Merge branch '6.4' into 7.3

nicolas-grekas · nicolas-grekas · commit 439032bdff3a · 2025-11-05T08:57:47.000+01:00
* 6.4:
  [HttpClient] Reject 3xx pushed responses
  [ProxyManagerBridge] Remove comment that reference github discussion
  [Routing] Fix matching the "0" URL
  The BrowserKit history with parameter separator without slash.
diff --git a/CurlHttpClient.php b/CurlHttpClient.php
@@ -384,7 +384,9 @@ private static function acceptPushForRequest(string $method, array $options, Pus
             }
         }
 
-        return true;
+        $statusCode = $pushedResponse->response->getInfo('http_code') ?: 200;
+
+        return $statusCode < 300 || 400 <= $statusCode;
     }
 
     /**
diff --git a/Response/CurlResponse.php b/Response/CurlResponse.php
@@ -408,7 +408,7 @@ private static function parseHeaderLine($ch, string $data, array &$info, array &
                 $info['peer_certificate_chain'] = array_map('openssl_x509_read', array_column($certinfo, 'Cert'));
             }
 
-            if (300 <= $info['http_code'] && $info['http_code'] < 400) {
+            if (300 <= $info['http_code'] && $info['http_code'] < 400 && null !== $options) {
                 if (curl_getinfo($ch, \CURLINFO_REDIRECT_COUNT) === $options['max_redirects']) {
                     curl_setopt($ch, \CURLOPT_FOLLOWLOCATION, false);
                 } elseif (303 === $info['http_code'] || ('POST' === $info['http_method'] && \in_array($info['http_code'], [301, 302], true))) {
@@ -430,7 +430,7 @@ private static function parseHeaderLine($ch, string $data, array &$info, array &
 
         $info['redirect_url'] = null;
 
-        if (300 <= $statusCode && $statusCode < 400 && null !== $location) {
+        if (300 <= $statusCode && $statusCode < 400 && null !== $location && null !== $options) {
             if ($noContent = 303 === $statusCode || ('POST' === $info['http_method'] && \in_array($statusCode, [301, 302], true))) {
                 $info['http_method'] = 'HEAD' === $info['http_method'] ? 'HEAD' : 'GET';
                 curl_setopt($ch, \CURLOPT_CUSTOMREQUEST, $info['http_method']);
@@ -445,7 +445,7 @@ private static function parseHeaderLine($ch, string $data, array &$info, array &
 
         if (401 === $statusCode && isset($options['auth_ntlm']) && 0 === strncasecmp($headers['www-authenticate'][0] ?? '', 'NTLM ', 5)) {
             // Continue with NTLM auth
-        } elseif ($statusCode < 300 || 400 <= $statusCode || null === $location || curl_getinfo($ch, \CURLINFO_REDIRECT_COUNT) === $options['max_redirects']) {
+        } elseif ($statusCode < 300 || 400 <= $statusCode || null === $location || null === $options || curl_getinfo($ch, \CURLINFO_REDIRECT_COUNT) === $options['max_redirects']) {
             // Headers and redirects completed, time to get the response's content
             $multi->handlesActivity[$id][] = new FirstChunk();
 

Original file line number	Diff line number	Diff line change
`@@ -384,7 +384,9 @@ private static function acceptPushForRequest(string $method, array $options, Pus`
`384`	`384`	`}`
`385`	`385`	`}`
`386`	`386`
`387`		`- return true;`
	`387`	`+ $statusCode = $pushedResponse->response->getInfo('http_code') ?: 200;`
	`388`	`+`
	`389`	`+ return $statusCode < 300 \|\| 400 <= $statusCode;`
`388`	`390`	`}`
`389`	`391`
`390`	`392`	`/**`