test.php | 6 +++--- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/src/http/ClientStream.php b/src/http/ClientStream.php index 7a16f6f..c766b50 100644 --- a/src/http/ClientStream.php +++ b/src/http/ClientStream.php @@ -18,6 +18,10 @@ */ class ClientStream implements Client { + public $whitelist = [ + 'http','https' + ]; + private $options = [ 'headers' => [], 'timeout' => 5, @@ -75,6 +79,9 @@ private function mergeHeaders() { public function request( $type, $url, $request = null, $options = [] ) { $url = \arc\url::url( (string) $url); + if (!in_array($url->scheme, $this->whitelist)) { + throw new \arc\IllegalRequest("Scheme ".$url->scheme." is not allowed", \arc\exceptions::ILLEGAL_ARGUMENT); + } if ($type == 'GET' && $request) { $url->query->import( $request); $request = null; diff --git a/tests/http_clientstream.Test.php b/tests/http_clientstream.Test.php index 961b6ac..a4a565b 100644 --- a/tests/http_clientstream.Test.php +++ b/tests/http_clientstream.Test.php @@ -56,9 +56,9 @@ function testHeader() function testBroken() { + $this->expectException(\arc\IllegalRequest::class); $client = new \arc\http\ClientStream(); $page = $client->get('afeafawfafweaga'); - $this->assertFalse($page); } // second request should unset old data @@ -68,7 +68,7 @@ function testSecondRequest() $res1 = $client->get('https://www.ariadne-cms.org/'); $resHeader1 = $client->responseHeaders; - $res2 = $client->get('invalid'); + $res2 = $client->get('https://www.muze.nl/'); $resHeader2 = $client->responseHeaders; $this->assertTrue($resHeader1 !== $resHeader2); } @@ -78,7 +78,7 @@ function testFailGet() $client = new \arc\http\ClientStream(); // do request, any will do - $result = $client->get('incorrect_url'); + $result = $client->get('http://broken/'); $this->assertFalse($result); }