Merge branch 'hotfix/99'

weierophinney · weierophinney · commit 13a46266e3da · 2015-12-15T11:36:21.000-06:00
Close #99
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -24,6 +24,15 @@ All notable changes to this project will be documented in this file, in reverse
   in the cloned instance.
 - [#103](https://github.com/zendframework/zend-diactoros/pull/103) fixes the
   constructor of `Response` to ensure that null status codes are not possible.
+- [#99](https://github.com/zendframework/zend-diactoros/pull/99) fixes
+  validation of header values submitted via request and response constructors as
+  follows:
+  - numeric (integer and float) values are now properly allowed (this solves
+    some reported issues with setting Content-Length headers)
+  - invalid header names (non-string values or empty strings) now raise an
+    exception.
+  - invalid individual header values (non-string, non-numeric) now raise an
+    exception.
 
 ## 1.2.0 - 2015-11-24
 
diff --git a/src/MessageTrait.php b/src/MessageTrait.php
@@ -337,11 +337,28 @@ private function filterHeaders(array $originalHeaders)
         $headerNames = $headers = [];
         foreach ($originalHeaders as $header => $value) {
             if (! is_string($header)) {
-                continue;
+                throw new InvalidArgumentException(sprintf(
+                    'Invalid header name; expected non-empty string, received %s',
+                    gettype($header)
+                ));
             }
 
-            if (! is_array($value) && ! is_string($value)) {
-                continue;
+            if (! is_array($value) && ! is_string($value) && ! is_numeric($value)) {
+                throw new InvalidArgumentException(sprintf(
+                    'Invalid header value type; expected number, string, or array; received %s',
+                    (is_object($value) ? get_class($value) : gettype($value))
+                ));
+            }
+
+            if (is_array($value)) {
+                array_walk($value, function ($item) {
+                    if (! is_string($item) && ! is_numeric($item)) {
+                        throw new InvalidArgumentException(sprintf(
+                            'Invalid header value type; expected number, string, or array; received %s',
+                            (is_object($item) ? get_class($item) : gettype($item))
+                        ));
+                    }
+                });
             }
 
             if (! is_array($value)) {
diff --git a/test/MessageTraitTest.php b/test/MessageTraitTest.php
@@ -9,8 +9,10 @@
 
 namespace ZendTest\Diactoros;
 
+use InvalidArgumentException;
 use PHPUnit_Framework_TestCase as TestCase;
 use Psr\Http\Message\MessageInterface;
+use ReflectionMethod;
 use Zend\Diactoros\Request;
 
 class MessageTraitTest extends TestCase
@@ -266,4 +268,84 @@ public function testWithAddedHeaderAllowsHeaderContinuations()
         $message = $this->message->withAddedHeader('X-Foo-Bar', "value,\r\n second value");
         $this->assertEquals("value,\r\n second value", $message->getHeaderLine('X-Foo-Bar'));
     }
+
+    public function testNumericHeaderValues()
+    {
+        return [
+            'integer' => [ 123 ],
+            'float'   => [ 12.3 ],
+        ];
+    }
+
+    /**
+     * @dataProvider testNumericHeaderValues
+     * @group 99
+     */
+    public function testFilterHeadersShouldAllowIntegersAndFloats($value)
+    {
+        $filter = new ReflectionMethod($this->message, 'filterHeaders');
+        $filter->setAccessible(true);
+        $headers = [
+            'X-Test-Array'  => [ $value ],
+            'X-Test-Scalar' => $value,
+        ];
+        $test = $filter->invoke($this->message, $headers);
+        $this->assertEquals([
+            [
+                'x-test-array'  => 'X-Test-Array',
+                'x-test-scalar' => 'X-Test-Scalar',
+            ],
+            [
+                'X-Test-Array'  => [ $value ],
+                'X-Test-Scalar' => [ $value ],
+            ]
+        ], $test);
+    }
+
+    public function invalidHeaderValueTypes()
+    {
+        return [
+            'null'   => [null],
+            'true'   => [true],
+            'false'  => [false],
+            'object' => [(object) ['header' => ['foo', 'bar']]],
+        ];
+    }
+
+    public function invalidArrayHeaderValues()
+    {
+        $values = $this->invalidHeaderValueTypes();
+        $values['array'] = [['INVALID']];
+        return $values;
+    }
+
+    /**
+     * @dataProvider invalidArrayHeaderValues
+     * @group 99
+     */
+    public function testFilterHeadersShouldRaiseExceptionForInvalidHeaderValuesInArrays($value)
+    {
+        $filter = new ReflectionMethod($this->message, 'filterHeaders');
+        $filter->setAccessible(true);
+        $headers = [
+            'X-Test-Array'  => [ $value ],
+        ];
+        $this->setExpectedException('InvalidArgumentException', 'header value type');
+        $filter->invoke($this->message, $headers);
+    }
+
+    /**
+     * @dataProvider invalidHeaderValueTypes
+     * @group 99
+     */
+    public function testFilterHeadersShouldRaiseExceptionForInvalidHeaderScalarValues($value)
+    {
+        $filter = new ReflectionMethod($this->message, 'filterHeaders');
+        $filter->setAccessible(true);
+        $headers = [
+            'X-Test-Scalar' => $value,
+        ];
+        $this->setExpectedException('InvalidArgumentException', 'header value type');
+        $filter->invoke($this->message, $headers);
+    }
 }
diff --git a/test/RequestTest.php b/test/RequestTest.php
@@ -9,6 +9,7 @@
 
 namespace ZendTest\Diactoros;
 
+use InvalidArgumentException;
 use PHPUnit_Framework_TestCase as TestCase;
 use Zend\Diactoros\Request;
 use Zend\Diactoros\Stream;
@@ -192,24 +193,25 @@ public function testConstructorRaisesExceptionForInvalidBody($body)
         new Request(null, null, $body);
     }
 
-    public function testConstructorIgonoresInvalidHeaders()
+    public function invalidHeaderTypes()
     {
-        $headers = [
-            [ 'INVALID' ],
-            'x-invalid-null' => null,
-            'x-invalid-true' => true,
-            'x-invalid-false' => false,
-            'x-invalid-int' => 1,
-            'x-invalid-object' => (object) ['INVALID'],
-            'x-valid-string' => 'VALID',
-            'x-valid-array' => [ 'VALID' ],
-        ];
-        $expected = [
-            'x-valid-string' => [ 'VALID' ],
-            'x-valid-array' => [ 'VALID' ],
+        return [
+            'indexed-array' => [[['INVALID']], 'header name'],
+            'null' => [['x-invalid-null' => null]],
+            'true' => [['x-invalid-true' => true]],
+            'false' => [['x-invalid-false' => false]],
+            'object' => [['x-invalid-object' => (object) ['INVALID']]],
         ];
-        $request = new Request(null, null, 'php://memory', $headers);
-        $this->assertEquals($expected, $request->getHeaders());
+    }
+
+    /**
+     * @dataProvider invalidHeaderTypes
+     * @group 99
+     */
+    public function testConstructorRaisesExceptionForInvalidHeaders($headers, $contains = 'header value type')
+    {
+        $this->setExpectedException('InvalidArgumentException', $contains);
+        new Request(null, null, 'php://memory', $headers);
     }
 
     public function testRequestTargetIsSlashWhenNoUriPresent()
diff --git a/test/ResponseTest.php b/test/ResponseTest.php
@@ -9,6 +9,7 @@
 
 namespace ZendTest\Diactoros;
 
+use InvalidArgumentException;
 use PHPUnit_Framework_TestCase as TestCase;
 use Zend\Diactoros\Response;
 use Zend\Diactoros\Stream;
@@ -135,24 +136,26 @@ public function testConstructorRaisesExceptionForInvalidBody($body)
         new Response($body);
     }
 
-    public function testConstructorIgonoresInvalidHeaders()
+
+    public function invalidHeaderTypes()
     {
-        $headers = [
-            [ 'INVALID' ],
-            'x-invalid-null' => null,
-            'x-invalid-true' => true,
-            'x-invalid-false' => false,
-            'x-invalid-int' => 1,
-            'x-invalid-object' => (object) ['INVALID'],
-            'x-valid-string' => 'VALID',
-            'x-valid-array' => [ 'VALID' ],
-        ];
-        $expected = [
-            'x-valid-string' => [ 'VALID' ],
-            'x-valid-array' => [ 'VALID' ],
+        return [
+            'indexed-array' => [[['INVALID']], 'header name'],
+            'null' => [['x-invalid-null' => null]],
+            'true' => [['x-invalid-true' => true]],
+            'false' => [['x-invalid-false' => false]],
+            'object' => [['x-invalid-object' => (object) ['INVALID']]],
         ];
-        $response = new Response('php://memory', 200, $headers);
-        $this->assertEquals($expected, $response->getHeaders());
+    }
+
+    /**
+     * @dataProvider invalidHeaderTypes
+     * @group 99
+     */
+    public function testConstructorRaisesExceptionForInvalidHeaders($headers, $contains = 'header value type')
+    {
+        $this->setExpectedException('InvalidArgumentException', $contains);
+        new Response('php://memory', 200, $headers);
     }
 
     public function testInvalidStatusCodeInConstructor()
