allow only http/https url schemes

oscarotero · oscarotero · commit 0641d4a9ee8f · 2017-09-25T22:31:44.000+02:00
diff --git a/src/Http/Url.php b/src/Http/Url.php
@@ -654,6 +654,10 @@ function ($matches) {
             throw new \InvalidArgumentException('Malformed URL: ' . $url);
         }
 
+        if (empty($parts['scheme']) || !in_array($parts['scheme'], ['http', 'https'])) {
+            throw new \InvalidArgumentException(sprintf('Invalid URL scheme: "%s"', $parts['scheme']));
+        }
+
         foreach ($parts as $name => $value) {
             $parts[$name] = urldecode($value);
         }

Original file line number	Diff line number	Diff line change
`@@ -654,6 +654,10 @@ function ($matches) {`
`654`	`654`	`throw new \InvalidArgumentException('Malformed URL: ' . $url);`
`655`	`655`	`}`
`656`	`656`
	`657`	`+ if (empty($parts['scheme']) \|\| !in_array($parts['scheme'], ['http', 'https'])) {`
	`658`	`+ throw new \InvalidArgumentException(sprintf('Invalid URL scheme: "%s"', $parts['scheme']));`
	`659`	`+ }`
	`660`	`+`
`657`	`661`	`foreach ($parts as $name => $value) {`
`658`	`662`	`$parts[$name] = urldecode($value);`
`659`	`663`	`}`