chore: always execute parse_url in preventLocalAddress

kesselb · kesselb · commit a16eb6ce301b · 2024-09-30T14:15:39.000+02:00
This change should make it easier to spot wrong uses of the HTTP client on development setups where allow_local_remote_servers is usually true.

Signed-off-by: Daniel Kesselberg &lt;mail@danielkesselberg.de&gt;
diff --git a/lib/private/Http/Client/Client.php b/lib/private/Http/Client/Client.php
@@ -158,14 +158,15 @@ private function isLocalAddressAllowed(array $options) : bool {
 	}
 
 	protected function preventLocalAddress(string $uri, array $options): void {
-		if ($this->isLocalAddressAllowed($options)) {
-			return;
-		}
-
 		$host = parse_url($uri, PHP_URL_HOST);
 		if ($host === false || $host === null) {
 			throw new LocalServerException('Could not detect any host');
 		}
+
+		if ($this->isLocalAddressAllowed($options)) {
+			return;
+		}
+
 		if (!$this->remoteHostValidator->isValid($host)) {
 			throw new LocalServerException('Host "' . $host . '" violates local access rules');
 		}

Original file line number	Diff line number	Diff line change
`@@ -158,14 +158,15 @@ private function isLocalAddressAllowed(array $options) : bool {`
`158`	`158`	`}`
`159`	`159`
`160`	`160`	`protected function preventLocalAddress(string $uri, array $options): void {`
`161`		`- if ($this->isLocalAddressAllowed($options)) {`
`162`		`- return;`
`163`		`- }`
`164`		`-`
`165`	`161`	`$host = parse_url($uri, PHP_URL_HOST);`
`166`	`162`	`if ($host === false \|\| $host === null) {`
`167`	`163`	`throw new LocalServerException('Could not detect any host');`
`168`	`164`	`}`
	`165`	`+`
	`166`	`+ if ($this->isLocalAddressAllowed($options)) {`
	`167`	`+ return;`
	`168`	`+ }`
	`169`	`+`
`169`	`170`	`if (!$this->remoteHostValidator->isValid($host)) {`
`170`	`171`	`throw new LocalServerException('Host "' . $host . '" violates local access rules');`
`171`	`172`	`}`