Allow strict checks for Content-* headers #66
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Previously, we would check any key starting with `CONTENT_` in the `$_SERVER` array, and treat it as a header. However, per laminas#63, this is incorrect, and we should only look for `CONTENT_TYPE`, `CONTENT_LENGTH`, and `CONTENT_MD5`. To keep backwards compatibility, this patch implements a switch, using the ENV variable LAMINAS_DIACTOROS_STRICT_CONTENT_HEADER_LOOKUP. When this value is found in `$_SERVER` (which aggregates ENV variables as well), the logic for identifying headers in the `$_SERVER` array will become strict. For version 3.0, we will make the strict lookup the default. Signed-off-by: Matthew Weier O'Phinney <matthew@weierophinney.net>
weierophinney
force-pushed
the
feature/limit-content-headers-from-server
branch
from
75e9caa
to
9b37fc1
Compare
Signed-off-by: Matthew Weier O'Phinney <matthew@weierophinney.net>
weierophinney
force-pushed
the
feature/limit-content-headers-from-server
branch
from
9b37fc1
to
b8d2371
Compare
weierophinney
commented
May 17, 2021
boesing
approved these changes
May 17, 2021
|
Fix looks good for me 👍 |
That would work if this were a class. However, since it's a function within a namespace, all constants are thus publicly visible. |
Signed-off-by: Matthew Weier O'Phinney <matthew@weierophinney.net>
Signed-Off-By: <matthew@weierophinney.net> Co-authored-by: Frank Brückner <info@froschdesignstudio.de>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Previously, we would check any key starting with
CONTENT_in the$_SERVERarray, and treat it as a header. However, per #63, this is incorrect, and we should only look forCONTENT_TYPE,CONTENT_LENGTH, andCONTENT_MD5. To keep backwards compatibility, this patch implements a switch, using the ENV variable LAMINAS_DIACTOROS_STRICT_CONTENT_HEADER_LOOKUP. When this value is found in$_SERVER(which aggregates ENV variables as well), the logic for identifying headers in the$_SERVERarray will become strict.For version 3.0, we will make the strict lookup the default.
Fixes #63