Diactoros 1.2.1

Added

• Nothing.

Deprecated

• Nothing.

Removed

• Nothing.

Fixed

• #101 fixes the withHeader() implementation to ensure that if the header existed previously but using a different casing strategy, the previous version will be removed in the cloned instance.
• #103 fixes the constructor of Response to ensure that null status codes are not possible.
• #99 fixes validation of header values submitted via request and response constructors as follows:
  • numeric (integer and float) values are now properly allowed (this solves some reported issues with setting Content-Length headers)
  • invalid header names (non-string values or empty strings) now raise an exception.
  • invalid individual header values (non-string, non-numeric) now raise an exception.

Diactoros 1.2.0

Added

• #88 updates the SapiEmitter to emit a Content-Length header with the content length as reported by the response body stream, assuming that StreamInterface::getSize() returns an integer.
• #77 adds a new response type, Zend\Diactoros\Response\TextResponse, for returning plain text responses. By default, it sets the content type to text/plain; charset=utf-8; per the other response types, the signature is new TextResponse($text, $status = 200, array $headers = [].
• #90 adds a new Zend\Diactoros\CallbackStream, allowing you to back a stream with a PHP callable (such as a generator) to generate the message content. Its constructor accepts the callable: $stream = new CallbackStream($callable);

Deprecated

• Nothing.

Removed

• Nothing.

Fixed

• #77 updates the HtmlResponse to set the charset to utf-8 by default (if no content type header is provided at instantiation).

Diactoros 1.1.3

Added

• Nothing.

Deprecated

• Nothing.

Removed

• Nothing.

Fixed

• #71 fixes the docblock of the JsonResponse constructor to typehint the $data argument as mixed.
• #73 changes the behavior in Request such that if it marshals a stream during instantiation, the stream is marked as writeable (specifically, mode wb+).
• #85 updates the behavior of Zend\Diactoros\Uri's various with*() methods that are documented as accepting strings to raise exceptions on non-string input. Previously, several simply passed non-string input on verbatim, others normalized the input, and a few correctly raised the exceptions. Behavior is now consistent across each.
• #87 fixes UploadedFile to ensure that moveTo() works correctly in non-SAPI environments when the file provided to the constructor is a path.

Diactoros 1.1.2

Added

• Nothing.

Deprecated

• Nothing.

Removed

• Nothing.

Fixed

• #67 ensures that the Stream class only accepts stream resources, not any resource.

Diactoros 1.1.1

Added

• Nothing.

Deprecated

• Nothing.

Removed

• Nothing.

Fixed

• #64 fixes the behavior of JsonResponse with regards to serialization of null and scalar values; the new behavior is to serialize them verbatim, without any casting.

Diactoros 1.1.0

Added

• #52, #58, #59, and #61 create several custom response types for simplifying response creation:

  • Zend\Diactoros\Response\HtmlResponse accepts HTML content via its constructor, and sets the Content-Type to text/html.
  • Zend\Diactoros\Response\JsonResponse accepts data to serialize to JSON via its constructor, and sets the Content-Type to application/json.
  • Zend\Diactoros\Response\EmptyResponse allows creating empty, read-only responses, with a default status code of 204.
  • Zend\Diactoros\Response\RedirectResponse allows specifying a URI for the Location header in the constructor, with a default status code of 302.

  Each also accepts an optional status code, and optional headers (which can also be used to provide an alternate Content-Type in the case of the HTML and JSON responses).

Deprecated

• Nothing.

Removed

• #43 removed both ServerRequestFactory::marshalUri() and ServerRequestFactory::marshalHostAndPort(), which were deprecated prior to the 1.0 release.

Fixed

• #29 fixes request method validation to allow any valid token as defined by RFC 7230. This allows usage of custom request methods, vs a static, hard-coded list.

Diactoros 1.0.5

Added

• Nothing.

Deprecated

• Nothing.

Removed

• Nothing.

Fixed

• #60 fixes the behavior of UploadedFile when the $errorStatus provided at instantiation is not UPLOAD_ERR_OK. Prior to the fix, an InvalidArgumentException would occur at instantiation due to the fact that the upload file was missing or invalid. With the fix, no exception is raised until a call to moveTo() or getStream() is made.

Diactoros 1.0.4

This is a security release.

A patch has been applied to Zend\Diactoros\Uri::filterPath() that ensures that paths can only begin with a single leading slash. This prevents the following potential security issues:

• XSS vectors. If the URI path is used for links or form targets, this prevents cases where the first segment of the path resembles a domain name, thus creating scheme-relative links such as //example.com/foo. With the patch, the leading double slash is reduced to a single slash, preventing the XSS vector.
• Open redirects. If the URI path is used for Location or Link headers, without a scheme and authority, potential for open redirects exist if clients do not prepend the scheme and authority. Again, preventing a double slash corrects the vector.

If you are using Zend\Diactoros\Uri for creating links, form targets, or redirect paths, and only using the path segment, we recommend upgrading immediately.

Added

• #25 adds documentation. Documentation is written in markdown, and can be converted to HTML using bookdown. New features now MUST include documentation for acceptance.

Deprecated

• Nothing.

Removed

• Nothing.

Fixed

• #51 fixes MessageTrait::getHeaderLine() to return an empty string instead of null if the header is undefined (which is the behavior specified in PSR-7).
• #57 fixes the behavior of how the ServerRequestFactory marshals upload files when they are represented as a nested associative array.
• #49 provides several fixes that ensure that Diactoros complies with the PSR-7 specification:
  • MessageInterface::getHeaderLine() MUST return a string (that string CAN be empty). Previously, Diactoros would return null.
  • If no Host header is set, the $preserveHost flag MUST be ignored when calling withUri() (previously, Diactoros would not set the Host header if $preserveHost was true, but no Host header was present).
  • The request method MUST be a string; it CAN be empty. Previously, Diactoros would return null.
  • The request MUST return a UriInterface instance from getUri(); that instance CAN be empty. Previously, Diactoros would return null; now it lazy-instantiates an empty Uri instance on initialization.
• ZF2015-05 was addressed by altering Uri::filterPath() to prevent emitting a path prepended with multiple slashes.

Diactoros 1.0.3

Added

• #48 drops the minimum supported PHP version to 5.4, to allow an easier upgrade path for Symfony 2.7 users, and potential Drupal 8 usage.

Deprecated

• Nothing.

Removed

• Nothing.

Fixed

• Nothing.

Diactoros 1.0.2

Added

• #27 adds phonetic pronunciation of "Diactoros" to the README file.
• #36 adds property annotations to the class-level docblock of Zend\Diactoros\RequestTrait to ensure properties inherited from the MessageTrait are inherited by implementations.

Deprecated

• Nothing.

Removed

• Nothing.

Fixed

• #41 fixes the namespace for test files to begin with ZendTest instead of Zend.
• #46 ensures that the cookie and query params for the ServerRequest implementation are initialized as arrays.
• #47 modifies the internal logic in HeaderSecurity::isValid() to use a regular expression instead of character-by-character comparisons, improving performance.