Merge branch '7.4' into 8.0

* 7.4: (21 commits)
  [WebProfilerBundle] Fix hot reload support (FrankenPHP)
  [Serializer] Normalize static methods when they have groups
  [PropertyInfo] fix compatibility with phpdocumentor/reflection-docblock 6.x
  [DoctrineBridge] Respect schema_filter in schema listeners
  [HttpClient] Fix destructor throwing while timeout was handled
  [HttpClient] Test throwing destructor together with retryable
  [Mime] Update mime types
  [HttpFoundation] Reject invalid paths
  [HttpKernel] Fix handling empty MapUploadedFile arrays
  [FrameworkBundle] Add missing `useAttributeAsKey` calls
  [Di] Fix invalid reference behavior
  When calling UploadedFile::getErrorMessage() to a file which has no error and is uploaded successfully, it should not return an error
  [HttpKernel] Bypass mapping construction when `RedirectController::urlRedirectAction` is triggered
  cs fix
  [Console] fall back to 0 when getCode() does not provide an integer
  fix merge
  [FrameworkBundle] Fix accessing the test container when using KernelTestCase in non-debug mode
  Fix running HttpClient tests
  [FrameworkBundle] Fix clearing the HttpCache store in tests
  [DependencyInjection][HttpKernel] Fix parsing Target attributes on properties and on controllers
  ...

Author: nicolas-grekas

File/UploadedFile.php

@@ -204,22 +204,30 @@ public function move(string $directory, ?string $name = null): File
 
         switch ($this->error) {
             case \UPLOAD_ERR_INI_SIZE:
-                throw new IniSizeFileException($this->getErrorMessage());
+                throw new IniSizeFileException($this->getExceptionMessage());
             case \UPLOAD_ERR_FORM_SIZE:
-                throw new FormSizeFileException($this->getErrorMessage());
+                throw new FormSizeFileException($this->getExceptionMessage());
             case \UPLOAD_ERR_PARTIAL:
-                throw new PartialFileException($this->getErrorMessage());
+                throw new PartialFileException($this->getExceptionMessage());
             case \UPLOAD_ERR_NO_FILE:
-                throw new NoFileException($this->getErrorMessage());
+                throw new NoFileException($this->getExceptionMessage());
             case \UPLOAD_ERR_CANT_WRITE:
-                throw new CannotWriteFileException($this->getErrorMessage());
+                throw new CannotWriteFileException($this->getExceptionMessage());
             case \UPLOAD_ERR_NO_TMP_DIR:
-                throw new NoTmpDirFileException($this->getErrorMessage());
+                throw new NoTmpDirFileException($this->getExceptionMessage());
             case \UPLOAD_ERR_EXTENSION:
-                throw new ExtensionFileException($this->getErrorMessage());
+                throw new ExtensionFileException($this->getExceptionMessage());
         }
 
-        throw new FileException($this->getErrorMessage());
+        throw new FileException($this->getExceptionMessage());
+    }
+
+    /**
+     * Retrieves a user-friendly error message for file upload issues, if any.
+     */
+    public function getErrorMessage(): string
+    {
+        return \UPLOAD_ERR_OK !== $this->error ? $this->getExceptionMessage() : '';
     }
 
     /**
@@ -268,7 +276,7 @@ private static function parseFilesize(string $size): int|float
     /**
      * Returns an informative upload error message.
      */
-    public function getErrorMessage(): string
+    private function getExceptionMessage(): string
     {
         static $errors = [
             \UPLOAD_ERR_INI_SIZE => 'The file "%s" exceeds your upload_max_filesize ini directive (limit is %d KiB).',

Request.php

@@ -389,8 +389,16 @@ public static function create(string $uri, string $method = 'GET', array $parame
             $server['PHP_AUTH_PW'] = $components['pass'];
         }
 
-        if (!isset($components['path'])) {
+        if ('' === $path = $components['path'] ?? '') {
             $components['path'] = '/';
+        } elseif (!isset($components['scheme']) && !isset($components['host']) && '/' !== $path[0]) {
+            if (false !== $pos = strpos($path, '/')) {
+                $path = substr($path, 0, $pos);
+            }
+
+            if (str_contains($path, ':')) {
+                throw new BadRequestException('Invalid URI: Path is malformed.');
+            }
         }
 
         switch (strtoupper($method)) {

Tests/File/UploadedFileTest.php

@@ -120,6 +120,32 @@ public function testErrorIsOkByDefault()
         $this->assertEquals(\UPLOAD_ERR_OK, $file->getError());
     }
 
+    public function testInvalidFile()
+    {
+        $file = new UploadedFile(
+            __DIR__.'/Fixtures/test.gif',
+            'original.gif',
+            'image/gif',
+        );
+
+        $this->expectException(FileException::class);
+        $this->expectExceptionMessage('The file "original.gif" was not uploaded due to an unknown error.');
+
+        $file->move(__DIR__.'/Fixtures/directory');
+    }
+
+    public function testNoErrorMessageIfErrorIsUploadErrOk()
+    {
+        $file = new UploadedFile(
+            __DIR__.'/Fixtures/test.gif',
+            'original.gif',
+            'image/gif',
+            null
+        );
+
+        $this->assertSame('', $file->getErrorMessage());
+    }
+
     public function testGetClientOriginalName()
     {
         $file = new UploadedFile(

Tests/RequestTest.php

@@ -2713,6 +2713,7 @@ public static function provideMalformedUrls(): array
             ["https\x80://example.com", 'Invalid URI: Scheme is malformed.'],
             ['http>://example.com', 'Invalid URI: Scheme is malformed.'],
             ['0http://example.com', 'Invalid URI: Scheme is malformed.'],
+            [':path', 'Invalid URI: Path is malformed.'],
         ];
     }
 
@@ -2739,7 +2740,6 @@ public static function provideLegitimateUrls(): array
             ['http://[2001:db8::1]/path'],
             ['http://[::1]'],
             ['http://example.com/path'],
-            [':path'],
         ];
     }