Merge pull request #151 from roelvanduijnhoven/do-not-throw-on-invali…

…d-uri Passing an invalid uri to the referrer header should no longer throw
zendframework · Aug 13, 2018 · ca6f861 · ca6f861
2 parents 6bd2e29 + 9820cbb
commit ca6f861
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 0 deletions.
diff --git a/src/Header/AbstractLocation.php b/src/Header/AbstractLocation.php
@@ -76,6 +76,12 @@ public function setUri($uri)
                     $e->getCode(),
                     $e
                 );
+            } catch (UriException\InvalidArgumentException $e) {
+                throw new Exception\InvalidArgumentException(
+                    sprintf('Invalid URI passed as string (%s)', (string) $uri),
+                    $e->getCode(),
+                    $e
+                );
             }
         } elseif (! ($uri instanceof UriInterface)) {
             throw new Exception\InvalidArgumentException('URI must be an instance of Zend\Uri\Http or a string');

diff --git a/test/Header/RefererTest.php b/test/Header/RefererTest.php
@@ -77,4 +77,17 @@ public function testCRLFAttack()
         $this->expectException(InvalidArgumentException::class);
         Referer::fromString("Referer: http://www.example.com/\r\n\r\nevilContent");
     }
+
+    public function testInvalidUriShouldWrapException()
+    {
+        $headerString = "Referer: unknown-scheme://test";
+
+        $headers = \Zend\Http\Headers::fromString($headerString);
+
+        $result = $headers->get('Referer');
+
+        $this->assertInstanceOf(\Zend\Http\Header\GenericHeader::class, $result);
+        $this->assertNotInstanceOf(\Zend\Http\Header\Referer::class, $result);
+        $this->assertEquals('unknown-scheme://test', $result->getFieldValue());
+    }
 }