Closed lazyguru closed 7 years ago
Wondering this as well. There doesn't seem to be a Magento method for it, although there is a Zend one: Zend\Uri\Http::parse
, so maybe use of that method is encouraged.
Hi @lazyguru, @erfanimani,
While not necessarily dangerous itself, we've seen parse_url
in a number of attacks.
We should probably revisit the list of forbidden functions and move parse_url
and other functions that are OK to use (keeping in mind security) to the discouraged list. We still want to report calls of those functions in the code for review as using them in an insecure way might introduce a vulnerability.
How to fix The use of function parse_str() is forbidden , Magento 2
Seems like \Zend\Uri\Http is removed from Magento 2.4.1 and higher. Is there any alternative?
@Dren7755 \Laminas\Uri\Http
Can you please explain why
parse_url()
is on the forbidden list?