From a16eb6ce301b165b82e403a43636eb9ca1d19251 Mon Sep 17 00:00:00 2001
From: Daniel Kesselberg <mail@danielkesselberg.de>
Date: Mon, 30 Sep 2024 13:05:19 +0200
Subject: [PATCH] chore: always execute parse_url in preventLocalAddress

This change should make it easier to spot wrong uses of the HTTP client on development setups where allow_local_remote_servers is usually true.

Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
---
 lib/private/Http/Client/Client.php | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/lib/private/Http/Client/Client.php b/lib/private/Http/Client/Client.php
index 40ce012cd1a0d..62209ff9040d1 100644
--- a/lib/private/Http/Client/Client.php
+++ b/lib/private/Http/Client/Client.php
@@ -158,14 +158,15 @@ private function isLocalAddressAllowed(array $options) : bool {
 	}
 
 	protected function preventLocalAddress(string $uri, array $options): void {
-		if ($this->isLocalAddressAllowed($options)) {
-			return;
-		}
-
 		$host = parse_url($uri, PHP_URL_HOST);
 		if ($host === false || $host === null) {
 			throw new LocalServerException('Could not detect any host');
 		}
+
+		if ($this->isLocalAddressAllowed($options)) {
+			return;
+		}
+
 		if (!$this->remoteHostValidator->isValid($host)) {
 			throw new LocalServerException('Host "' . $host . '" violates local access rules');
 		}