psr7 icon indicating copy to clipboard operation
psr7 copied to clipboard

Published 20 hours ago verified publisher icon guzzle

`Uri::__toString()` can yield malformed URIs

Open dtdesign opened this issue 1 year ago • 1 comments

PHP version: 8.2.11 guzzlehttp/psr7: 2.6.1

Description The Uri class is able to parse malformed URIs but this results in Uri::__toString() generating a malformed URI. Attempting to pass that URI back into Uri will yield a MalformedUriException.

How to reproduce

$value = 'http://invalid:%20https://example.com';
$uri = new \GuzzleHttp\Psr7\Uri($value);
$uri2 = new \GuzzleHttp\Psr7\Uri($uri->__toString()); // Exception is thrown here.

Line 3 throws a GuzzleHttp\Psr7\Exception\MalformedUriException with the following error message:

Unable to parse URI: http://invalid:%20https//example.com

Notice how the colon after the https was stripped.

dtdesign avatar Oct 17 '23 11:10 dtdesign