Response\Headers: add input validation + more defensive coding #605
Commits on Nov 7, 2021
-
Class Response\Headers: add input validation
This commit adds input validation to the `getValues()` and `flatten()` methods in the `Response\Headers` class. * The `getValues()` method is only set up to handle integer/string array keys, so should not accept any other type of array key. * The `flatten()` method is set up to only handle string or array values to flatten, so should not accept any other type of value. Throwing the exception constitutes a BC-break as previously non-string, non-array values would be returned as-is, while now an exception will be thrown. All the same, in those cases, the return type would previously not comply with the documented behaviour of the method, so this could be considered a bug fix. As for the other methods: * The `public` ArrayAccess/ArrayIterator methods should not need additional input validation as they should not be called directly, but only indirectly and when called that way, will receive the correct input type. Includes adding perfunctory tests for the added input validation and for the `flatten()` method in general. -
Response\Headers: add more defensive coding
The `Response\Headers` class extends the `CaseInsensitiveDictionary`. In the second commit of PR 558, extra defensive coding was added to the `offsetGet()` and `offsetSet()` methods to prevent passing non-string keys to the PHP native `strtolower()` method. As per the commit message of that commit: > The use of `strtolower()` on non-string keys, is 1) not necessary and 2) had side-effects when non-string keys were used as those were then cast to string... > > While this class is intended to be used with requests headers, the class in itself is not limited to this use-case, so should function as per the specifications, independently of the use-case. This commit applies the same fixes to the `Response\Headers::offsetGet()` and `Response\Headers::offsetSet()` methods. Includes adding unit tests covering the changes.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.