Normalize URI usage against space inside the URI string

nyamsprod · nyamsprod · commit d4f348e789b5 · 2025-04-22T20:45:16.000+02:00
diff --git a/uri/CHANGELOG.md b/uri/CHANGELOG.md
@@ -23,6 +23,8 @@ All Notable changes to `League\Uri` will be documented in this file
 - `Uri` and `Http` normalization normalized IP against RFC3986 rules and not WHATWG rules.
 - `Uri::getOrigin` now follows WHATWG cross-origin definition
 - `Uri` host encoding compliance to RFC3986 is improved by supporting RFC3986 encoded URI properly
+- `Uri` parsing with strings started or ended with empty string are no longer allowed
+- `Uri` space are rawurlencoded.
 
 ### Deprecated
 
diff --git a/uri/FactoryTest.php b/uri/FactoryTest.php
@@ -566,8 +566,6 @@ public static function invalidUriWithWhitespaceProvider(): iterable
         yield 'uri containing only whitespaces' => ['uri' => '     '];
         yield 'uri starting with whitespaces' => ['uri' => '    https://a/b?c'];
         yield 'uri ending with whitespaces' => ['uri' => 'https://a/b?c   '];
-        yield 'uri surrounded by whitespaces' => ['uri' => '   https://a/b?c   '];
-        yield 'uri containing whitespaces' => ['uri' => 'https://a/b ?c'];
     }
 
     #[Test]
diff --git a/uri/HttpFactoryTest.php b/uri/HttpFactoryTest.php
@@ -49,6 +49,5 @@ public static function invalidUriWithWhitespaceProvider(): iterable
         yield 'uri starting with whitespaces' => ['uri' => '    https://a/b?c'];
         yield 'uri ending with whitespaces' => ['uri' => 'https://a/b?c   '];
         yield 'uri surrounded with whitespaces' => ['uri' => '   https://a/b?c   '];
-        yield 'uri containing whitespaces' => ['uri' => 'https://a/b ?c'];
     }
 }
diff --git a/uri/Uri.php b/uri/Uri.php
@@ -478,7 +478,10 @@ public static function tryNew(Stringable|string|null $uri = ''): ?self
      */
     public static function new(Stringable|string $uri = ''): self
     {
-        return new self(...UriString::parse($uri));
+        $uri = (string) $uri;
+        trim($uri) === $uri || throw new SyntaxError(sprintf('The uri `%s` contains invalid characters', $uri));
+
+        return new self(...UriString::parse(str_replace(' ', '%20', $uri)));
     }
 
     /**

Original file line number	Diff line number	Diff line change
`@@ -566,8 +566,6 @@ public static function invalidUriWithWhitespaceProvider(): iterable`
`566`	`566`	`yield 'uri containing only whitespaces' => ['uri' => ' '];`
`567`	`567`	`yield 'uri starting with whitespaces' => ['uri' => ' https://a/b?c'];`
`568`	`568`	`yield 'uri ending with whitespaces' => ['uri' => 'https://a/b?c '];`
`569`		`- yield 'uri surrounded by whitespaces' => ['uri' => ' https://a/b?c '];`
`570`		`- yield 'uri containing whitespaces' => ['uri' => 'https://a/b ?c'];`
`571`	`569`	`}`
`572`	`570`
`573`	`571`	`#[Test]`
Original file line number	Diff line number	Diff line change
`@@ -49,6 +49,5 @@ public static function invalidUriWithWhitespaceProvider(): iterable`
`49`	`49`	`yield 'uri starting with whitespaces' => ['uri' => ' https://a/b?c'];`
`50`	`50`	`yield 'uri ending with whitespaces' => ['uri' => 'https://a/b?c '];`
`51`	`51`	`yield 'uri surrounded with whitespaces' => ['uri' => ' https://a/b?c '];`
`52`		`- yield 'uri containing whitespaces' => ['uri' => 'https://a/b ?c'];`
`53`	`52`	`}`
`54`	`53`	`}`
Original file line number	Diff line number	Diff line change
`@@ -478,7 +478,10 @@ public static function tryNew(Stringable\|string\|null $uri = ''): ?self`
`478`	`478`	`*/`
`479`	`479`	`public static function new(Stringable\|string $uri = ''): self`
`480`	`480`	`{`
`481`		`- return new self(...UriString::parse($uri));`
	`481`	`+ $uri = (string) $uri;`
	`482`	+ trim($uri) === $uri \|\| throw new SyntaxError(sprintf('The uri `%s` contains invalid characters', $uri));
	`483`	`+`
	`484`	`+ return new self(...UriString::parse(str_replace(' ', '%20', $uri)));`
`482`	`485`	`}`
`483`	`486`
`484`	`487`	`/**`