psr7
psr7 copied to clipboard
guzzle
Dealing with whitespaces in URI
Description
According to RFC3986 an URI with spaces should not be parsable. It should throw so the following 3 URI should throw:
Example
- ' http://a.b/p?q#f' (space before the URI)
- 'http://a.b/p?q#f ' (space after the URI)
- 'http://a.b/ p?q#f' (space inside the URI)
Additional context
Because parse_url is not following RFC3986 all implementations that do rely on it will gladly let those URI pass when they should not see https://3v4l.org/iur9H
Maybe a test should be added to the test suite to fix this issue.
Of course the issue is not applicable for PSR-7 with* methods which MUST normalized the input and thus will convert any spaces into %20 character.
For reference when using URI implementing objects:
League\Uri\Http::new(' http://example.com/ foo?bar=baz#quz '); // will throw (on the master branch)
new \Laminas\Diactoros\Uri(' http://example.com/ foo?bar=baz#quz '); // will return a URI without a scheme and without an authority
new \GuzzleHttp\Psr7\Uri(' http://example.com/ foo?bar=baz#quz '); // will return an URI with a scheme and an authority
Of course the instantiation is not included in tests but I presume that the UriFactoryInterface::createUri will behave in the same manner in those packages.
I opened a similar issue on laminas-diactoros
