Merge branch '7.1' into 7.2

* 7.1:
  reject URLs containing whitespaces
  Update validators.fa.xlf
  [HttpClient] Fix a typo in NoPrivateNetworkHttpClient

Author: fabpot

src/Symfony/Component/HtmlSanitizer/Tests/TextSanitizer/UrlSanitizerTest.php

@@ -358,10 +358,10 @@ public static function provideParse(): iterable
             'non-special://:@untrusted.com/x' => ['scheme' => 'non-special', 'host' => 'untrusted.com'],
             'http:foo.com' => ['scheme' => 'http', 'host' => null],
             "	   :foo.com   \n" => null,
-            ' foo.com  ' => ['scheme' => null, 'host' => null],
+            ' foo.com  ' => null,
             'a:	 foo.com' => null,
-            'http://f:21/ b ? d # e ' => ['scheme' => 'http', 'host' => 'f'],
-            'lolscheme:x x#x x' => ['scheme' => 'lolscheme', 'host' => null],
+            'http://f:21/ b ? d # e ' => null,
+            'lolscheme:x x#x x' => null,
             'http://f:/c' => ['scheme' => 'http', 'host' => 'f'],
             'http://f:0/c' => ['scheme' => 'http', 'host' => 'f'],
             'http://f:00000000000000/c' => ['scheme' => 'http', 'host' => 'f'],
@@ -434,7 +434,7 @@ public static function provideParse(): iterable
             'javascript:example.com/' => ['scheme' => 'javascript', 'host' => null],
             'mailto:example.com/' => ['scheme' => 'mailto', 'host' => null],
             '/a/b/c' => ['scheme' => null, 'host' => null],
-            '/a/ /c' => ['scheme' => null, 'host' => null],
+            '/a/ /c' => null,
             '/a%2fc' => ['scheme' => null, 'host' => null],
             '/a/%2f/c' => ['scheme' => null, 'host' => null],
             '#β' => ['scheme' => null, 'host' => null],
@@ -495,10 +495,10 @@ public static function provideParse(): iterable
             'http://example.com/你好你好' => ['scheme' => 'http', 'host' => 'example.com'],
             'http://example.com/‥/foo' => ['scheme' => 'http', 'host' => 'example.com'],
             "http://example.com/\u{feff}/foo" => ['scheme' => 'http', 'host' => 'example.com'],
-            "http://example.com\u{002f}\u{202e}\u{002f}\u{0066}\u{006f}\u{006f}\u{002f}\u{202d}\u{002f}\u{0062}\u{0061}\u{0072}\u{0027}\u{0020}" => ['scheme' => 'http', 'host' => 'example.com'],
+            "http://example.com\u{002f}\u{202e}\u{002f}\u{0066}\u{006f}\u{006f}\u{002f}\u{202d}\u{002f}\u{0062}\u{0061}\u{0072}\u{0027}\u{0020}" => null,
             'http://www.google.com/foo?bar=baz#' => ['scheme' => 'http', 'host' => 'www.google.com'],
-            'http://www.google.com/foo?bar=baz# »' => ['scheme' => 'http', 'host' => 'www.google.com'],
-            'data:test# »' => ['scheme' => 'data', 'host' => null],
+            'http://www.google.com/foo?bar=baz# »' => null,
+            'data:test# »' => null,
             'http://www.google.com' => ['scheme' => 'http', 'host' => 'www.google.com'],
             'http://192.0x00A80001' => ['scheme' => 'http', 'host' => '192.0x00A80001'],
             'http://www/foo%2Ehtml' => ['scheme' => 'http', 'host' => 'www'],
@@ -706,11 +706,11 @@ public static function provideParse(): iterable
             'test-a-colon-slash-slash-b.html' => ['scheme' => null, 'host' => null],
             'http://example.org/test?a#bc' => ['scheme' => 'http', 'host' => 'example.org'],
             'http:\\/\\/f:b\\/c' => ['scheme' => 'http', 'host' => null],
-            'http:\\/\\/f: \\/c' => ['scheme' => 'http', 'host' => null],
+            'http:\\/\\/f: \\/c' => null,
             'http:\\/\\/f:fifty-two\\/c' => ['scheme' => 'http', 'host' => null],
             'http:\\/\\/f:999999\\/c' => ['scheme' => 'http', 'host' => null],
             'non-special:\\/\\/f:999999\\/c' => ['scheme' => 'non-special', 'host' => null],
-            'http:\\/\\/f: 21 \\/ b ? d # e ' => ['scheme' => 'http', 'host' => null],
+            'http:\\/\\/f: 21 \\/ b ? d # e ' => null,
             'http:\\/\\/[1::2]:3:4' => ['scheme' => 'http', 'host' => null],
             'http:\\/\\/2001::1' => ['scheme' => 'http', 'host' => null],
             'http:\\/\\/2001::1]' => ['scheme' => 'http', 'host' => null],
@@ -734,8 +734,8 @@ public static function provideParse(): iterable
             'http:@:www.example.com' => ['scheme' => 'http', 'host' => null],
             'http:\\/@:www.example.com' => ['scheme' => 'http', 'host' => null],
             'http:\\/\\/@:www.example.com' => ['scheme' => 'http', 'host' => null],
-            'http:\\/\\/example example.com' => ['scheme' => 'http', 'host' => null],
-            'http:\\/\\/Goo%20 goo%7C|.com' => ['scheme' => 'http', 'host' => null],
+            'http:\\/\\/example example.com' => null,
+            'http:\\/\\/Goo%20 goo%7C|.com' => null,
             'http:\\/\\/[]' => ['scheme' => 'http', 'host' => null],
             'http:\\/\\/[:]' => ['scheme' => 'http', 'host' => null],
             'http:\\/\\/GOO\\u00a0\\u3000goo.com' => ['scheme' => 'http', 'host' => null],
@@ -752,8 +752,8 @@ public static function provideParse(): iterable
             'http:\\/\\/hello%00' => ['scheme' => 'http', 'host' => null],
             'http:\\/\\/192.168.0.257' => ['scheme' => 'http', 'host' => null],
             'http:\\/\\/%3g%78%63%30%2e%30%32%35%30%2E.01' => ['scheme' => 'http', 'host' => null],
-            'http:\\/\\/192.168.0.1 hello' => ['scheme' => 'http', 'host' => null],
-            'https:\\/\\/x x:12' => ['scheme' => 'https', 'host' => null],
+            'http:\\/\\/192.168.0.1 hello' => null,
+            'https:\\/\\/x x:12' => null,
             'http:\\/\\/[www.google.com]\\/' => ['scheme' => 'http', 'host' => null],
             'http:\\/\\/[google.com]' => ['scheme' => 'http', 'host' => null],
             'http:\\/\\/[::1.2.3.4x]' => ['scheme' => 'http', 'host' => null],
@@ -763,7 +763,7 @@ public static function provideParse(): iterable
             '..\\/i' => ['scheme' => null, 'host' => null],
             '\\/i' => ['scheme' => null, 'host' => null],
             'sc:\\/\\/\\u0000\\/' => ['scheme' => 'sc', 'host' => null],
-            'sc:\\/\\/ \\/' => ['scheme' => 'sc', 'host' => null],
+            'sc:\\/\\/ \\/' => null,
             'sc:\\/\\/@\\/' => ['scheme' => 'sc', 'host' => null],
             'sc:\\/\\/te@s:t@\\/' => ['scheme' => 'sc', 'host' => null],
             'sc:\\/\\/:\\/' => ['scheme' => 'sc', 'host' => null],

src/Symfony/Component/HtmlSanitizer/TextSanitizer/UrlSanitizer.php

@@ -94,7 +94,13 @@ public static function parse(string $url): ?array
         }
 
         try {
-            return UriString::parse($url);
+            $parsedUrl = UriString::parse($url);
+
+            if (preg_match('/\s/', $url)) {
+                return null;
+            }
+
+            return $parsedUrl;
         } catch (SyntaxError) {
             return null;
         }

src/Symfony/Component/HttpClient/NoPrivateNetworkHttpClient.php

@@ -138,7 +138,7 @@ public function request(string $method, string $url, array $options = []): Respo
                     $filterContentHeaders = static function ($h) {
                         return 0 !== stripos($h, 'Content-Length:') && 0 !== stripos($h, 'Content-Type:') && 0 !== stripos($h, 'Transfer-Encoding:');
                     };
-                    $options['header'] = array_filter($options['header'], $filterContentHeaders);
+                    $options['headers'] = array_filter($options['headers'], $filterContentHeaders);
                     $redirectHeaders['no_auth'] = array_filter($redirectHeaders['no_auth'], $filterContentHeaders);
                     $redirectHeaders['with_auth'] = array_filter($redirectHeaders['with_auth'], $filterContentHeaders);
                 }

src/Symfony/Component/HttpClient/Tests/NoPrivateNetworkHttpClientTest.php

@@ -175,6 +175,27 @@ public function testNonCallableOnProgressCallback()
         $client->request('GET', $url, ['on_progress' => $customCallback]);
     }
 
+    public function testHeadersArePassedOnRedirect()
+    {
+        $ipAddr = '104.26.14.6';
+        $url = sprintf('http://%s/', $ipAddr);
+        $content = 'foo';
+
+        $callback = function ($method, $url, $options) use ($content): MockResponse {
+            $this->assertArrayHasKey('headers', $options);
+            $this->assertNotContains('content-type: application/json', $options['headers']);
+            $this->assertContains('foo: bar', $options['headers']);
+            return new MockResponse($content);
+        };
+        $responses = [
+            new MockResponse('', ['http_code' => 302, 'redirect_url' => 'http://104.26.14.7']),
+            $callback,
+        ];
+        $client = new NoPrivateNetworkHttpClient(new MockHttpClient($responses));
+        $response = $client->request('POST', $url, ['headers' => ['foo' => 'bar', 'content-type' => 'application/json']]);
+        $this->assertEquals($content, $response->getContent());
+    }
+
     private function getMockHttpClient(string $ipAddr, string $content)
     {
         return new MockHttpClient(new MockResponse($content, ['primary_ip' => $ipAddr]));

src/Symfony/Component/Validator/Resources/translations/validators.fa.xlf

@@ -444,27 +444,27 @@
             </trans-unit>
             <trans-unit id="114">
                 <source>This value is too short. It should contain at least one word.|This value is too short. It should contain at least {{ min }} words.</source>
-                <target state="needs-translation">This value is too short. It should contain at least one word.|This value is too short. It should contain at least {{ min }} words.</target>
+                <target>این مقدار بسیار کوتاه است. باید حداقل یک کلمه داشته باشد.|این مقدار بسیار کوتاه است. باید حداقل {{ min }} کلمه داشته باشد.</target>
             </trans-unit>
             <trans-unit id="115">
                 <source>This value is too long. It should contain one word.|This value is too long. It should contain {{ max }} words or less.</source>
-                <target state="needs-translation">This value is too long. It should contain one word.|This value is too long. It should contain {{ max }} words or less.</target>
+                <target>این مقدار بیش از حد طولانی است. باید فقط یک کلمه باشد.|این مقدار بیش از حد طولانی است. باید حداکثر {{ max }} کلمه داشته باشد.</target>
             </trans-unit>
             <trans-unit id="116">
                 <source>This value does not represent a valid week in the ISO 8601 format.</source>
-                <target state="needs-translation">This value does not represent a valid week in the ISO 8601 format.</target>
+                <target>این مقدار یک هفته معتبر در قالب ISO 8601 را نشان نمی‌دهد.</target>
             </trans-unit>
             <trans-unit id="117">
                 <source>This value is not a valid week.</source>
-                <target state="needs-translation">This value is not a valid week.</target>
+                <target>این مقدار یک هفته معتبر نیست.</target>
             </trans-unit>
             <trans-unit id="118">
                 <source>This value should not be before week "{{ min }}".</source>
-                <target state="needs-translation">This value should not be before week "{{ min }}".</target>
+                <target>این مقدار نباید قبل از هفته "{{ min }}" باشد.</target>
             </trans-unit>
             <trans-unit id="119">
                 <source>This value should not be after week "{{ max }}".</source>
-                <target state="needs-translation">This value should not be after week "{{ max }}".</target>
+                <target>این مقدار نباید بعد از هفته "{{ max }}" باشد.</target>
             </trans-unit>
         </body>
     </file>