.github/workflows/static.yml

@@ -8,47 +8,63 @@ name: Static analysis
 jobs:
   phpstan:
     name: PHPStan
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
+
+      - name: Setup PHP
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: 8.1
+          coverage: none
+          tools: phpstan:1.8.11, cs2pr
 
       - name: Download dependencies
-        run: |
-          composer update --no-interaction --prefer-dist --optimize-autoloader
+        uses: ramsey/composer-install@v2
 
       - name: PHPStan
-        uses: docker://oskarstark/phpstan-ga:0.12.48
-        env:
-          REQUIRE_DEV: true
-        with:
-          entrypoint: /composer/vendor/bin/phpstan
-          args: analyze --no-progress
+        run: phpstan analyze --no-progress --error-format=checkstyle | cs2pr
 
   php-cs-fixer:
     name: PHP-CS-Fixer
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
 
-      - name: PHP-CS-Fixer
-        uses: OskarStark/php-cs-fixer-ga@2.17.3
+      - name: Setup PHP
+        uses: shivammathur/setup-php@v2
         with:
-          args: --dry-run --diff-format udiff
+          php-version: 8.1
+          coverage: none
+          tools: php-cs-fixer:3.15, cs2pr
+
+      - name: Display PHP-CS-Fixer version
+        run: php-cs-fixer --version
+
+      - name: PHP-CS-Fixer
+        run: php-cs-fixer fix --dry-run --format=checkstyle | cs2pr
 
   psalm:
     name: Psalm
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     steps:
       - name: Checkout code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
 
-      - name: Psalm
-        uses: docker://vimeo/psalm-github-actions:3.17.2
-        env:
-          REQUIRE_DEV: true
+      - name: Setup PHP
+        uses: shivammathur/setup-php@v2
         with:
-          args: --no-progress --show-info=false --stats
+          php-version: 8.1
+          extensions: apcu, redis
+          coverage: none
+          tools: vimeo/psalm:4.29.0
+
+      - name: Download dependencies
+        uses: ramsey/composer-install@v2
+
+      - name: Psalm
+        run: psalm --no-progress --output-format=github

.github/workflows/tests.yml

@@ -77,8 +77,3 @@ jobs:
 
       - name: Run PHPUnit
         run: ./vendor/bin/phpunit --coverage-text --coverage-clover=coverage.xml
-
-      - name: Upload coverage
-        run: |
-          wget https://scrutinizer-ci.com/ocular.phar
-          php ocular.phar code-coverage:upload --format=php-clover coverage.xml

.gitignore

@@ -2,6 +2,6 @@ composer.lock
 phpstan.neon
 phpunit.xml
 vendor
-.php_cs.cache
+.php-cs-fixer.cache
 .phpunit.result.cache
 .tmp

.php-cs-fixer.dist.php

@@ -0,0 +1,25 @@
+<?php
+
+declare(strict_types=1);
+
+$finder = PhpCsFixer\Finder::create()
+    ->in(__DIR__.'/src')
+    ->in(__DIR__.'/tests');
+
+$config = new PhpCsFixer\Config();
+
+return $config->setRules([
+    '@Symfony' => true,
+    '@Symfony:risky' => true,
+    'native_function_invocation' => ['include'=> ['@all']],
+    'native_constant_invocation' => true,
+    'ordered_imports' => true,
+    'declare_strict_types' => false,
+    'linebreak_after_opening_tag' => false,
+    'single_import_per_statement' => false,
+    'blank_line_after_opening_tag' => false,
+    'concat_space' => ['spacing'=>'one'],
+    'phpdoc_align' => ['align'=>'left'],
+])
+    ->setRiskyAllowed(true)
+    ->setFinder($finder);

CHANGELOG.md

@@ -2,6 +2,10 @@
 
 All notable changes to this project will be documented in this file, in reverse chronological order by release.
 
+## 1.6.1
+
+- Security fix: CVE-2023-29197
+
 ## 1.6.0
 
 ### Changed

README.md

@@ -1,9 +1,6 @@
 # PSR-7 implementation
 
 [![Latest Version](https://img.shields.io/github/release/Nyholm/psr7.svg?style=flat-square)](https://github.com/Nyholm/psr7/releases)
-[![Build Status](https://img.shields.io/travis/Nyholm/psr7/master.svg?style=flat-square)](https://travis-ci.org/Nyholm/psr7)
-[![Code Coverage](https://img.shields.io/scrutinizer/coverage/g/Nyholm/psr7.svg?style=flat-square)](https://scrutinizer-ci.com/g/Nyholm/psr7)
-[![Quality Score](https://img.shields.io/scrutinizer/g/Nyholm/psr7.svg?style=flat-square)](https://scrutinizer-ci.com/g/Nyholm/psr7)
 [![Total Downloads](https://poser.pugx.org/nyholm/psr7/downloads)](https://packagist.org/packages/nyholm/psr7)
 [![Monthly Downloads](https://poser.pugx.org/nyholm/psr7/d/monthly.png)](https://packagist.org/packages/nyholm/psr7)
 [![Software License](https://img.shields.io/badge/license-MIT-brightgreen.svg?style=flat-square)](LICENSE)

phpstan.baseline.dist → phpstan-baseline.neon

@@ -21,27 +21,21 @@ parameters:
 			path: src/ServerRequest.php
 
 		-
-			message: "#^Parameter \\#1 \\$error_handler of function set_error_handler expects \\(callable\\(int, string, string, int, array\\)\\: bool\\)\\|null, 'var_dump' given\\.$#"
+			message: "#^Parameter \\#1 \\$callback of function set_error_handler expects \\(callable\\(int, string, string, int\\)\\: bool\\)\\|null, 'var_dump' given\\.$#"
 			count: 1
 			path: src/Stream.php
 
 		-
-			message: "#^Method Nyholm\\\\Psr7\\\\Stream\\:\\:__toString\\(\\) should return string but returns bool\\.$#"
+			message: "#^Result of && is always false\\.$#"
 			count: 1
 			path: src/Stream.php
 
 		-
-			message: "#^Strict comparison using \\=\\=\\= between false and true will always evaluate to false\\.$#"
+			message: "#^Result of && is always false\\.$#"
 			count: 2
 			path: src/UploadedFile.php
 
 		-
-			message: "#^Result of && is always false\\.$#"
+			message: "#^Strict comparison using \\=\\=\\= between false and true will always evaluate to false\\.$#"
 			count: 2
 			path: src/UploadedFile.php
-
-		-
-			message: "#^Result of && is always false\\.$#"
-			count: 1
-			path: src/Stream.php
-

phpstan.neon.dist

@@ -1,5 +1,5 @@
 includes:
-    - phpstan.baseline.dist
+    - phpstan-baseline.neon
 
 parameters:
     level: 5

psalm.baseline.xml

@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<files psalm-version="4.30.0@d0bc6e25d89f649e4f36a534f330f8bb4643dd69">
+  <file src="src/Stream.php">
+    <NoValue occurrences="1">
+      <code>return \trigger_error((string) $e, \E_USER_ERROR);</code>
+    </NoValue>
+  </file>
+</files>

psalm.xml

@@ -5,6 +5,8 @@
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
     xmlns="https://getpsalm.org/schema/config"
     xsi:schemaLocation="https://getpsalm.org/schema/config vendor/vimeo/psalm/config.xsd"
+
+    errorBaseline="psalm.baseline.xml"
 >
     <projectFiles>
         <directory name="src" />

src/MessageTrait.php

@@ -187,7 +187,7 @@ private function setHeaders(array $headers): void
      */
     private function validateAndTrimHeader($header, $values): array
     {
-        if (!\is_string($header) || 1 !== \preg_match("@^[!#$%&'*+.^_`|~0-9A-Za-z-]+$@", $header)) {
+        if (!\is_string($header) || 1 !== \preg_match("@^[!#$%&'*+.^_`|~0-9A-Za-z-]+$@D", $header)) {
             throw new \InvalidArgumentException('Header name must be an RFC 7230 compatible string');
         }
 
@@ -207,7 +207,7 @@ private function validateAndTrimHeader($header, $values): array
         // Assert Non empty array
         $returnValues = [];
         foreach ($values as $v) {
-            if ((!\is_numeric($v) && !\is_string($v)) || 1 !== \preg_match("@^[ \t\x21-\x7E\x80-\xFF]*$@", (string) $v)) {
+            if ((!\is_numeric($v) && !\is_string($v)) || 1 !== \preg_match("@^[ \t\x21-\x7E\x80-\xFF]*$@D", (string) $v)) {
                 throw new \InvalidArgumentException('Header values must be RFC 7230 compatible strings');
             }
 

src/Uri.php

@@ -303,7 +303,7 @@ private function filterPort($port): ?int
         }
 
         $port = (int) $port;
-        if (0 > $port || 0xffff < $port) {
+        if (0 > $port || 0xFFFF < $port) {
             throw new \InvalidArgumentException(\sprintf('Invalid port: %d. Must be between 0 and 65535', $port));
         }
 

tests/Integration/RequestTest.php

@@ -1,10 +1,10 @@
-<?php
+<?php declare(strict_types=1);
 
 namespace Tests\Nyholm\Psr7\Integration;
 
-use Psr\Http\Message\RequestInterface;
 use Http\Psr7Test\RequestIntegrationTest;
 use Nyholm\Psr7\Request;
+use Psr\Http\Message\RequestInterface;
 
 class RequestTest extends RequestIntegrationTest
 {

tests/Integration/ResponseTest.php

@@ -1,10 +1,10 @@
-<?php
+<?php declare(strict_types=1);
 
 namespace Tests\Nyholm\Psr7\Integration;
 
-use Psr\Http\Message\ResponseInterface;
 use Http\Psr7Test\ResponseIntegrationTest;
 use Nyholm\Psr7\Response;
+use Psr\Http\Message\ResponseInterface;
 
 class ResponseTest extends ResponseIntegrationTest
 {

tests/Integration/ServerRequestTest.php

@@ -1,10 +1,10 @@
-<?php
+<?php declare(strict_types=1);
 
 namespace Tests\Nyholm\Psr7\Integration;
 
-use Psr\Http\Message\ServerRequestInterface;
 use Http\Psr7Test\ServerRequestIntegrationTest;
 use Nyholm\Psr7\ServerRequest;
+use Psr\Http\Message\ServerRequestInterface;
 
 class ServerRequestTest extends ServerRequestIntegrationTest
 {

tests/Integration/StreamTest.php

@@ -1,10 +1,10 @@
-<?php
+<?php declare(strict_types=1);
 
 namespace Tests\Nyholm\Psr7\Integration;
 
-use Psr\Http\Message\StreamInterface;
 use Http\Psr7Test\StreamIntegrationTest;
 use Nyholm\Psr7\Stream;
+use Psr\Http\Message\StreamInterface;
 
 class StreamTest extends StreamIntegrationTest
 {

tests/Integration/UploadedFileTest.php

@@ -1,11 +1,11 @@
-<?php
+<?php declare(strict_types=1);
 
 namespace Tests\Nyholm\Psr7\Integration;
 
-use Psr\Http\Message\UploadedFileInterface;
 use Http\Psr7Test\UploadedFileIntegrationTest;
 use Nyholm\Psr7\Factory\Psr17Factory;
 use Nyholm\Psr7\Stream;
+use Psr\Http\Message\UploadedFileInterface;
 
 class UploadedFileTest extends UploadedFileIntegrationTest
 {

tests/Integration/UriTest.php

@@ -1,10 +1,10 @@
-<?php
+<?php declare(strict_types=1);
 
 namespace Tests\Nyholm\Psr7\Integration;
 
-use Psr\Http\Message\UriInterface;
 use Http\Psr7Test\UriIntegrationTest;
 use Nyholm\Psr7\Uri;
+use Psr\Http\Message\UriInterface;
 
 class UriTest extends UriIntegrationTest
 {