symfony
diff --git a/‎src/Symfony/Bundle/FrameworkBundle/Controller/RedirectController.php‎
Lines changed: 8 additions & 3 deletions b/‎src/Symfony/Bundle/FrameworkBundle/Controller/RedirectController.php‎
Lines changed: 8 additions & 3 deletions
diff --git a/‎src/Symfony/Bundle/FrameworkBundle/Tests/Controller/RedirectControllerTest.php‎
Lines changed: 15 additions & 0 deletions b/‎src/Symfony/Bundle/FrameworkBundle/Tests/Controller/RedirectControllerTest.php‎
Lines changed: 15 additions & 0 deletions
diff --git a/‎src/Symfony/Component/DomCrawler/Tests/UriResolverTest.php‎
Lines changed: 1 addition & 0 deletions b/‎src/Symfony/Component/DomCrawler/Tests/UriResolverTest.php‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎src/Symfony/Component/DomCrawler/UriResolver.php‎
Lines changed: 5 additions & 1 deletion b/‎src/Symfony/Component/DomCrawler/UriResolver.php‎
Lines changed: 5 additions & 1 deletion
diff --git a/‎src/Symfony/Component/HttpClient/HttpClientTrait.php‎
Lines changed: 4 additions & 1 deletion b/‎src/Symfony/Component/HttpClient/HttpClientTrait.php‎
Lines changed: 4 additions & 1 deletion
diff --git a/‎src/Symfony/Component/HttpClient/NativeHttpClient.php‎
Lines changed: 1 addition & 1 deletion b/‎src/Symfony/Component/HttpClient/NativeHttpClient.php‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/Symfony/Component/HttpFoundation/Request.php‎
Lines changed: 5 additions & 1 deletion b/‎src/Symfony/Component/HttpFoundation/Request.php‎
Lines changed: 5 additions & 1 deletion
diff --git a/‎src/Symfony/Component/HttpFoundation/Tests/RequestTest.php‎
Lines changed: 3 additions & 0 deletions b/‎src/Symfony/Component/HttpFoundation/Tests/RequestTest.php‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎src/Symfony/Component/Security/Http/Impersonate/ImpersonateUrlGenerator.php‎
Lines changed: 1 addition & 1 deletion b/‎src/Symfony/Component/Security/Http/Impersonate/ImpersonateUrlGenerator.php‎
Lines changed: 1 addition & 1 deletion
@@ -119,14 +119,19 @@ public function urlRedirectAction(Request $request, string $path, bool $permanen
             $statusCode = $permanent ? 301 : 302;
         }
 
+        if (null === $scheme) {
+            $scheme = $request->getScheme();
+        }
+
+        if (str_starts_with($path, '//')) {
+            $path = $scheme.':'.$path;
+        }
+
         // redirect if the path is a full URL
         if (parse_url($path, \PHP_URL_SCHEME)) {
             return new RedirectResponse($path, $statusCode);
         }
 
-        if (null === $scheme) {
-            $scheme = $request->getScheme();
-        }
 
         if ($qs = $request->server->get('QUERY_STRING') ?: $request->getQueryString()) {
             if (!str_contains($path, '?')) {
 
@@ -183,6 +183,21 @@ public function testFullURLWithMethodKeep()
         $this->assertEquals(307, $returnResponse->getStatusCode());
     }
 
+    public function testProtocolRelative()
+    {
+        $request = new Request();
+        $controller = new RedirectController();
+
+        $returnResponse = $controller->urlRedirectAction($request, '//foo.bar/');
+        $this->assertRedirectUrl($returnResponse, 'http://foo.bar/');
+        $this->assertSame(302, $returnResponse->getStatusCode());
+
+        $returnResponse = $controller->urlRedirectAction($request, '//foo.bar/', false, 'https');
+        $this->assertRedirectUrl($returnResponse, 'https://foo.bar/');
+        $this->assertSame(302, $returnResponse->getStatusCode());
+    }
+
+
     public function testUrlRedirectDefaultPorts()
     {
         $host = 'www.example.com';
 
@@ -86,6 +86,7 @@ public static function provideResolverTests()
             ['foo', 'http://localhost#bar', 'http://localhost/foo'],
 
             ['http://', 'http://localhost', 'http://'],
+            ['/foo:123', 'http://localhost', 'http://localhost/foo:123'],
         ];
     }
 }
@@ -32,8 +32,12 @@ public static function resolve(string $uri, ?string $baseUri): string
     {
         $uri = trim($uri);
 
+        if (false === ($scheme = parse_url($uri, \PHP_URL_SCHEME)) && '/' === ($uri[0] ?? '')) {
+            $scheme = parse_url($uri.'#', \PHP_URL_SCHEME);
+        }
+
         // absolute URL?
-        if (null !== parse_url($uri, \PHP_URL_SCHEME)) {
+        if (null !== $scheme) {
             return $uri;
         }
 
 
@@ -515,7 +515,10 @@ private static function resolveUrl(array $url, ?array $base, array $queryDefault
     private static function parseUrl(string $url, array $query = [], array $allowedSchemes = ['http' => 80, 'https' => 443]): array
     {
         if (false === $parts = parse_url($url)) {
-            throw new InvalidArgumentException(sprintf('Malformed URL "%s".', $url));
+            if ('/' !== ($url[0] ?? '') || false === $parts = parse_url($url.'#')) {
+                throw new InvalidArgumentException(sprintf('Malformed URL "%s".', $url));
+            }
+            unset($parts['fragment']);
         }
 
         if ($query) {
 
@@ -416,7 +416,7 @@ private static function createRedirectResolver(array $options, string $host, ?ar
 
             [$host, $port] = self::parseHostPort($url, $info);
 
-            if (false !== (parse_url($location, \PHP_URL_HOST) ?? false)) {
+            if (false !== (parse_url($location.'#', \PHP_URL_HOST) ?? false)) {
                 // Authorization and Cookie headers MUST NOT follow except for the initial host name
                 $requestHeaders = $redirectHeaders['host'] === $host ? $redirectHeaders['with_auth'] : $redirectHeaders['no_auth'];
                 $requestHeaders[] = 'Host: '.$host.$port;
 
@@ -355,7 +355,11 @@ public static function create(string $uri, string $method = 'GET', array $parame
         $server['PATH_INFO'] = '';
         $server['REQUEST_METHOD'] = strtoupper($method);
 
-        $components = parse_url($uri);
+        if (false === ($components = parse_url($uri)) && '/' === ($uri[0] ?? '')) {
+            $components = parse_url($uri.'#');
+            unset($components['fragment']);
+        }
+
         if (isset($components['host'])) {
             $server['SERVER_NAME'] = $components['host'];
             $server['HTTP_HOST'] = $components['host'];
 
@@ -244,6 +244,9 @@ public function testCreate()
         // Fragment should not be included in the URI
         $request = Request::create('http://test.com/foo#bar');
         $this->assertEquals('http://test.com/foo', $request->getUri());
+
+        $request = Request::create('/foo:123');
+        $this->assertEquals('http://localhost/foo:123', $request->getUri());
     }
 
     public function testCreateWithRequestUri()
 
@@ -69,7 +69,7 @@ private function buildExitPath(?string $targetUri = null): string
             $targetUri = $request->getRequestUri();
         }
 
-        $targetUri .= (parse_url($targetUri, \PHP_URL_QUERY) ? '&' : '?').http_build_query([$switchUserConfig['parameter'] => SwitchUserListener::EXIT_VALUE], '', '&');
+        $targetUri .= (str_contains($targetUri, '?') ? '&' : '?').http_build_query([$switchUserConfig['parameter'] => SwitchUserListener::EXIT_VALUE], '', '&');
 
         return $targetUri;
     }
Original file line number	Diff line number	Diff line change
`@@ -86,6 +86,7 @@ public static function provideResolverTests()`
`86`	`86`	`['foo', 'http://localhost#bar', 'http://localhost/foo'],`
`87`	`87`
`88`	`88`	`['http://', 'http://localhost', 'http://'],`
	`89`	`+ ['/foo:123', 'http://localhost', 'http://localhost/foo:123'],`
`89`	`90`	`];`
`90`	`91`	`}`
`91`	`92`	`}`
Original file line number	Diff line number	Diff line change
`@@ -32,8 +32,12 @@ public static function resolve(string $uri, ?string $baseUri): string`
`32`	`32`	`{`
`33`	`33`	`$uri = trim($uri);`
`34`	`34`
	`35`	`+ if (false === ($scheme = parse_url($uri, \PHP_URL_SCHEME)) && '/' === ($uri[0] ?? '')) {`
	`36`	`+ $scheme = parse_url($uri.'#', \PHP_URL_SCHEME);`
	`37`	`+ }`
	`38`	`+`
`35`	`39`	`// absolute URL?`
`36`		`- if (null !== parse_url($uri, \PHP_URL_SCHEME)) {`
	`40`	`+ if (null !== $scheme) {`
`37`	`41`	`return $uri;`
`38`	`42`	`}`
`39`	`43`
Original file line number	Diff line number	Diff line change
`@@ -515,7 +515,10 @@ private static function resolveUrl(array $url, ?array $base, array $queryDefault`
`515`	`515`	`private static function parseUrl(string $url, array $query = [], array $allowedSchemes = ['http' => 80, 'https' => 443]): array`
`516`	`516`	`{`
`517`	`517`	`if (false === $parts = parse_url($url)) {`
`518`		`- throw new InvalidArgumentException(sprintf('Malformed URL "%s".', $url));`
	`518`	`+ if ('/' !== ($url[0] ?? '') \|\| false === $parts = parse_url($url.'#')) {`
	`519`	`+ throw new InvalidArgumentException(sprintf('Malformed URL "%s".', $url));`
	`520`	`+ }`
	`521`	`+ unset($parts['fragment']);`
`519`	`522`	`}`
`520`	`523`
`521`	`524`	`if ($query) {`
Original file line number	Diff line number	Diff line change
`@@ -244,6 +244,9 @@ public function testCreate()`
`244`	`244`	`// Fragment should not be included in the URI`
`245`	`245`	`$request = Request::create('http://test.com/foo#bar');`
`246`	`246`	`$this->assertEquals('http://test.com/foo', $request->getUri());`
	`247`	`+`
	`248`	`+ $request = Request::create('/foo:123');`
	`249`	`+ $this->assertEquals('http://localhost/foo:123', $request->getUri());`
`247`	`250`	`}`
`248`	`251`
`249`	`252`	`public function testCreateWithRequestUri()`
Original file line number	Diff line number	Diff line change
`@@ -69,7 +69,7 @@ private function buildExitPath(?string $targetUri = null): string`
`69`	`69`	`$targetUri = $request->getRequestUri();`
`70`	`70`	`}`
`71`	`71`
`72`		`- $targetUri .= (parse_url($targetUri, \PHP_URL_QUERY) ? '&' : '?').http_build_query([$switchUserConfig['parameter'] => SwitchUserListener::EXIT_VALUE], '', '&');`
	`72`	`+ $targetUri .= (str_contains($targetUri, '?') ? '&' : '?').http_build_query([$switchUserConfig['parameter'] => SwitchUserListener::EXIT_VALUE], '', '&');`
`73`	`73`
`74`	`74`	`return $targetUri;`
`75`	`75`	`}`