From 563c85a7471527158ec24a9a89c13804161a4c20 Mon Sep 17 00:00:00 2001
From: Jan Tvrdik <jan.tvrdik@gmail.com>
Date: Tue, 16 Dec 2014 22:25:09 +0100
Subject: [PATCH] RequestFactory: invalid byte sequences in path are not
 silently discarded

---
 src/Http/RequestFactory.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/Http/RequestFactory.php b/src/Http/RequestFactory.php
index 7752654e..0e7792ab 100644
--- a/src/Http/RequestFactory.php
+++ b/src/Http/RequestFactory.php
@@ -100,7 +100,10 @@ public function createHttpRequest()
 
 		// normalized url
 		$url->canonicalize();
-		$url->setPath(Strings::fixEncoding($url->getPath()));
+
+		if (preg_match(self::NONCHARS, $url->getPath()) || preg_last_error()) {
+			throw new InvalidRequestException(); // TODO!
+		}
 
 		// detect script path
 		if (isset($_SERVER['SCRIPT_NAME'])) {