search

guzzle / psr7

PSR-7 HTTP message library
MIT License
7.86k stars 2 forks source link

`Uri::__toString()` can yield malformed URIs #583

Open dtdesign opened 11 months ago

dtdesign commented 11 months ago

PHP version: 8.2.11 guzzlehttp/psr7: 2.6.1

Description The Uri class is able to parse malformed URIs but this results in Uri::__toString() generating a malformed URI. Attempting to pass that URI back into Uri will yield a MalformedUriException.

How to reproduce

$value = 'http://invalid:%20https://example.com';
$uri = new \GuzzleHttp\Psr7\Uri($value);
$uri2 = new \GuzzleHttp\Psr7\Uri($uri->__toString()); // Exception is thrown here.

Line 3 throws a GuzzleHttp\Psr7\Exception\MalformedUriException with the following error message:

Unable to parse URI: http://invalid:%20https//example.com

Notice how the colon after the https was stripped.

GrahamCampbell commented 10 months ago

Thanks for the report. I am a little hesitent to change the behaviour here in 1.x or 2.x, but I am planning for 3.x to make some breaking changes to "fix" some spec compatibility issues, and this could be one such fix, if we can agree on a correct behaviour over on the php-http/psr7-integration-tests repo.