From 778cce6e6cee88b6278636ea87baa9ff0c082ade Mon Sep 17 00:00:00 2001
From: Jeshua Borges <jesh@jesh.me>
Date: Fri, 5 Jan 2018 13:35:44 -0800
Subject: [PATCH] Handle integer headers

Here, at getpocket.com, we have had a client hit our servers with
header keys as integers. In doing so `HeaderSecurity::assertValidName`
is throwing an exception because `! is_string(-1) === true`.

I have been unable to identify any documentation which would suggest
that these values could be valid. At this point I believe the best
behavior is to ignore these keys.
---
 src/ServerRequestFactory.php      | 6 +++++-
 test/ServerRequestFactoryTest.php | 1 +
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/ServerRequestFactory.php b/src/ServerRequestFactory.php
index 3b767222..3bc5ede5 100644
--- a/src/ServerRequestFactory.php
+++ b/src/ServerRequestFactory.php
@@ -211,7 +211,11 @@ public static function marshalHeaders(array $server)
 
             if ($value && strpos($key, 'HTTP_') === 0) {
                 $name = strtr(strtolower(substr($key, 5)), '_', '-');
-                $headers[$name] = $value;
+
+                if (! is_numeric($name)) {
+                  $headers[$name] = $value;
+                }
+
                 continue;
             }
 
diff --git a/test/ServerRequestFactoryTest.php b/test/ServerRequestFactoryTest.php
index 63f202e1..35ebf53b 100644
--- a/test/ServerRequestFactoryTest.php
+++ b/test/ServerRequestFactoryTest.php
@@ -62,6 +62,7 @@ public function testMarshalsExpectedHeadersFromServerArray()
             'HTTP_CONTENT_TYPE' => 'application/json',
             'HTTP_ACCEPT' => 'application/json',
             'HTTP_X_FOO_BAR' => 'FOOBAR',
+            'HTTP__1' => '-1',
             'CONTENT_MD5' => 'CONTENT-MD5',
             'CONTENT_LENGTH' => 'UNSPECIFIED',
         ];