Merge branch '5.4' into 6.4

nicolas-grekas · nicolas-grekas · commit b76371ed3514 · 2024-11-13T19:54:33.000+01:00
* 5.4:
  [HttpFoundation] Revert risk change
  [HttpClient] Fix catching some invalid Location headers
diff --git a/src/Symfony/Component/HttpClient/CurlHttpClient.php b/src/Symfony/Component/HttpClient/CurlHttpClient.php
@@ -421,6 +421,8 @@ private static function createRedirectResolver(array $options, string $host, int
             try {
                 $locationHasHost = false;
                 $location = self::parseUrl($location);
+                $url = self::parseUrl(curl_getinfo($ch, \CURLINFO_EFFECTIVE_URL));
+                $url = self::resolveUrl($location, $url);
             } catch (InvalidArgumentException) {
                 return null;
             }
@@ -441,9 +443,6 @@ private static function createRedirectResolver(array $options, string $host, int
                 curl_setopt($ch, \CURLOPT_HTTPHEADER, $redirectHeaders['with_auth']);
             }
 
-            $url = self::parseUrl(curl_getinfo($ch, \CURLINFO_EFFECTIVE_URL));
-            $url = self::resolveUrl($location, $url);
-
             curl_setopt($ch, \CURLOPT_PROXY, self::getProxyUrl($options['proxy'], $url));
 
             return implode('', $url);
diff --git a/src/Symfony/Component/HttpClient/NativeHttpClient.php b/src/Symfony/Component/HttpClient/NativeHttpClient.php
@@ -383,14 +383,14 @@ private static function createRedirectResolver(array $options, string $host, str
 
             try {
                 $url = self::parseUrl($location);
+                $locationHasHost = isset($url['authority']);
+                $url = self::resolveUrl($url, $info['url']);
             } catch (InvalidArgumentException) {
                 $info['redirect_url'] = null;
 
                 return null;
             }
 
-            $locationHasHost = isset($url['authority']);
-            $url = self::resolveUrl($url, $info['url']);
             $info['redirect_url'] = implode('', $url);
 
             if ($info['redirect_count'] >= $maxRedirects) {
diff --git a/src/Symfony/Component/HttpClient/Tests/HttpClientTestCase.php b/src/Symfony/Component/HttpClient/Tests/HttpClientTestCase.php
@@ -489,7 +489,11 @@ public function testNoRedirectWithInvalidLocation()
     {
         $client = $this->getHttpClient(__FUNCTION__);
 
-        $response = $client->request('GET', 'http://localhost:8057/302-no-scheme');
+        $response = $client->request('GET', 'http://localhost:8057/302?location=localhost:8067');
+
+        $this->assertSame(302, $response->getStatusCode());
+
+        $response = $client->request('GET', 'http://localhost:8057/302?location=http:localhost');
 
         $this->assertSame(302, $response->getStatusCode());
     }
diff --git a/src/Symfony/Component/HttpFoundation/Request.php b/src/Symfony/Component/HttpFoundation/Request.php
@@ -374,11 +374,9 @@ public static function create(string $uri, string $method = 'GET', array $parame
             if ('https' === $components['scheme']) {
                 $server['HTTPS'] = 'on';
                 $server['SERVER_PORT'] = 443;
-            } elseif ('http' === $components['scheme']) {
+            } else {
                 unset($server['HTTPS']);
                 $server['SERVER_PORT'] = 80;
-            } else {
-                throw new BadRequestException('Invalid URI: http(s) scheme expected.');
             }
         }
 
diff --git a/src/Symfony/Contracts/HttpClient/Test/Fixtures/web/index.php b/src/Symfony/Contracts/HttpClient/Test/Fixtures/web/index.php
@@ -31,7 +31,7 @@
 
 $json = json_encode($vars, \JSON_PRETTY_PRINT | \JSON_UNESCAPED_SLASHES | \JSON_UNESCAPED_UNICODE);
 
-switch ($vars['REQUEST_URI']) {
+switch (parse_url($vars['REQUEST_URI'], \PHP_URL_PATH)) {
     default:
         exit;
 
@@ -94,13 +94,8 @@
 
     case '/302':
         if (!isset($vars['HTTP_AUTHORIZATION'])) {
-            header('Location: http://localhost:8057/', true, 302);
-        }
-        break;
-
-    case '/302-no-scheme':
-        if (!isset($vars['HTTP_AUTHORIZATION'])) {
-            header('Location: localhost:8067', true, 302);
+            $location = $_GET['location'] ?? 'http://localhost:8057/';
+            header('Location: '.$location, true, 302);
         }
         break;
 

Original file line number	Diff line number	Diff line change
`@@ -489,7 +489,11 @@ public function testNoRedirectWithInvalidLocation()`
`489`	`489`	`{`
`490`	`490`	`$client = $this->getHttpClient(__FUNCTION__);`
`491`	`491`
`492`		`- $response = $client->request('GET', 'http://localhost:8057/302-no-scheme');`
	`492`	`+ $response = $client->request('GET', 'http://localhost:8057/302?location=localhost:8067');`
	`493`	`+`
	`494`	`+ $this->assertSame(302, $response->getStatusCode());`
	`495`	`+`
	`496`	`+ $response = $client->request('GET', 'http://localhost:8057/302?location=http:localhost');`
`493`	`497`
`494`	`498`	`$this->assertSame(302, $response->getStatusCode());`
`495`	`499`	`}`
Original file line number	Diff line number	Diff line change
`@@ -374,11 +374,9 @@ public static function create(string $uri, string $method = 'GET', array $parame`
`374`	`374`	`if ('https' === $components['scheme']) {`
`375`	`375`	`$server['HTTPS'] = 'on';`
`376`	`376`	`$server['SERVER_PORT'] = 443;`
`377`		`- } elseif ('http' === $components['scheme']) {`
	`377`	`+ } else {`
`378`	`378`	`unset($server['HTTPS']);`
`379`	`379`	`$server['SERVER_PORT'] = 80;`
`380`		`- } else {`
`381`		`- throw new BadRequestException('Invalid URI: http(s) scheme expected.');`
`382`	`380`	`}`
`383`	`381`	`}`
`384`	`382`