From 6ad5e27962a4cdc4e9c6cd895786122758777ca9 Mon Sep 17 00:00:00 2001
From: Christian Flothmann <christian.flothmann@qossmic.com>
Date: Mon, 12 Aug 2024 16:13:30 +0200
Subject: [PATCH] reject malformed URLs with a meaningful exception

---
 HttpClientTrait.php           |  6 ++++++
 Tests/HttpClientTestCase.php  | 11 +++++++++++
 Tests/HttpClientTraitTest.php |  2 --
 3 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/HttpClientTrait.php b/HttpClientTrait.php
index 3f44f36..d436a4c 100644
--- a/HttpClientTrait.php
+++ b/HttpClientTrait.php
@@ -445,6 +445,8 @@ private static function jsonEncode($value, ?int $flags = null, int $maxDepth = 5
      */
     private static function resolveUrl(array $url, ?array $base, array $queryDefaults = []): array
     {
+        $givenUrl = $url;
+
         if (null !== $base && '' === ($base['scheme'] ?? '').($base['authority'] ?? '')) {
             throw new InvalidArgumentException(sprintf('Invalid "base_uri" option: host or scheme is missing in "%s".', implode('', $base)));
         }
@@ -498,6 +500,10 @@ private static function resolveUrl(array $url, ?array $base, array $queryDefault
             $url['query'] = null;
         }
 
+        if (null !== $url['scheme'] && null === $url['authority']) {
+            throw new InvalidArgumentException(\sprintf('Invalid URL: host is missing in "%s".', implode('', $givenUrl)));
+        }
+
         return $url;
     }
 
diff --git a/Tests/HttpClientTestCase.php b/Tests/HttpClientTestCase.php
index 9a1c177..d1213f0 100644
--- a/Tests/HttpClientTestCase.php
+++ b/Tests/HttpClientTestCase.php
@@ -13,6 +13,7 @@
 
 use PHPUnit\Framework\SkippedTestSuiteError;
 use Symfony\Component\HttpClient\Exception\ClientException;
+use Symfony\Component\HttpClient\Exception\InvalidArgumentException;
 use Symfony\Component\HttpClient\Exception\TransportException;
 use Symfony\Component\HttpClient\Internal\ClientState;
 use Symfony\Component\HttpClient\Response\StreamWrapper;
@@ -455,4 +456,14 @@ public function testNullBody()
 
         $this->expectNotToPerformAssertions();
     }
+
+    public function testMisspelledScheme()
+    {
+        $httpClient = $this->getHttpClient(__FUNCTION__);
+
+        $this->expectException(InvalidArgumentException::class);
+        $this->expectExceptionMessage('Invalid URL: host is missing in "http:/localhost:8057/".');
+
+        $httpClient->request('GET', 'http:/localhost:8057/');
+    }
 }
diff --git a/Tests/HttpClientTraitTest.php b/Tests/HttpClientTraitTest.php
index 2f42eb8..aa03378 100644
--- a/Tests/HttpClientTraitTest.php
+++ b/Tests/HttpClientTraitTest.php
@@ -63,7 +63,6 @@ public function testResolveUrl(string $base, string $url, string $expected)
     public static function provideResolveUrl(): array
     {
         return [
-            [self::RFC3986_BASE, 'http:h',        'http:h'],
             [self::RFC3986_BASE, 'g',             'http://a/b/c/g'],
             [self::RFC3986_BASE, './g',           'http://a/b/c/g'],
             [self::RFC3986_BASE, 'g/',            'http://a/b/c/g/'],
@@ -117,7 +116,6 @@ public static function provideResolveUrl(): array
             ['http://u:p@a/b/c/d;p?q', '.',       'http://u:p@a/b/c/'],
             // path ending with slash or no slash at all
             ['http://a/b/c/d/',  'e',             'http://a/b/c/d/e'],
-            ['http:no-slash',     'e',            'http:e'],
             // falsey relative parts
             [self::RFC3986_BASE, '//0',           'http://0/'],
             [self::RFC3986_BASE, '0',             'http://a/b/c/0'],