Filter - UriFilter always enforce scheme instead of only when empty (+ broken enforce?)

zend-filter

#1

UriNormalize filter enforces scheme on the following condition:

    if ($this->enforcedScheme && (! $uri->getScheme())) {
        $this->enforceScheme($uri);
    }

github: https://github.com/zendframework/zend-filter/blob/7b997dbe79459f1652deccc8786d7407fb66caa9/src/UriNormalize.php#L101

This causes a scheme to be enforced only when no scheme is given.

Would it not be better to always enforce a given scheme? Changing that if statement to the following would suffice:

    if ($this->enforcedScheme !== $uri->getScheme()) {
        $uri->setScheme($this->enforcedScheme);
    }

Related: isn’t the enforceScheme function broken?

It expects a Uri object. Then it gets the path property of that object. From the path it tries to deduce the host and the path (why? Host is available in Uri and path is what was requested)

It then checks if it should enforce the scheme by if the host not being empty, which it always will be if its a uri with more than just the host (exploding on slash).

e.g. : enforcedScheme === “https”

Received URI: http://example.com/test-this

In function below, the “path” is set in the “$uri”, causing $path to equal: “/test-this”. That causes “$host” to equal “” (empty string).

protected function enforceScheme(Uri $uri)
{
    $path = $uri->getPath();
    if (strpos($path, '/') !== false) {
        list($host, $path) = explode('/', $path, 2);
        $path = '/' . $path;
    } else {
        $host = $path;
        $path = '';
    }

    // We have nothing to do if we have no host
    if (! $host) {
        return;
    }

    $uri->setScheme($this->enforcedScheme)
        ->setHost($host)
        ->setPath($path);
}

#2

Can you provide an unit test which illustrates the problem?


#3

At the moment, no sorry. Simply no time. Did spend a whopping 3 minutes creating attached wonder with Snipping Tool & MS Paint. Hopefully illustrates enough to test.


#4

That’s not really useful.

Take your code on the right, make a script that takes the inputs and produces some outputs, make sure everyone can run it and reproduce the problem, upload it somewhere. We can then help you turning it into a test case :slight_smile:


#5

Hi, never mind, with some pair-programming found the issue.

Must add: 'use_raw_data' => false, to each Controller registered in zf-content-validation of apigility. Weird that it uses unfiltered data.

Filter does work. Though, would recommend a “force-enforced-scheme” option or something, because now I’m going to have to add a callback (from image) to remove scheme before this inputFilter is run.

Furthermore, “enforcedScheme” (the name) would suggest that this is something enforced (always!), not just when scheme-less. (Yes, I know it says that it only works on scheme-less in the docs), but that’s semantics (and would change current purpose, thus major change + bc-break - unless added as option).