From 3079cd9b5ded7e9d5b618bfbc35bab0eb179a980 Mon Sep 17 00:00:00 2001 From: kenjis Date: Thu, 23 Feb 2023 16:06:03 +0900 Subject: [PATCH] fix: createFromString() returns URI with invalid hostname --- system/HTTP/SiteURIFactory.php | 26 ++++++++++++++++++-------- 1 file changed, 18 insertions(+), 8 deletions(-) diff --git a/system/HTTP/SiteURIFactory.php b/system/HTTP/SiteURIFactory.php index e96cc2781f85..0115ef5df9d5 100644 --- a/system/HTTP/SiteURIFactory.php +++ b/system/HTTP/SiteURIFactory.php @@ -71,8 +71,9 @@ public function createFromString(string $uri): SiteURI } $relativePath = $parts['path'] . $query . $fragment; + $host = $this->getValidHost($parts['host']); - return new SiteURI($this->appConfig, $relativePath, $parts['host'], $parts['scheme']); + return new SiteURI($this->appConfig, $relativePath, $host, $parts['scheme']); } /** @@ -231,21 +232,30 @@ private function createURIFromRoutePath(string $routePath): SiteURI } /** - * @return string|null The current hostname. Returns null if no host header. + * @return string|null The current hostname. Returns null if no valid host. */ private function getHost(): ?string { - $host = null; - $httpHostPort = $this->server['HTTP_HOST'] ?? null; + if ($httpHostPort !== null) { [$httpHost] = explode(':', $httpHostPort, 2); - if (in_array($httpHost, $this->appConfig->allowedHostnames, true)) { - $host = $httpHost; - } + return $this->getValidHost($httpHost); + } + + return null; + } + + /** + * @return string|null The valid hostname. Returns null if not valid. + */ + private function getValidHost(string $host): ?string + { + if (in_array($host, $this->appConfig->allowedHostnames, true)) { + return $host; } - return $host; + return null; } }