From be51ba17df892fde0c371c181425dd636f0f4d37 Mon Sep 17 00:00:00 2001
From: Dag <me@dvikan.no>
Date: Fri, 3 Jan 2025 05:40:30 +0100
Subject: fix(url): disallowed wonky path (#4386)

---
 lib/url.php | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'lib/url.php')

diff --git a/lib/url.php b/lib/url.php
index 993fef96..9a1b59ad 100644
--- a/lib/url.php
+++ b/lib/url.php
@@ -111,6 +111,9 @@ final class Url
         if (!str_starts_with($path, '/')) {
             throw new UrlException(sprintf('Path must start with forward slash: %s', $path));
         }
+        if (str_starts_with($path, '//')) {
+            throw new UrlException(sprintf('Illegal path (too many forward slashes): %s', $path));
+        }
         $clone = clone $this;
         $clone->path = $path;
         return $clone;
-- 
cgit v1.2.3