File tree Expand file tree Collapse file tree 1 file changed +13
-0
lines changed Expand file tree Collapse file tree 1 file changed +13
-0
lines changed Original file line number Diff line number Diff line change @@ -119,6 +119,19 @@ echo (string) Uri::new('http://example.com/path/to?#');
119119
120120<p class =" message-info " >This improved compliance is available since version <code >7.5.0</code ></p >
121121
122+ Because ` PSR-7 ` UriInterface implementing object ` getPath ` may be used in
123+ header. A security issue may rise if the path is not stripped of multiple starting ` / ` .
124+ As such, ` getPath ` yield a different result depending on its raw value:
125+
126+ ~~~ php
127+ $uri = Http::new('https://example.com///miscillaneous.tld');
128+ echo (string) $uri;
129+ // returns 'https://example.com///miscillaneous.tld'
130+
131+ echo $uri->getPath();
132+ // returns '/miscillaneous.tld' the extra leading slashes are removed
133+ ~~~
134+
122135## PSR-17 compatibility
123136
124137The package also provides an implementation of the ` UriFactoryInterface ` from [ PSR-17] ( https://www.php-fig.org/psr/psr-17/ )
You can’t perform that action at this time.
0 commit comments