[BUGFIX] PSR-7 responses return header using getHeader()

The base PSR-7 implementation of the Response object does not sanitize the headers properly when handing them in as an array, thus, it is stored wrong in the Response object. Resolves: #84853 Releases: master, 8.7 Change-Id: I7571f1438bc602bcae9367b82f99946ed22d8308 Reviewed-on: https://review.typo3.org/56093 Tested-by: TYPO3com <no-reply@typo3.com> Reviewed-by: Andreas Wolf <andreas.wolf@typo3.org> Tested-by: Andreas Wolf <andreas.wolf@typo3.org> Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de> Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de> Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch> Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
TYPO3 · May 13, 2018 · b3f18c9 · b3f18c9
1 parent f2476e3
commit b3f18c9
Show file tree

Hide file tree

Showing 3 changed files with 118 additions and 2 deletions.
diff --git a/typo3/sysext/core/Classes/Http/Response.php b/typo3/sysext/core/Classes/Http/Response.php
@@ -140,7 +140,7 @@ public function __construct($body = 'php://temp', $statusCode = 200, $headers =
         $this->statusCode = (int)$statusCode;
 
         $this->reasonPhrase = $this->availableStatusCodes[$this->statusCode];
-        $headers = $this->filterHeaders($headers)[1];
+        list($this->lowercasedHeaderNames, $headers) = $this->filterHeaders($headers);
         $this->assertHeaders($headers);
         $this->headers = $headers;
     }

diff --git a/typo3/sysext/core/Tests/Unit/Http/RedirectResponseTest.php b/typo3/sysext/core/Tests/Unit/Http/RedirectResponseTest.php
@@ -0,0 +1,104 @@
+<?php
+namespace TYPO3\CMS\Core\Tests\Unit\Http;
+
+/*
+ * This file is part of the TYPO3 CMS project.
+ *
+ * It is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License, either version 2
+ * of the License, or any later version.
+ *
+ * For the full copyright and license information, please read the
+ * LICENSE.txt file that was distributed with this source code.
+ *
+ * The TYPO3 project - inspiring people to share!
+ */
+
+use TYPO3\CMS\Core\Http\RedirectResponse;
+use TYPO3\TestingFramework\Core\Unit\UnitTestCase;
+
+/**
+ * Test case
+ */
+class RedirectResponseTest extends UnitTestCase
+{
+    /**
+     * @test
+     */
+    public function getHeadersReturnsLocationUrlSetByConstructorArgument()
+    {
+        $subject = new RedirectResponse('theRedirectUrl');
+        $expected = [
+            'location' => [
+                0 => 'theRedirectUrl',
+            ]
+        ];
+        $this->assertSame($expected, $subject->getHeaders());
+    }
+
+    /**
+     * @test
+     */
+    public function getHeaderReturnsLocationUrlSetByConstructorArgument()
+    {
+        $subject = new RedirectResponse('theRedirectUrl');
+        $expected = [
+            0 => 'theRedirectUrl',
+        ];
+        $this->assertSame($expected, $subject->getHeader('location'));
+    }
+
+    /**
+     * @test
+     */
+    public function getHeadersReturnsHeaderSetByConstructorArgument()
+    {
+        $input = [
+            'camelCasedHeaderName' => 'aHeaderValue',
+            'lowercasedheadername' => 'anotherHeaderValue',
+        ];
+        $expected = [
+            'camelCasedHeaderName' => [
+                0 => 'aHeaderValue',
+            ],
+            'lowercasedheadername' => [
+                0 => 'anotherHeaderValue',
+            ],
+            'location' => [
+                0 => 'url'
+            ],
+        ];
+        $subject = new RedirectResponse('url', 302, $input);
+        $this->assertSame($expected, $subject->getHeaders());
+    }
+
+    /**
+     * @test
+     */
+    public function getHeaderReturnsHeaderSetByConstructorArgument()
+    {
+        $input = [
+            'lowercasedheadername' => 'anotherHeaderValue',
+        ];
+        $expected = [
+            0 => 'anotherHeaderValue',
+        ];
+        $subject = new RedirectResponse('url', 302, $input);
+        $this->assertSame($expected, $subject->getHeader('lowercasedheadername'));
+    }
+
+    /**
+     * @test
+     */
+    public function getHeaderReturnsHeaderSetByConstructorArgumentLowerCased()
+    {
+        $input = [
+            'camelCasedHeaderName' => 'aHeaderValue',
+        ];
+        $expected = [
+            0 => 'aHeaderValue',
+        ];
+        $subject = new RedirectResponse('url', 302, $input);
+        $this->assertSame($expected, $subject->getHeader('camelCasedHeaderName'));
+    }
+}
diff --git a/typo3/sysext/core/Tests/Unit/Http/ResponseTest.php b/typo3/sysext/core/Tests/Unit/Http/ResponseTest.php
@@ -224,9 +224,21 @@ public function headersWithInjectionVectorsDataProvider()
      * @test
      * @dataProvider headersWithInjectionVectorsDataProvider
      */
-    public function cnstructorRaisesExceptionForHeadersWithCRLFVectors($name, $value)
+    public function constructorRaisesExceptionForHeadersWithCRLFVectors($name, $value)
     {
         $this->expectException(\InvalidArgumentException::class);
         new Response('php://memory', 200, [$name => $value]);
     }
+
+    /**
+     * @test
+     */
+    public function getHeaderReturnsHeaderSetByConstructorArgument()
+    {
+        $subject = new Response('php://memory', 200, ['location' => 'foo']);
+        $expected = [
+            0 => 'foo',
+        ];
+        $this->assertSame($expected, $subject->getHeader('location'));
+    }
 }