-
-
Notifications
You must be signed in to change notification settings - Fork 10
/
Rfc7230.php
98 lines (82 loc) · 3.56 KB
/
Rfc7230.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
<?php
namespace Amp\Http;
/**
* @link https://tools.ietf.org/html/rfc7230
* @link https://tools.ietf.org/html/rfc2616
* @link https://tools.ietf.org/html/rfc5234
*/
final class Rfc7230 {
// We make use of possessive modifiers, which gives a slight performance boost
const HEADER_NAME_REGEX = "(^([^()<>@,;:\\\"/[\]?={}\x01-\x20\x7F]++)$)";
const HEADER_VALUE_REGEX = "(^[ \t]*+((?:[ \t]*+[\x21-\x7E\x80-\xFF]++)*+)[ \t]*+$)";
const HEADER_REGEX = "(^([^()<>@,;:\\\"/[\]?={}\x01-\x20\x7F]++):[ \t]*+((?:[ \t]*+[\x21-\x7E\x80-\xFF]++)*+)[ \t]*+\r\n)m";
const HEADER_FOLD_REGEX = "(\r\n[ \t]++)";
/**
* Parses headers according to RFC 7230 and 2616.
*
* Allows empty header values, as HTTP/1.0 allows that.
*
* @param string $rawHeaders
*
* @return array Associative array mapping header names to arrays of values.
*
* @throws InvalidHeaderException If invalid headers have been passed.
*/
public static function parseHeaders(string $rawHeaders): array {
// Ensure that the last line also ends with a newline, this is important.
\assert(\substr($rawHeaders, -2) === "\r\n", "Argument 1 must end with CRLF");
/** @var array[] $matches */
$count = \preg_match_all(self::HEADER_REGEX, $rawHeaders, $matches, \PREG_SET_ORDER);
// If these aren't the same, then one line didn't match and there's an invalid header.
if ($count !== \substr_count($rawHeaders, "\n")) {
// Folding is deprecated, see https://tools.ietf.org/html/rfc7230#section-3.2.4
if (\preg_match(self::HEADER_FOLD_REGEX, $rawHeaders)) {
throw new InvalidHeaderException("Invalid header syntax: Obsolete line folding");
}
throw new InvalidHeaderException("Invalid header syntax");
}
$headers = [];
foreach ($matches as $match) {
// We avoid a call to \trim() here due to the regex.
// Unfortunately, we can't avoid the \strtolower() calls due to \array_change_key_case() behavior
// when equal headers are present with different casing, e.g. 'set-cookie' and 'Set-Cookie'.
// Accessing matches directly instead of using foreach (... as list(...)) is slightly faster.
$headers[\strtolower($match[1])][] = $match[2];
}
return $headers;
}
/**
* Format headers in to their on-the-wire format.
*
* Headers are always validated syntactically. This protects against response splitting and header injection
* attacks.
*
* @param array $headers Headers in a format as returned by {@see parseHeaders()}.
*
* @return string Formatted headers.
*
* @throws InvalidHeaderException If header names or values are invalid.
*/
public static function formatHeaders(array $headers): string {
$buffer = "";
$lines = 0;
foreach ($headers as $name => $values) {
// PHP casts integer-like keys to integers
$name = (string) $name;
// Ignore any HTTP/2 pseudo headers
if ($name[0] === ":") {
continue;
}
/** @var array $values */
foreach ($values as $value) {
$buffer .= "{$name}: {$value}\r\n";
$lines++;
}
}
$count = \preg_match_all(self::HEADER_REGEX, $buffer);
if ($lines !== $count || $lines !== \substr_count($buffer, "\n")) {
throw new InvalidHeaderException("Invalid headers");
}
return $buffer;
}
}