Merge branch 'hotfix/47' into develop

Forward port #47
zendframework · Jun 4, 2015 · 2477f66 · 2477f66
2 parents 9767c6c + 7fe05d7
commit 2477f66
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 18 deletions.
diff --git a/src/HeaderSecurity.php b/src/HeaderSecurity.php
@@ -106,23 +106,15 @@ public static function isValid($value)
             return false;
         }
 
-        $length = strlen($value);
-        for ($i = 0; $i < $length; $i += 1) {
-            $ascii = ord($value[$i]);
-
-            // Non-visible, non-whitespace characters
-            // 9 === horizontal tab
-            // 10 === line feed
-            // 13 === carriage return
-            // 32-126, 128-254 === visible
-            // 127 === DEL
-            // 255 === null byte
-            if (($ascii < 32 && ! in_array($ascii, [9, 10, 13], true))
-                || $ascii === 127
-                || $ascii > 254
-            ) {
-                return false;
-            }
+        // Non-visible, non-whitespace characters
+        // 9 === horizontal tab
+        // 10 === line feed
+        // 13 === carriage return
+        // 32-126, 128-254 === visible
+        // 127 === DEL (disallowed)
+        // 255 === null byte (disallowed)
+        if (preg_match('/[^\x09\x0a\x0d\x20-\x7E\x80-\xFE]/', $value)) {
+            return false;
         }
 
         return true;

diff --git a/test/HeaderSecurityTest.php b/test/HeaderSecurityTest.php
@@ -65,7 +65,10 @@ public function validateValues()
             ["This is a\r\r test", 'assertFalse'],
             ["This is a \r\r\n test", 'assertFalse'],
             ["This is a \r\n\r\ntest", 'assertFalse'],
-            ["This is a \r\n\n\r\n test", 'assertFalse']
+            ["This is a \r\n\n\r\n test", 'assertFalse'],
+            ["This is a \xFF test", 'assertFalse'],
+            ["This is a \x7F test", 'assertFalse'],
+            ["This is a \x7E test", 'assertTrue'],
         ];
     }