Merge pull request #1274 from bradjones1/uri

Use league/uri for true URI validation
thephpleague · Apr 6, 2022 · 2795c48 · 2795c48
2 parents 8c2fa79 + d56a5b3
commit 2795c48
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 6 deletions.
diff --git a/composer.json b/composer.json
@@ -7,6 +7,7 @@
         "php": "^7.2 || ^8.0",
         "ext-openssl": "*",
         "league/event": "^2.2",
+        "league/uri": "^6",
         "lcobucci/jwt": "^3.4.6 || ^4.0.4",
         "psr/http-message": "^1.0.1",
         "defuse/php-encryption": "^2.2.1",

diff --git a/src/RedirectUriValidators/RedirectUriValidator.php b/src/RedirectUriValidators/RedirectUriValidator.php
@@ -9,6 +9,8 @@
 
 namespace League\OAuth2\Server\RedirectUriValidators;
 
+use League\Uri\Uri;
+
 class RedirectUriValidator implements RedirectUriValidatorInterface
 {
     /**
@@ -59,10 +61,10 @@ public function validateRedirectUri($redirectUri)
      */
     private function isLoopbackUri($redirectUri)
     {
-        $parsedUrl = \parse_url($redirectUri);
+        $uri = Uri::createFromString($redirectUri);
 
-        return $parsedUrl['scheme'] === 'http'
-            && (\in_array($parsedUrl['host'], ['127.0.0.1', '[::1]'], true));
+        return $uri->getScheme() === 'http'
+            && (\in_array($uri->getHost(), ['127.0.0.1', '[::1]'], true));
     }
 
     /**
@@ -106,9 +108,8 @@ private function matchUriExcludingPort($redirectUri)
      */
     private function parseUrlAndRemovePort($url)
     {
-        $parsedUrl = \parse_url($url);
-        unset($parsedUrl['port']);
+        $uri = Uri::createFromString($url);
 
-        return $parsedUrl;
+        return (string) $uri->withPort(null);
     }
 }