Merge pull request #2327 from akrabat/encode-user-info

Encode user info

Author: silentworks

Slim/Http/Uri.php

@@ -378,12 +378,31 @@ public function getUserInfo()
     public function withUserInfo($user, $password = null)
     {
         $clone = clone $this;
-        $clone->user = $user;
-        $clone->password = $password ? $password : '';
+        $clone->user = $this->filterUserInfo($user);
+        if ($clone->user) {
+            $clone->password = $password ? $this->filterUserInfo($password) : '';
+        }
 
         return $clone;
     }
 
+    /**
+     * Filters the user info string.
+     *
+     * @param string $query The raw uri query string.
+     * @return string The percent-encoded query string.
+     */
+    protected function filterUserInfo($query)
+    {
+        return preg_replace_callback(
+            '/(?:[^a-zA-Z0-9_\-\.~!\$&\'\(\)\*\+,;=]+|%(?![A-Fa-f0-9]{2}))/u',
+            function ($match) {
+                return rawurlencode($match[0]);
+            },
+            $query
+        );
+    }
+
     /**
      * Retrieve the host component of the URI.
      *

tests/Http/UriTest.php

@@ -180,6 +180,13 @@ public function testGetUserInfoNone()
         $this->assertEquals('', $uri->getUserInfo());
     }
 
+    public function testGetUserInfoWithUsernameAndPasswordEncodesCorrectly()
+    {
+        $uri = Uri::createFromString('https://bob%40example.com:pass%[email protected]:443/foo/bar?abc=123#section3');
+
+        $this->assertEquals('bob%40example.com:pass%3Aword', $uri->getUserInfo());
+    }
+
     public function testWithUserInfo()
     {
         $uri = $this->uriFactory()->withUserInfo('bob', 'pass');
@@ -188,6 +195,14 @@ public function testWithUserInfo()
         $this->assertAttributeEquals('pass', 'password', $uri);
     }
 
+    public function testWithUserInfoEncodesCorrectly()
+    {
+        $uri = $this->uriFactory()->withUserInfo('[email protected]', 'pass:word');
+
+        $this->assertAttributeEquals('bob%40example.com', 'user', $uri);
+        $this->assertAttributeEquals('pass%3Aword', 'password', $uri);
+    }
+
     public function testWithUserInfoRemovesPassword()
     {
         $uri = $this->uriFactory()->withUserInfo('bob');