PHP v4.0.0

.gitignore

@@ -6,4 +6,5 @@ composer.lock
 dev/
 build/
 .vscode
-tests/coverage
+tests/coverage
+.phpunit.result.cache

CHANGELOG.md

@@ -5,6 +5,17 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/)
 and this project adheres to [Semantic Versioning](http://semver.org/).
 
+## [4.0.0] - 2025-11-03
+
+### Changed
+
+- Updated minimum PHP version from 5.5 to 7.2.5
+- Updated Guzzle HTTP client from 6.0 to 7.0
+
+### Fixed
+
+- Removed `<script>` tags from test fixture that caused "headers already sent" errors in unit tests
+
 ## [3.10.2] - 2024-09-11
 
 ### Fixed

README.md

@@ -6,7 +6,7 @@
 
 # [PerimeterX](http://www.perimeterx.com) PHP SDK
 
-> Latest stable version: [v3.10.2](https://packagist.org/packages/perimeterx/php-sdk#3.10.1)
+> Latest stable version: [v4.0.0](https://packagist.org/packages/perimeterx/php-sdk#4.0.0)
 
 ## Table of Contents
 
@@ -57,7 +57,7 @@
 
 ## <a name="dependencies"></a> Dependencies
 
--   [v5.6 <= PHP <= v7.0.15](http://php.net/downloads.php)
+-   [PHP >= 7.2.5, < 8.5](http://php.net/downloads.php)
 
 ## <a name="installation"></a> Installation
 

composer.json

@@ -1,7 +1,7 @@
 {
   "name": "perimeterx/php-sdk",
   "description": "PerimeterX SDK for PHP",
-  "version" : "3.10.2",
+  "version" : "4.0.0",
   "keywords": [
     "perimeterx",
     "websecurity",
@@ -14,8 +14,8 @@
   "type": "library",
   "require": {
     "mustache/mustache": "^2.11.1",
-    "guzzlehttp/guzzle": "~6.0",
-    "php": ">=5.5",
+    "guzzlehttp/guzzle": "~7.0",
+    "php": ">=7.2.5 <8.5",
     "psr/log": "^1.0.2"
   },
   "config": {
@@ -27,9 +27,9 @@
     }
   },
   "require-dev": {
-    "phpunit/phpunit": "5.6.*",
-    "mockery/mockery": "0.9.*",
-    "overtrue/phplint": "^1.1"
+    "phpunit/phpunit": "~7.0",
+    "mockery/mockery": "~1.3",
+    "overtrue/phplint": "^2.0"
   },
   "autoload-dev": {
     "psr-4": {

px_metadata.json

@@ -1,5 +1,5 @@
 {
-    "version": "3.10.2",
+    "version": "4.0.0",
     "supported_features": [
         "additional_activity_handler",
         "advanced_blocking_response",

src/Perimeterx.php

@@ -98,7 +98,7 @@ private function __construct(array $pxConfig = [])
                 'max_buffer_len' => 1,
                 'send_page_activities' => true,
                 'send_block_activities' => true,
-                'sdk_name' => 'PHP SDK v3.10.2',
+                'sdk_name' => 'PHP SDK v4.0.0',
                 'debug_mode' => false,
                 'perimeterx_server_host' => 'https://sapi-' . strtolower($pxConfig['app_id']) . '.perimeterx.net',
                 'captcha_script_host' => 'https://captcha.px-cdn.net',

src/PerimeterxContext.php

@@ -135,6 +135,11 @@ private function extractIP($pxConfig, $headers)
      */
     protected $uri;
 
+    /**
+     * @var bool whether the route is sensitive.
+     */
+    protected $sensitive_route;
+
     /**
      * @var string user's user agent.
      */

src/PerimeterxHttpClient.php

@@ -78,7 +78,7 @@ public static function fixJsonBody($jsonArray)
             function(&$value, $key) // assume key is ok, no need to fix it
             {
                 if (is_string($value)) {
-                    $value = utf8_encode($value);
+                    $value = mb_convert_encoding($value, 'UTF-8', 'ISO-8859-1');
                 } elseif ($value instanceof \stdClass) {
                     $value = self::fixJsonBody(get_object_vars($value));
                 }

src/PerimeterxLogger.php

@@ -49,7 +49,7 @@ public function log($level, $message, array $context = [])
             throw new InvalidArgumentException($level . ' is not a defined level in the PSR-3 specification.');
         }
 
-        error_log($this->interpolate((string)$message, $context, $level));
+        error_log($this->interpolate((string)$message, $level, $context));
     }
 
     /**
@@ -61,11 +61,12 @@ public function log($level, $message, array $context = [])
      * > - Placeholder names MUST be delimited with a single opening brace { and a single closing brace }. There MUST NOT be any whitespace between the delimiters and the placeholder name.
      *
      * @param string $message
+     * @param string $level
      * @param array  $context
      *
      * @return string
      */
-    private function interpolate($message, array $context = [], $level)
+    private function interpolate($message, $level, array $context = [])
     {
         // build a replacement array with braces around the context keys
         $replace = [];

tests/CredentialsIntelligence/Protocol/V2CredentialsIntelligenceProtocolTest.php

@@ -4,7 +4,7 @@
 use Perimeterx\CredentialsIntelligence\LoginCredentialsFields;
 use Perimeterx\CredentialsIntelligence\Protocol\CIVersion;
 
-class V2CredentialsIntelligenceProtocolTests extends PHPUnit_Framework_TestCase {
+class V2CredentialsIntelligenceProtocolTests extends PHPUnit\Framework\TestCase {
 
     /**
      * @dataProvider provideCredentialsAndExpectedHashes

tests/Fixtures/PerimeterxContextGoodCookie.php

@@ -68,8 +68,4 @@ public function setVid($val){}
     public function setBlockAction($val){}
     public function setCookieHmac($val){}
     public function setPassReason($val){}
-}
-?>
-<script>
-
-</script>
+}

tests/PerimeterxConfigurationValidatorTest.php

@@ -3,7 +3,7 @@
 use PHPUnit\Framework\TestCase;
 use Perimeterx\Perimeterx;
 
-class PerimeterxConfigurationValidatorTest extends PHPUnit_Framework_TestCase
+class PerimeterxConfigurationValidatorTest extends PHPUnit\Framework\TestCase
 {
 
     protected $params;

tests/PerimeterxCookieV3ValidatorTest.php

@@ -6,7 +6,7 @@
 use PHPUnit\Framework\TestCase;
 use Psr\Log\AbstractLogger;
 
-class PerimeterxCookieV3ValidatorTest extends PHPUnit_Framework_TestCase
+class PerimeterxCookieV3ValidatorTest extends PHPUnit\Framework\TestCase
 {
 
     // randomly generated fake values
@@ -524,9 +524,9 @@ public function testMobileHeaderCookieVerificationFailedOnSensitiveRoute() {
     }
 
     public function testEncryptedTokenDecryption() {
-        // far future encrypted cookie
+        // far future encrypted cookie (expires 2030)
         $cookie_origin="header";
-        $pxCookie = "8d4a0f41e65af5088266f1eb0db7bd4266309d3c471c097aea538e17c1ebe82d:mmjSIpdOpbZYsDjXe0vAieBbrG7k8JVJO2+9itMXUoZfugSlvRIqK4BUKPDAd2gftZtbwU0eA5LZXHf8VURI/w==:1000:KFCP3EU4qtGhRab+OgIYeg0SXhXWWfmSvmTK6+4J5vwN73/IVx/BkcRzC1inFxJ2jCHr+KqcQxEpcqyO1E91l2Wk38ddADYzuog3KhbsV9j2wXldnX0zWkc7dgnRHc8xJuck4NfrZivdfQNA0AC4k+z0sasqwRWQ5Eq1mjnIwf8=";
+        $pxCookie = "03f5ed4e3a66cfbebfb6ef038863f26640ef1c2ff6a511bfa1f4ee58feadd95c:SkpI+K6uJQw=:1000:FxDFLxnIdE+u+4bgEZA9/1jaI9AkY5lLpPvqAhLpVyZm1PfL8BKCYmDHK/Q0OwyBG4D3Cm2GubexSrdfb6mDuw4ucjqfgxtfbgF2LLn+DkgNLYvErnkALH22tGU9UGje";
         $userAgent = self::USER_AGENT;
         $pxCtx = $this->getPxContext($pxCookie, $userAgent, false, $cookie_origin);
         $pxConfig = [
@@ -616,7 +616,7 @@ private function getPxContext($pxCookie, $userAgent, $sensitive_route = false, $
     {
         $pxCtx = $this->getMockBuilder(PerimeterxContext::class)
             ->disableOriginalConstructor()
-            ->setMethods(['getPxCookie', 'getUserAgent', 'getIp','isSensitiveRoute', 'getCookieOrigin', 'getPxCookies'])
+            ->setMethods(['getPxCookie', 'getUserAgent', 'getIp','isSensitiveRoute', 'getCookieOrigin', 'getPxCookies', 'getCookieVersion', 'getUri', 'getLoginCredentials', 'getPxhdCookie', 'getOriginalToken'])
             ->getMock();
         $pxCtx->expects($this->any())
             ->method('getPxCookie')
@@ -633,6 +633,21 @@ private function getPxContext($pxCookie, $userAgent, $sensitive_route = false, $
         $pxCtx->expects($this->any())
             ->method("getPxCookies")
             ->willReturn(array('v3' => 'aaaaa')); // mocking an entry to cookies array that will trigger V3 cookie/token
+        $pxCtx->expects($this->any())
+            ->method('getCookieVersion')
+            ->willReturn('v3');
+        $pxCtx->expects($this->any())
+            ->method('getUri')
+            ->willReturn('/');
+        $pxCtx->expects($this->any())
+            ->method('getLoginCredentials')
+            ->willReturn(null);
+        $pxCtx->expects($this->any())
+            ->method('getPxhdCookie')
+            ->willReturn(null);
+        $pxCtx->expects($this->any())
+            ->method('getOriginalToken')
+            ->willReturn(null);
         return $pxCtx;
     }
 

tests/PerimeterxCookieValidatorTest.php

@@ -6,7 +6,7 @@
 use PHPUnit\Framework\TestCase;
 use Psr\Log\AbstractLogger;
 
-class PerimeterxCookieValidatorTest extends PHPUnit_Framework_TestCase
+class PerimeterxCookieValidatorTest extends PHPUnit\Framework\TestCase
 {
 
     // randomly generated fake values

tests/PerimeterxDataEnrichmentTest.php

@@ -8,7 +8,7 @@
 use PHPUnit\Framework\TestCase;
 use Psr\Log\AbstractLogger;
 
-class PerimeterxDataEnrichmentTest extends PHPUnit_Framework_TestCase {
+class PerimeterxDataEnrichmentTest extends PHPUnit\Framework\TestCase {
     const COOKIE_KEY = '549Z5UsasvfmVS6kAR3r4ydPnQdnnW4Gcwk35hj5tatZ5B2dqjrQvMMyLAJN5de3';
 
     public function testNoPxdeCookie() {

tests/PerimeterxFieldExtractorManagerTest.php

@@ -5,7 +5,7 @@
 use Perimeterx\CredentialsIntelligence\PerimeterxFieldExtractorManager;
 use Perimeterx\CredentialsIntelligence\Protocol\V1CredentialsIntelligenceProtocol;
 
-class PerimeterxFieldExtractorManagerTest extends PHPUnit_Framework_TestCase
+class PerimeterxFieldExtractorManagerTest extends PHPUnit\Framework\TestCase
 {
     const LOGIN_REQUEST_URI = "/login";
     const LOGIN_REQUEST_METHOD = "POST";

tests/PerimeterxFirstPartyClientTest.php

@@ -7,7 +7,7 @@
 use PerimeterxTests\MockHttpClient;
 use PerimeterxTests\TestUtils;
 
-class PerimeterxFirstPartyClientTest extends PHPUnit_Framework_TestCase {
+class PerimeterxFirstPartyClientTest extends PHPUnit\Framework\TestCase {
     private function getTestPxConfig() {
         $pxConfig = [
             'app_id' => 'PX_APP_ID',

tests/PerimeterxOriginalTokenValidatorTest.php

@@ -6,7 +6,7 @@
 use PHPUnit\Framework\TestCase;
 use Psr\Log\AbstractLogger;
 
-class PerimeterxOriginalTokenValidatorTest extends PHPUnit_Framework_TestCase
+class PerimeterxOriginalTokenValidatorTest extends PHPUnit\Framework\TestCase
 {
     // randomly generated fake values
     const COOKIE_KEY = '549Z5UsasvfmVS6kAR3r4ydPnQdnnW4Gcwk35hj5tatZ5B2dqjrQvMMyLAJN5de3';

tests/PerimeterxS2SValidatorTest.php

@@ -6,7 +6,7 @@
 use Perimeterx\PerimeterxHttpClient;
 use Psr\Log\AbstractLogger;
 
-class PerimeterxS2SValidatorTest extends PHPUnit_Framework_TestCase
+class PerimeterxS2SValidatorTest extends PHPUnit\Framework\TestCase
 {
     // randomly generated fake values
     const COOKIE_KEY = '549Z5UsasvfmVS6kAR3r4ydPnQdnnW4Gcwk35hj5tatZ5B2dqjrQvMMyLAJN5de3';
@@ -43,7 +43,8 @@ public function testAttachPxOrigCookie() {
         $invocations = $spy->getInvocations();
 
         $last = end($invocations);
-        $this->assertEquals($pxCookie, $last->parameters[2]["additional"]["px_cookie_orig"]);
+        $params = $last->getParameters();
+        $this->assertEquals($pxCookie, $params[2]["additional"]["px_cookie_orig"]);
     }
 
     /**

tests/PerimeterxUtilsTest.php

@@ -9,7 +9,7 @@ public static function setInputStreamName($inputStreamName) {
     }
 }
 
-class PerimeterxUtilsTest extends PHPUnit_Framework_TestCase {
+class PerimeterxUtilsTest extends PHPUnit\Framework\TestCase {
     const TEMP_STREAM_NAME = "file://" . __DIR__ . "/tmp.txt";
 
     public function setUp() {