Merge pull request #47 from mtymek/improve_header_security_performance

weierophinney · weierophinney · commit 0a78b7141d8e · 2015-06-04T12:45:59.000-05:00
improve header validation speed
diff --git a/src/HeaderSecurity.php b/src/HeaderSecurity.php
@@ -106,23 +106,15 @@ public static function isValid($value)
             return false;
         }
 
-        $length = strlen($value);
-        for ($i = 0; $i < $length; $i += 1) {
-            $ascii = ord($value[$i]);
-
-            // Non-visible, non-whitespace characters
-            // 9 === horizontal tab
-            // 10 === line feed
-            // 13 === carriage return
-            // 32-126, 128-254 === visible
-            // 127 === DEL
-            // 255 === null byte
-            if (($ascii < 32 && ! in_array($ascii, [9, 10, 13], true))
-                || $ascii === 127
-                || $ascii > 254
-            ) {
-                return false;
-            }
+        // Non-visible, non-whitespace characters
+        // 9 === horizontal tab
+        // 10 === line feed
+        // 13 === carriage return
+        // 32-126, 128-254 === visible
+        // 127 === DEL (disallowed)
+        // 255 === null byte (disallowed)
+        if (preg_match('/[^\x09\x0a\x0d\x20-\x7E\x80-\xFE]/', $value)) {
+            return false;
         }
 
         return true;
diff --git a/test/HeaderSecurityTest.php b/test/HeaderSecurityTest.php
@@ -54,19 +54,22 @@ public function testFiltersValuesPerRfc7230($value, $expected)
 
     public function validateValues()
     {
-        return [
-            ["This is a\n test", 'assertFalse'],
-            ["This is a\r test", 'assertFalse'],
-            ["This is a\n\r test", 'assertFalse'],
-            ["This is a\r\n  test", 'assertTrue'],
-            ["This is a \r\ntest", 'assertFalse'],
-            ["This is a \r\n\n test", 'assertFalse'],
-            ["This is a\n\n test", 'assertFalse'],
-            ["This is a\r\r test", 'assertFalse'],
-            ["This is a \r\r\n test", 'assertFalse'],
-            ["This is a \r\n\r\ntest", 'assertFalse'],
-            ["This is a \r\n\n\r\n test", 'assertFalse']
-        ];
+        return array(
+            array("This is a\n test", 'assertFalse'),
+            array("This is a\r test", 'assertFalse'),
+            array("This is a\n\r test", 'assertFalse'),
+            array("This is a\r\n  test", 'assertTrue'),
+            array("This is a \r\ntest", 'assertFalse'),
+            array("This is a \r\n\n test", 'assertFalse'),
+            array("This is a\n\n test", 'assertFalse'),
+            array("This is a\r\r test", 'assertFalse'),
+            array("This is a \r\r\n test", 'assertFalse'),
+            array("This is a \r\n\r\ntest", 'assertFalse'),
+            array("This is a \r\n\n\r\n test", 'assertFalse'),
+            array("This is a \xFF test", 'assertFalse'),
+            array("This is a \x7F test", 'assertFalse'),
+            array("This is a \x7E test", 'assertTrue'),
+        );
     }
 
     /**
