Fix Invalid header line for Content-Disposition string - incomplete continuation

[glensc]

Q	A
Bugfix	yes
Critical	yes

Description

https://tools.ietf.org/html/rfc2231 allows the sequence (internally $count) being missing:

        Content-Type: application/x-stuff;
         title*=us-ascii'en-us'This%20is%20%2A%2A%2Afun%2A%2A%2A

However ContentDisposition expected it to be number, and failed to cast empty string to numeric index. This resulted in throwing InvalidArgumentException(code: 0): Invalid header line for Content-Disposition string - incomplete continuation

Additionally, seems similar logic is needed ion ContentType class, but it's partly duplicated, ContentDisposition has more logic, and the exception is presented only in ContentDisposition class.

[glensc]

WDYT of having @codingStandardsIgnoreStart equivalent enabled for all tests? or set the line lenght limit to 512 or something biggger than 120, that 120 quota is very easy to reach:

➔ grep -r @codingStandardsIgnoreStart test/|wc -l
19

[glensc]

I don't know how to fight coverage, it says coverage increased, but still making status check failed

• https://coveralls.io/builds/32879718

COVERAGE INCREASED (+0.09%) TO 62.259%

[glensc]

@weierophinney how to indicate it's ready for merge from the developer? I removed draft status, but seems can't request a review as that probably requires being project member.

[froschdesign]

@glensc

but seems can't request a review as that probably requires being project member.

Which is correct:

Note: Pull request authors can't request reviews unless they are either a repository owner or collaborator with write access to the repository.

https://docs.github.com/en/github/collaborating-with-issues-and-pull-requests/requesting-a-pull-request-review

(But there is a bug here on GitHub so sometimes you can add a reviewer without special permissions.)

[glensc]

Updated, DCO & Travis pass.

[glensc]

ping!

[glensc]

another ping!

I'd like this to be in the next patch release. it's critical for us, and keeping production patched (hot fixed) is not very sustainable solution.

and maintaining a fork again its something I'd really like to avoid!

• https://github.com/eventum/zend-mail

[glensc]

@weierophinney @froschdesign @samsonasik ping

https://outlook.office.com/mail/inbox seems to create such mails, so it's pretty common and wild.

[glensc]

and apparently Apple Mail as well: #111

[glensc]

@boesing seeing you active in this project (#113), can you do something to get this PR (#108) moving? waiting for the fix to be released for almost 50 days is depressive...

[boesing]

@glensc I've created issues in every package today. ;-)

TBH, I am not that familiar with all that mail standards, e.g.
Furthermore, we voted to mark this package as security-only as (you can also see) we do not focus on this package anymore.

Laminas has a huge amount of packages (including all mezzio and laminas-api-tools) while we are just a bunch of people to maintain all these packages (most of us are volunteering tho).

I'd like to have another one have a look on this and then we probably get to merge this. Thanks for your patience and sorry that it might take some time to get things merged (as we are focussing on other packages currently).

[boesing]

From my perspective, this PR is fine. However, as I stated that I don't know much about all this stuff, I try to get someone to review this aswell.

[cedric-anne]

I had the same problem and applying this fix solves it.

[glensc]

Can this be merged and released, please?

[Ocramius]

LGTM 🚢

Sorry that it went under the radar 😱

[Ocramius]

Thanks @glensc - going out for release right now

[glensc]

It took a while, but at least still fixed in the same year :)

[glensc]

I think the $type is always string|null as explode and list can't return anything else.