Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 8f377d7

Browse files
nicolas-grekasnicolas-grekas
committed
[HttpClient] Fix over-encoding of URL parts to match browser's behavior
1 parent 3af52ad commit 8f377d7

File tree

2 files changed

+32
-7
lines changed

2 files changed

+32
-7
lines changed

HttpClientTrait.php

Lines changed: 26 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -547,7 +547,7 @@ private static function parseUrl(string $url, array $query = [], array $allowedS
547547
}
548548

549549
// https://tools.ietf.org/html/rfc3986#section-3.3
550-
$parts[$part] = preg_replace_callback("#[^-A-Za-z0-9._~!$&/'()*+,;=:@%]++#", function ($m) { return rawurlencode($m[0]); }, $parts[$part]);
550+
$parts[$part] = preg_replace_callback("#[^-A-Za-z0-9._~!$&/'()[\]*+,;=:@\\\\^`{|}%]++#", function ($m) { return rawurlencode($m[0]); }, $parts[$part]);
551551
}
552552

553553
return [
@@ -621,6 +621,31 @@ private static function mergeQueryString(?string $queryString, array $queryArray
621621
$queryArray = [];
622622

623623
if ($queryString) {
624+
if (str_contains($queryString, '%')) {
625+
// https://tools.ietf.org/html/rfc3986#section-2.3 + some chars not encoded by browsers
626+
$queryString = strtr($queryString, [
627+
'%21' => '!',
628+
'%24' => '$',
629+
'%28' => '(',
630+
'%29' => ')',
631+
'%2A' => '*',
632+
'%2B' => '+',
633+
'%2C' => ',',
634+
'%2F' => '/',
635+
'%3A' => ':',
636+
'%3B' => ';',
637+
'%40' => '@',
638+
'%5B' => '[',
639+
'%5C' => '\\',
640+
'%5D' => ']',
641+
'%5E' => '^',
642+
'%60' => '`',
643+
'%7B' => '{',
644+
'%7C' => '|',
645+
'%7D' => '}',
646+
]);
647+
}
648+
624649
foreach (explode('&', $queryString) as $v) {
625650
$queryArray[rawurldecode(explode('=', $v, 2)[0])] = $v;
626651
}

Tests/HttpClientTraitTest.php

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -157,12 +157,12 @@ public function provideParseUrl(): iterable
157157
yield [['http:', null, null, null, null], 'http:'];
158158
yield [['http:', null, 'bar', null, null], 'http:bar'];
159159
yield [[null, null, 'bar', '?a=1&c=c', null], 'bar?a=a&b=b', ['b' => null, 'c' => 'c', 'a' => 1]];
160-
yield [[null, null, 'bar', '?a=b+c&b=b', null], 'bar?a=b+c', ['b' => 'b']];
161-
yield [[null, null, 'bar', '?a=b%2B%20c', null], 'bar?a=b+c', ['a' => 'b+ c']];
162-
yield [[null, null, 'bar', '?a%5Bb%5D=c', null], 'bar', ['a' => ['b' => 'c']]];
163-
yield [[null, null, 'bar', '?a%5Bb%5Bc%5D=d', null], 'bar?a[b[c]=d', []];
164-
yield [[null, null, 'bar', '?a%5Bb%5D%5Bc%5D=dd', null], 'bar?a[b][c]=d&e[f]=g', ['a' => ['b' => ['c' => 'dd']], 'e[f]' => null]];
165-
yield [[null, null, 'bar', '?a=b&a%5Bb%20c%5D=d&e%3Df=%E2%9C%93', null], 'bar?a=b', ['a' => ['b c' => 'd'], 'e=f' => '']];
160+
yield [[null, null, 'bar', '?a=b+c&b=b-._~!$%26/%27()[]*+,;%3D:@%25\\^`{|}', null], 'bar?a=b+c', ['b' => 'b-._~!$&/\'()[]*+,;=:@%\\^`{|}']];
161+
yield [[null, null, 'bar', '?a=b+%20c', null], 'bar?a=b+c', ['a' => 'b+ c']];
162+
yield [[null, null, 'bar', '?a[b]=c', null], 'bar', ['a' => ['b' => 'c']]];
163+
yield [[null, null, 'bar', '?a[b[c]=d', null], 'bar?a[b[c]=d', []];
164+
yield [[null, null, 'bar', '?a[b][c]=dd', null], 'bar?a[b][c]=d&e[f]=g', ['a' => ['b' => ['c' => 'dd']], 'e[f]' => null]];
165+
yield [[null, null, 'bar', '?a=b&a[b%20c]=d&e%3Df=%E2%9C%93', null], 'bar?a=b', ['a' => ['b c' => 'd'], 'e=f' => '']];
166166
// IDNA 2008 compliance
167167
yield [['https:', '//xn--fuball-cta.test', null, null, null], 'https://fußball.test'];
168168
}

0 commit comments

Comments
 (0)