[HttpClient] Fix #50670 - HttpClient parseUrl is broken and not RFC compliant

Daniel Kozák · Daniel Kozák · commit ffc94baafeaf · 2023-06-15T15:04:26.000+02:00
diff --git a/src/Symfony/Component/HttpClient/HttpClientTrait.php b/src/Symfony/Component/HttpClient/HttpClientTrait.php
@@ -547,7 +547,7 @@ private static function parseUrl(string $url, array $query = [], array $allowedS
             }
 
             // https://tools.ietf.org/html/rfc3986#section-3.3
-            $parts[$part] = preg_replace_callback("#[^-A-Za-z0-9._~!$&/'()[\]*+,;=:@\\\\^`{|}%]++#", function ($m) { return rawurlencode($m[0]); }, $parts[$part]);
+            $parts[$part] = preg_replace_callback("#[^-A-Za-z0-9._~!$&/'()[\]*+,;=:@?\#%]++#", function ($m) { return rawurlencode($m[0]); }, $parts[$part]);
         }
 
         return [
@@ -634,11 +634,7 @@ private static function mergeQueryString(?string $queryString, array $queryArray
                     '%3B' => ';',
                     '%40' => '@',
                     '%5B' => '[',
-                    '%5C' => '\\',
                     '%5D' => ']',
-                    '%5E' => '^',
-                    '%60' => '`',
-                    '%7C' => '|',
                 ]);
             }
 
diff --git a/src/Symfony/Component/HttpClient/Tests/HttpClientTraitTest.php b/src/Symfony/Component/HttpClient/Tests/HttpClientTraitTest.php
@@ -155,12 +155,13 @@ public static function provideParseUrl(): iterable
         yield [['http:', '//example.com', null, null, null], 'http://Example.coM:80'];
         yield [['https:', '//xn--dj-kia8a.example.com:8000', '/', null, null], 'https://DÉjà.Example.com:8000/'];
         yield [[null, null, '/f%20o.o', '?a=b', '#c'], '/f o%2Eo?a=b#c'];
+        yield [[null, null, '/custom%7C2010-01-01%2000:00:00%7C2023-06-15%2005:50:35', '?a=b', '#c'], '/custom|2010-01-01 00:00:00|2023-06-15 05:50:35?a=b#c'];
         yield [[null, '//a:b@foo', '/bar', null, null], '//a:b@foo/bar'];
         yield [[null, '//a:b@foo', '/b{}', null, null], '//a:b@foo/b{}'];
         yield [['http:', null, null, null, null], 'http:'];
         yield [['http:', null, 'bar', null, null], 'http:bar'];
         yield [[null, null, 'bar', '?a=1&c=c', null], 'bar?a=a&b=b', ['b' => null, 'c' => 'c', 'a' => 1]];
-        yield [[null, null, 'bar', '?a=b+c&b=b-._~!$%26/%27()[]*%2B%2C;%3D:@%25\\^`%7B|%7D', null], 'bar?a=b+c', ['b' => 'b-._~!$&/\'()[]*+,;=:@%\\^`{|}']];
+        yield [[null, null, 'bar', '?a=b+c&b=b-._~!$%26/%27()[]*%2B%2C;%3D:@%25%5C%5E%60%7B%7C%7D', null], 'bar?a=b+c', ['b' => 'b-._~!$&/\'()[]*+,;=:@%\\^`{|}']];
         yield [[null, null, 'bar', '?a=b%2B%20c', null], 'bar?a=b+c', ['a' => 'b+ c']];
         yield [[null, null, 'bar', '?a[b]=c', null], 'bar', ['a' => ['b' => 'c']]];
         yield [[null, null, 'bar', '?a[b[c]=d', null], 'bar?a[b[c]=d', []];

Original file line number	Diff line number	Diff line change
`@@ -547,7 +547,7 @@ private static function parseUrl(string $url, array $query = [], array $allowedS`
`547`	`547`	`}`
`548`	`548`
`549`	`549`	`// https://tools.ietf.org/html/rfc3986#section-3.3`
`550`		- $parts[$part] = preg_replace_callback("#[^-A-Za-z0-9._~!$&/'()[\]*+,;=:@\\\\^`{\|}%]++#", function ($m) { return rawurlencode($m[0]); }, $parts[$part]);
	`550`	`+ $parts[$part] = preg_replace_callback("#[^-A-Za-z0-9._~!$&/'()[\]*+,;=:@?\#%]++#", function ($m) { return rawurlencode($m[0]); }, $parts[$part]);`
`551`	`551`	`}`
`552`	`552`
`553`	`553`	`return [`
`@@ -634,11 +634,7 @@ private static function mergeQueryString(?string $queryString, array $queryArray`
`634`	`634`	`'%3B' => ';',`
`635`	`635`	`'%40' => '@',`
`636`	`636`	`'%5B' => '[',`
`637`		`- '%5C' => '\\',`
`638`	`637`	`'%5D' => ']',`
`639`		`- '%5E' => '^',`
`640`		- '%60' => '`',
`641`		`- '%7C' => '\|',`
`642`	`638`	`]);`
`643`	`639`	`}`
`644`	`640`