chore: always execute parse_url in preventLocalAddress

This change should make it easier to spot wrong uses of the HTTP client on development setups where allow_local_remote_servers is usually true.

Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>

diff --git a/lib/private/Http/Client/Client.php b/lib/private/Http/Client/Client.php
index 40ce012cd1a0de2a16d5b5b2aa2ea6632883b2e8..62209ff9040d12403310871ca61bd1373ec61f3c 100644 (file)
--- a/lib/private/Http/Client/Client.php
+++ b/lib/private/Http/Client/Client.php
@@ -158,14 +158,15 @@ class Client implements IClient {
        }
 
        protected function preventLocalAddress(string $uri, array $options): void {
-               if ($this->isLocalAddressAllowed($options)) {
-                       return;
-               }
-
                $host = parse_url($uri, PHP_URL_HOST);
                if ($host === false || $host === null) {
                        throw new LocalServerException('Could not detect any host');
                }
+
+               if ($this->isLocalAddressAllowed($options)) {
+                       return;
+               }
+
                if (!$this->remoteHostValidator->isValid($host)) {
                        throw new LocalServerException('Host "' . $host . '" violates local access rules');
                }

diff --git a/tests/lib/Http/Client/ClientTest.php b/tests/lib/Http/Client/ClientTest.php
index 237bb1299e5268a8ab1571e42ee27c85cae2ea05..47a6b885aed094fa91e350362df75c6546fe3174 100644 (file)
--- a/tests/lib/Http/Client/ClientTest.php
+++ b/tests/lib/Http/Client/ClientTest.php
@@ -130,6 +130,13 @@ class ClientTest extends \Test\TestCase {
                ], self::invokePrivate($this->client, 'getProxyUri'));
        }
 
+       public function testPreventLocalAddressThrowOnInvalidUri(): void {
+               $this->expectException(LocalServerException::class);
+               $this->expectExceptionMessage('Could not detect any host');
+
+               self::invokePrivate($this->client, 'preventLocalAddress', ['!@#$', []]);
+       }
+
        public function dataPreventLocalAddress():array {
                return [
                        ['https://localhost/foo.bar'],
@@ -146,7 +153,6 @@ class ClientTest extends \Test\TestCase {
                        ['https://10.0.0.1'],
                        ['https://another-host.local'],
                        ['https://service.localhost'],
-                       ['!@#$', true], // test invalid url
                        ['https://normal.host.com'],
                        ['https://com.one-.nextcloud-one.com'],
                ];