Cookie: add input validation #609
Merged
Commits on Nov 15, 2021
-
Cookie::__construct(): add input validation
This commit adds input validation for all parameters of the `Cookie::__construct()` method: * For `$name` and `$value`, I've chosen to only accept plain strings and not `Stringable` objects. * The `$attributes` parameter accepts an array or an instance of `CaseInsensitiveDictionary` according to the docs, but the important thing about the `CaseInsensitiveDictionary` part is that if the parameter is passed as an object, it needs to have both `ArrayAccess`, as well as be `Traversable`, so the input validation checks for those characteristics rather than hard-requiring an instance of `CaseInsensitiveDictionary`. * As the `$flags` parameter is used with `array_merge()`, we cannot accept objects, so an array is the only valid input type. * As for `$reference_time`: as the default value is set using `time()`, which returns an integer time stamp, I've implemented the input validation to expect an integer. Includes tests for these new exceptions.
-
Cookie::domain_matches(): add input validation
As this method only returns `boolean`, we may as well return boolean `false` instead of throwing an exception. Includes tests.
-
Cookie::path_matches(): add input validation
As this method only returns `boolean`, we may as well return boolean `false` instead of throwing an exception. The input validation in this case is not done at the very start of the function to prevent changing the behaviour of the function for those cases which were already being handled by the method. This is also the reason for using `is_scalar()` instead of `is_string()`. Includes tests.
-
Cookie::parse(): add input validation
This adds input validation to the `Cookie::parse()` method for the `$cookie_header` and `$name` parameters. As the `$reference_time` parameter is not directly used in this method, but only passed through to the `Cookie::__construct()` method, no input validation has been added, as it will be validated by the `Cookie::__construct()` method. Includes tests for the new exceptions + a test to safeguard that the "fall through validation for the `$reference_time`" actually happens. Includes fixing up two tests which were passing the wrong value type for an optional parameter.
-
Cookie::parse_from_headers(): add test safeguarding input validation
The first and second argument for the `Cookie::parse_from_headers()` method already have (class-based) type declarations. The third argument - `$time` - is only used to pass it through to the `parse()` method, which will subsequently pass it through to the class constructor which contains input validation for the parameter. This just adds a test to safeguard that the "fall through" validation for the `$time` parameter actually happens.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.