Skip to content

Commit 92cf16f

Browse files
freekmurzefreekmurze
committed
do not allow file urls
1 parent c2a8888 commit 92cf16f

File tree

5 files changed

+48
-0
lines changed

5 files changed

+48
-0
lines changed

src/Browsershot.php

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,7 @@
44

55
use Spatie\Browsershot\Exceptions\CouldNotTakeBrowsershot;
66
use Spatie\Browsershot\Exceptions\ElementNotFound;
7+
use Spatie\Browsershot\Exceptions\FileUrlNotAllowed;
78
use Spatie\Browsershot\Exceptions\UnsuccessfulResponse;
89
use Spatie\Image\Image;
910
use Spatie\Image\Manipulations;
@@ -235,6 +236,10 @@ public function waitForFunction(string $function, $polling = self::POLLING_REQUE
235236

236237
public function setUrl(string $url)
237238
{
239+
if (Helpers::stringStartsWith(strtolower($url), 'file://')) {
240+
throw FileUrlNotAllowed::make();
241+
}
242+
238243
$this->url = $url;
239244
$this->html = '';
240245

src/Exceptions/FileUrlNotAllowed.php

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,13 @@
1+
<?php
2+
3+
namespace Spatie\Browsershot\Exceptions;
4+
5+
use Exception;
6+
7+
class FileUrlNotAllowed extends Exception
8+
{
9+
public static function make()
10+
{
11+
return new static("An URL is not allow to start with file://");
12+
}
13+
}

src/Helpers.php

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,13 @@
1+
<?php
2+
3+
namespace Spatie\Browsershot;
4+
5+
class Helpers
6+
{
7+
public static function stringStartsWith($haystack, $needle): bool
8+
{
9+
$length = strlen($needle);
10+
11+
return substr( $haystack, 0, $length ) === $needle;
12+
}
13+
}

tests/BrowsershotTest.php

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,7 @@
33
use Spatie\Browsershot\Browsershot;
44
use Spatie\Browsershot\Exceptions\CouldNotTakeBrowsershot;
55
use Spatie\Browsershot\Exceptions\ElementNotFound;
6+
use Spatie\Browsershot\Exceptions\FileUrlNotAllowed;
67
use Spatie\Browsershot\Exceptions\UnsuccessfulResponse;
78
use Spatie\Image\Manipulations;
89
use Symfony\Component\Process\Exception\ProcessFailedException;
@@ -38,6 +39,10 @@
3839
);
3940
});
4041

42+
it('will not allow a file url', function () {
43+
Browsershot::url('file://test');
44+
})->throws(FileUrlNotAllowed::class);
45+
4146
it('can take a screenshot', function () {
4247
$targetPath = __DIR__.'/temp/testScreenshot.png';
4348

tests/HelpersTest.php

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,12 @@
1+
<?php
2+
3+
use Spatie\Browsershot\Helpers;
4+
5+
it('can determine if a string starts with a substring', function(string $haystack, $needle, $expectedResult) {
6+
expect(Helpers::stringStartsWith($haystack, $needle))->toBe($expectedResult);
7+
})->with([
8+
['https://spatie.be', 'https://', true],
9+
['http://spatie.be', 'https://', false],
10+
['file://hey', 'file://', true],
11+
['https://spatie.be', 'file://', false],
12+
]);

0 commit comments

Comments
 (0)