@weierophinney weierophinney released this Aug 13, 2018 · 2 commits to master since this release

Assets 2

Added

  • Nothing.

Changed

  • #153 changes the reason phrase associated with the status code 425
    from "Unordered Collection" to "Too Early", corresponding to a new definition
    of the code as specified by the IANA.

Deprecated

  • Nothing.

Removed

  • Nothing.

Fixed

  • #151 fixes how Referer and other location-based headers report problems with
    invalid URLs provided in the header value, raising a Zend\Http\Exception\InvalidArgumentException
    in such cases. This change ensures the behavior is consistent with behavior
    prior to the 2.8.0 release.

@weierophinney weierophinney released this Aug 1, 2018 · 18 commits to master since this release

Assets 2

Added

  • Nothing.

Changed

  • This release modifies how Zend\Http\PhpEnvironment\Request marshals the
    request URI. In prior releases, we would attempt to inspect the
    X-Rewrite-Url and X-Original-Url headers, using their values, if present.
    These headers are issued by the ISAPI_Rewrite module for IIS (developed by
    HeliconTech). However, we have no way of guaranteeing that the module is what
    issued the headers, making it an unreliable source for discovering the URI. As
    such, we have removed this feature in this release of zend-http.

    If you are developing a zend-mvc application, you can mimic the
    functionality by adding a bootstrap listener like the following:

    public function onBootstrap(MvcEvent $mvcEvent)
    {
        $request = $mvcEvent->getRequest();
        $requestUri = null;
    
        $httpXRewriteUrl = $request->getHeader('X-Rewrite-Url');
        if ($httpXRewriteUrl) {
            $requestUri = $httpXRewriteUrl->getFieldValue();
        }
    
        $httpXOriginalUrl = $request->getHeader('X-Original-Url');
        if ($httpXOriginalUrl) {
            $requestUri = $httpXOriginalUrl->getFieldValue();
        }
    
        if ($requestUri) {
            $request->setUri($requestUri)
        }
    }

    If you use a listener such as the above, make sure you also instruct your web
    server to strip any incoming headers of the same name so that you can
    guarantee they are issued by the ISAPI_Rewrite module.

Deprecated

  • Nothing.

Removed

  • Nothing.

Fixed

  • Nothing.

@weierophinney weierophinney released this Apr 26, 2018 · 22 commits to master since this release

Assets 2

Added

  • #135 adds a package suggestion of paragonie/certainty, which provides automated
    management of cacert.pem files.

  • #143 adds support for PHP 7.2.

Changed

  • Nothing.

Deprecated

  • Nothing.

Removed

  • Nothing.

Fixed

  • #140 fixes retrieval of headers when multiple headers of the same name
    are added to the Headers instance; it now ensures that the last header added of the same
    type is retrieved when it is not a multi-value type. Previous values are overwritten.

  • #112 provides performance improvements when parsing large chunked messages.

  • introduces changes to Response::fromString() to pull the next line of the response
    and parse it for the status when a 100 status code is initially encountered, per https://tools.ietf.org/html/rfc7231\#section-6.2.1

  • #122 fixes an issue with the stream response whereby if the outputstream
    option is set, the output file was opened twice; it is now opened exactly once.

  • #147 fixes an issue with header retrieval when the header line is malformed.
    Previously, an exception would be raised if a specific HeaderInterface implementation determined
    the header line was invalid. Now, Header::has() will return false for such headers, allowing
    Request::getHeader() to return false or the provided default value. Additionally, in cases
    where the header name is malformed (e.g., Useragent instead of User-Agent, users can still
    retrieve by the submitted header name; they will receive a GenericHeader instance in such
    cases, however.

  • #133 Adds back missing
    sprintf placeholder in CacheControl exception message

@Xerkus Xerkus released this Oct 13, 2017 · 87 commits to master since this release

Assets 2

Added

  • #110 Adds status codes 226, 308, 444, 499, 510, 599 with their corresponding constants and reason phrases.

Changed

  • #120 Changes handling of Cookie Max-Age parameter to conform to specification rfc6265-section-5.2.2.
    Specifically, non-numeric values are ignored and negative numbers are changed to 0.

Deprecated

  • Nothing.

Removed

  • #115 dropped php 5.5 support

Fixed

  • #130 Fixed cURL adapter not resetting headers from previous request when used with output stream.
Jul 13, 2017
zend-http 2.4.13
Jun 19, 2017
zend-http 2.4.12

@ezimuel ezimuel released this Jan 31, 2017 · 159 commits to master since this release

Assets 2

Added

  • #99 added
    TimeoutException for cURL adapter.
  • #98 added connection
    timeout (connecttimeout) for cURL and Socket adapters.
  • #97 added support to
    sslcafile and sslcapath to cURL adapter.

Deprecated

  • Nothing.

Removed

  • Nothing.

Fixed

  • Nothing.

@ezimuel ezimuel released this Jan 31, 2017 · 230 commits to master since this release

Assets 2

Added

  • Nothing.

Deprecated

  • Nothing.

Removed

  • Nothing.

Fixed

  • #107 fixes the
    Expires header to allow values of 0 or '0'; these now resolve
    to the start of the unix epoch (1970-01-01).
  • #102 fixes the Curl
    adapter timeout detection.
  • #93 fixes the Content
    Security Policy CSP HTTP header when it is none (empty value).
  • #92 fixes the flatten
    cookies value for array value (also multidimensional).
  • #34 fixes the arg_separator
    for application/x-www-form-urlencoded submissions.
Dec 19, 2016
zend-http 2.4.11

@weierophinney weierophinney released this Aug 8, 2016 · 277 commits to master since this release

Assets 2

Added

Deprecated

  • Nothing.

Removed

  • Nothing.

Fixed

  • #87 fixes the ContentLength constructor to test for a non null value (vs a falsy value) before validating the value; this ensures 0 values may be specified for the length.
  • #85 fixes infinite recursion on AbstractAccept. If you create a new Accept and try to call getFieldValue(), an infinite recursion and a fatal error happens.
  • #58 avoid triggering a notice with special crafted accept headers. In the case the value of an accept header does not contain an equal sign, an "Undefined offset" notice is triggered.