Add input validation #593
Labels
Milestone
Comments
This was referenced Nov 7, 2021
|
Closing as all related PRs have been merged. |
4 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This is just an issue to track which classes have been reviewed for missing input validation and the associated PRs adding the input validation.
Input validation is being added to all entry point methods for each class with an
InvalidArgumentexception being thrown for invalid parameter types. As this may break existing uses of Requests, this input validation needs to be added in the 2.0.0 release.Action list
WpOrg\Requests\Auth\Basic- PR Auth\Basic: add input validation to constructor #574WpOrg\Requests\Autoload- No additional input validation needed, theAutoload::load()method should only ever by called by PHP itself.WpOrg\Requests\Cookie- PR Cookie: add input validation #609WpOrg\Requests\Cookie\Jar- PR Cookie\Jar: add input validation #610WpOrg\Requests\Hooks- PR Hooks: add input validation to all methods #573WpOrg\Requests\IdnaEncoder- PR IdnaEncoder::encode(): add input validation #592 (only typical entry point, other methods deemed unnecessary)WpOrg\Requests\Ipv6- PR Class Ipv6: add input validation #601WpOrg\Requests\Iri- PR Class Iri: add input validation #602WpOrg\Requests\Port- Input validation was included when the class was introduced in PR Introduce WpOrg\Requests\Port class #538WpOrg\Requests\Proxy\Http- PR Proxy\Http::__construct(): add input validation #611WpOrg\Requests\Requests- PR Requests: add input validation #621WpOrg\Requests\Response- PR Class Response: improve input handling #603WpOrg\Requests\Response\Headers- PR Response\Headers: add input validation + more defensive coding #605WpOrg\Requests\Session- PR Session: add input validation #620WpOrg\Requests\Ssl- PR Ssl: add input validation to all methods #572WpOrg\Requests\Transport\Curl- PR Transport\Curl/Fsockopen: add input validation #629WpOrg\Requests\Transport\Fsockopen- PR Transport\Curl/Fsockopen: add input validation #629WpOrg\Requests\Utility\CaseInsensitiveDictionary- No changes needed.- The
__construct()method already has a type declared for the parameter.- The
offset*()methods are part ofArrayAccess()and they should not be called directly, but only indirectly and when called that way, will receive the correct input type.- The remaining methods don't take parameters.
WpOrg\Requests\Utility\FilteredIterator- PR Class FilteredIterator: add input validation #604WpOrg\Requests\Utility\InputValidator- Not applicable.WpOrg\Requests\Exception- I'm going to leave this as-is. The important parameters are validated via the PHP nativeExceptionclass, that should be enough.WpOrg\Requests\Exception\ArgumentCount- Only intended for internal use.WpOrg\Requests\Exception\Http- Uses sensible defaults.WpOrg\Requests\Exception\InvalidArgument- Only intended for internal use.WpOrg\Requests\Exception\Transport- Does not contain methods.WpOrg\Requests\Exception\Transport\Curl- Uses sensible defaults.WpOrg\Requests\Exception\Http\Status###- No changes needed, these classes do not contain methods.WpOrg\Requests\Exception\Http\StatusUnknown- Uses sensible defaults.Note: the Requests native Exception classes are already exceptions, so rather than throwing another exception on invalid input, these should defer to sensible default values when invalid input is passed.
The text was updated successfully, but these errors were encountered: