It would get confused by URLs with a query portion but no path.
We no longer support any vulnerable versions of PHP, but it would still
be useful to have these tests.
Bug: T212067
Change-Id: I15c15161a668115d68eb2e2f8004826b47148fc1
(cherry picked from commit
489bb4fb981cfe2e81b647c498e329033a4bc72b)
'invalid://test/',
false
],
+ // T212067
+ [
+ '//evil.com?example.org/foo/bar',
+ [
+ 'scheme' => '',
+ 'delimiter' => '//',
+ 'host' => 'evil.com',
+ 'query' => 'example.org/foo/bar',
+ ]
+ ],
+ [
+ '//evil.com?example.org/foo/bar?baz#quux',
+ [
+ 'scheme' => '',
+ 'delimiter' => '//',
+ 'host' => 'evil.com',
+ 'query' => 'example.org/foo/bar?baz',
+ 'fragment' => 'quux',
+ ]
+ ],
+ [
+ '//evil.com?example.org?baz#quux',
+ [
+ 'scheme' => '',
+ 'delimiter' => '//',
+ 'host' => 'evil.com',
+ 'query' => 'example.org?baz',
+ 'fragment' => 'quux',
+ ]
+ ],
+ [
+ '//evil.com?example.org#quux',
+ [
+ 'scheme' => '',
+ 'delimiter' => '//',
+ 'host' => 'evil.com',
+ 'query' => 'example.org',
+ 'fragment' => 'quux',
+ ]
+ ],
];
}
}