Merge branch 'develop' into add-csv-response-class

Author: settermjd

.gitignore

@@ -2,4 +2,5 @@
 doc/html/
 vendor/
 zf-mkdoc-theme/
+/test/TestAsset/.cache/
 phpunit.xml

.travis.yml

@@ -3,10 +3,12 @@ language: php
 cache:
   directories:
     - $HOME/.composer/cache
+    - test/TestAsset/.cache # Cache archives are currently set to expire after 28 days by default
 
 env:
   global:
     - COMPOSER_ARGS="--no-interaction"
+    - COVERAGE_DEPS="php-coveralls/php-coveralls"
 
 matrix:
   include:
@@ -47,6 +49,7 @@ install:
   - travis_retry composer install $COMPOSER_ARGS
   - if [[ $DEPS == 'latest' ]]; then travis_retry composer update $COMPOSER_ARGS ; fi
   - if [[ $DEPS == 'lowest' ]]; then travis_retry composer update --prefer-lowest --prefer-stable $COMPOSER_ARGS ; fi
+  - if [[ $TEST_COVERAGE == 'true' ]]; then travis_retry composer require --dev $COMPOSER_ARGS $COVERAGE_DEPS ; fi
   - stty cols 120 && composer show
 
 script:

CHANGELOG.md

@@ -2,7 +2,7 @@
 
 All notable changes to this project will be documented in this file, in reverse chronological order by release.
 
-## 2.2.2
+## 2.2.0 - TBD
 
 ### Added
 
@@ -22,7 +22,99 @@ All notable changes to this project will be documented in this file, in reverse
 
 ### Fixed
 
-- [#361](https://github.com/zendframework/zend-diactoros/pull/361) adds `CsvResponse` to the list of available Response classes. It supports sending CSV content with a `plain/csv` content-type response header, either as plain text or as a downloadable file. Adds `DownloadResponseTrait` which provides functionality for sending a response as a downloadable file.
+- Nothing.
+
+## 2.1.6 - TBD
+
+### Added
+
+- Nothing.
+
+### Changed
+
+- Nothing.
+
+### Deprecated
+
+- Nothing.
+
+### Removed
+
+- Nothing.
+
+### Fixed
+
+- Nothing.
+
+## 2.1.5 - 2019-10-10
+
+### Added
+
+- Nothing.
+
+### Changed
+
+- Nothing.
+
+### Deprecated
+
+- Nothing.
+
+### Removed
+
+- Nothing.
+
+### Fixed
+
+- [#372](https://github.com/zendframework/zend-diactoros/pull/372) fixes issues that occur in the `Zend\Diactoros\Uri` class when invalid UTF-8 characters are present the user-info, path, or query string, ensuring they are URL-encoded before being consumed. Previously, such characters could result in a fatal error, which was particularly problematic when marshaling the request URI for an application request cycle.
+
+## 2.1.4 - 2019-10-08
+
+### Added
+
+- Nothing.
+
+### Changed
+
+- Nothing.
+
+### Deprecated
+
+- Nothing.
+
+### Removed
+
+- Nothing.
+
+### Fixed
+
+- [#370](https://github.com/zendframework/zend-diactoros/pull/370) updates `Zend\Diactoros\marshalHeadersFromSapi()` to ensure all underscores in header name keys are converted to dashes (fixing issues with header names such as `CONTENT_SECURITY_POLICY`, which would previously resolve improperly to `content-security_policy`).
+
+- [#370](https://github.com/zendframework/zend-diactoros/pull/370) updates `Zend\Diactoros\marshalHeadersFromSapi()` to ignore header names from the `$server` array that resolve to integers; previously, it would raise a fatal error.
+
+## 2.1.3 - 2019-07-10
+
+### Added
+
+- Nothing.
+
+### Changed
+
+- Nothing.
+
+### Deprecated
+
+- Nothing.
+
+### Removed
+
+- Nothing.
+
+### Fixed
+
+- [#363](https://github.com/zendframework/zend-diactoros/issues/363) modifies detection of HTTPS schemas via the `$_SERVER['HTTPS']` value
+  such that an empty HTTPS-key will result in a scheme of `http` and not
+  `https`.
 
 ## 2.1.2 - 2019-04-29
 
@@ -1516,4 +1608,4 @@ First stable release, and first release as `zend-diactoros`.
 
 ### Fixed
 
-- Nothing.
+- Nothing.

composer.json

@@ -31,6 +31,7 @@
     "psr/http-message": "^1.0"
   },
   "require-dev": {
+    "ext-curl": "*",
     "ext-dom": "*",
     "ext-libxml": "*",
     "http-interop/http-factory-tests": "^0.5.0",

composer.lock

@@ -15,6 +15,7 @@
     </filter>
 
     <php>
+        <env name="ALWAYS_REFRESH_IANA_HTTP_STATUS_CODES" value="false"/>
         <const name="REQUEST_FACTORY" value="Zend\Diactoros\RequestFactory"/>
         <const name="RESPONSE_FACTORY" value="Zend\Diactoros\ResponseFactory"/>
         <const name="SERVER_REQUEST_FACTORY" value="Zend\Diactoros\ServerRequestFactory"/>

phpunit.xml.dist

@@ -11,9 +11,7 @@
 
 use Psr\Http\Message\UriInterface;
 
-use function array_key_exists;
 use function array_keys;
-use function count;
 use function explode;
 use function get_class;
 use function gettype;
@@ -23,10 +21,12 @@
 use function is_string;
 use function ltrim;
 use function parse_url;
+use function preg_match;
 use function preg_replace;
 use function preg_replace_callback;
 use function rawurlencode;
 use function sprintf;
+use function str_split;
 use function strpos;
 use function strtolower;
 use function substr;
@@ -560,6 +560,8 @@ private function filterScheme(string $scheme) : string
      */
     private function filterUserInfoPart(string $part) : string
     {
+        $part = $this->filterInvalidUtf8($part);
+
         // Note the addition of `%` to initial charset; this allows `|` portion
         // to match and thus prevent double-encoding.
         return preg_replace_callback(
@@ -574,6 +576,8 @@ private function filterUserInfoPart(string $part) : string
      */
     private function filterPath(string $path) : string
     {
+        $path = $this->filterInvalidUtf8($path);
+
         $path = preg_replace_callback(
             '/(?:[^' . self::CHAR_UNRESERVED . ')(:@&=\+\$,\/;%]+|%(?![A-Fa-f0-9]{2}))/u',
             [$this, 'urlEncodeChar'],
@@ -594,6 +598,26 @@ private function filterPath(string $path) : string
         return '/' . ltrim($path, '/');
     }
 
+    /**
+     * Encode invalid UTF-8 characters in given string. All other characters are unchanged.
+     */
+    private function filterInvalidUtf8(string $string) : string
+    {
+        // check if given string contains only valid UTF-8 characters
+        if (preg_match('//u', $string)) {
+            return $string;
+        }
+
+        $letters = str_split($string);
+        foreach ($letters as $i => $letter) {
+            if (! preg_match('//u', $letter)) {
+                $letters[$i] = $this->urlEncodeChar([$letter]);
+            }
+        }
+
+        return implode('', $letters);
+    }
+
     /**
      * Filter a query string to ensure it is propertly encoded.
      *
@@ -654,6 +678,8 @@ private function filterFragment(string $fragment) : string
      */
     private function filterQueryOrFragment(string $value) : string
     {
+        $value = $this->filterInvalidUtf8($value);
+
         return preg_replace_callback(
             '/(?:[^' . self::CHAR_UNRESERVED . self::CHAR_SUB_DELIMS . '%:@\/\?]+|%(?![A-Fa-f0-9]{2}))/u',
             [$this, 'urlEncodeChar'],

src/Uri.php

@@ -33,7 +33,7 @@ function createUploadedFile(array $spec) : UploadedFile
         $spec['tmp_name'],
         $spec['size'],
         $spec['error'],
-        isset($spec['name']) ? $spec['name'] : null,
-        isset($spec['type']) ? $spec['type'] : null
+        $spec['name'] ?? null,
+        $spec['type'] ?? null
     );
 }

src/functions/create_uploaded_file.php

@@ -10,6 +10,7 @@
 namespace Zend\Diactoros;
 
 use function array_key_exists;
+use function is_string;
 use function strpos;
 use function strtolower;
 use function strtr;
@@ -23,6 +24,14 @@ function marshalHeadersFromSapi(array $server) : array
 {
     $headers = [];
     foreach ($server as $key => $value) {
+        if (! is_string($key)) {
+            continue;
+        }
+
+        if ($value === '') {
+            continue;
+        }
+
         // Apache prefixes environment variables with REDIRECT_
         // if they are added by rewrite rules
         if (strpos($key, 'REDIRECT_') === 0) {
@@ -35,18 +44,14 @@ function marshalHeadersFromSapi(array $server) : array
             }
         }
 
-        if ($value === '') {
-            continue;
-        }
-
         if (strpos($key, 'HTTP_') === 0) {
             $name = strtr(strtolower(substr($key, 5)), '_', '-');
             $headers[$name] = $value;
             continue;
         }
 
         if (strpos($key, 'CONTENT_') === 0) {
-            $name = 'content-' . strtolower(substr($key, 8));
+            $name = strtr(strtolower($key), '_', '-');
             $headers[$name] = $value;
             continue;
         }

src/functions/marshal_headers_from_sapi.php

@@ -14,5 +14,5 @@
  */
 function marshalMethodFromSapi(array $server) : string
 {
-    return isset($server['REQUEST_METHOD']) ? $server['REQUEST_METHOD'] : 'GET';
+    return $server['REQUEST_METHOD'] ?? 'GET';
 }

src/functions/marshal_method_from_sapi.php

@@ -132,19 +132,19 @@ function marshalUriFromSapi(array $server, array $headers) : Uri
     $marshalRequestPath = function (array $server) : string {
         // IIS7 with URL Rewrite: make sure we get the unencoded url
         // (double slash problem).
-        $iisUrlRewritten = array_key_exists('IIS_WasUrlRewritten', $server) ? $server['IIS_WasUrlRewritten'] : null;
-        $unencodedUrl    = array_key_exists('UNENCODED_URL', $server) ? $server['UNENCODED_URL'] : '';
+        $iisUrlRewritten = $server['IIS_WasUrlRewritten'] ?? null;
+        $unencodedUrl    = $server['UNENCODED_URL'] ?? '';
         if ('1' === $iisUrlRewritten && ! empty($unencodedUrl)) {
             return $unencodedUrl;
         }
 
-        $requestUri = array_key_exists('REQUEST_URI', $server) ? $server['REQUEST_URI'] : null;
+        $requestUri = $server['REQUEST_URI'] ?? null;
 
         if ($requestUri !== null) {
             return preg_replace('#^[^/:]+://[^/]+#', '', $requestUri);
         }
 
-        $origPathInfo = array_key_exists('ORIG_PATH_INFO', $server) ? $server['ORIG_PATH_INFO'] : null;
+        $origPathInfo = $server['ORIG_PATH_INFO'] ?? null;
         if (empty($origPathInfo)) {
             return '/';
         }
@@ -168,7 +168,7 @@ function marshalUriFromSapi(array $server, array $headers) : Uri
             ));
         }
 
-        return 'off' !== strtolower($https);
+        return 'on' === strtolower($https);
     };
     if (array_key_exists('HTTPS', $server)) {
         $https = $marshalHttpsValue($server['HTTPS']);