Cast header names to string prior to validation and disable tests tha…

…t prohibit numeric header names This is a BC break because this change allows numeric header names where previously they would have caused an exception Signed-off-by: George Steel <george@net-glue.co.uk>
laminas · Sep 4, 2024 · 0962c50 · 0962c50
1 parent 3d3db29
commit 0962c50
Show file tree

Hide file tree

Showing 4 changed files with 26 additions and 23 deletions.
diff --git a/psalm-baseline.xml b/psalm-baseline.xml
@@ -45,21 +45,9 @@
       <code><![CDATA[$this->headerNames[strtolower($header)]]]></code>
       <code><![CDATA[$this->headerNames[strtolower($name)]]]></code>
     </InvalidArrayOffset>
-    <InvalidPropertyAssignmentValue>
-      <code><![CDATA[$headerNames]]></code>
-    </InvalidPropertyAssignmentValue>
-    <MixedArgumentTypeCoercion>
-      <code><![CDATA[$header]]></code>
-      <code><![CDATA[$header]]></code>
-      <code><![CDATA[$header]]></code>
-      <code><![CDATA[$header]]></code>
-    </MixedArgumentTypeCoercion>
     <MixedAssignment>
       <code><![CDATA[$value]]></code>
     </MixedAssignment>
-    <MixedPropertyTypeCoercion>
-      <code><![CDATA[$headers]]></code>
-    </MixedPropertyTypeCoercion>
     <ParamNameMismatch>
       <code><![CDATA[$header]]></code>
       <code><![CDATA[$header]]></code>

diff --git a/src/MessageTrait.php b/src/MessageTrait.php
@@ -10,6 +10,7 @@
 use function array_map;
 use function array_merge;
 use function array_values;
+use function assert;
 use function implode;
 use function is_array;
 use function is_resource;
@@ -330,9 +331,15 @@ private function setHeaders(array $originalHeaders): void
         $headerNames = $headers = [];
 
         foreach ($originalHeaders as $header => $value) {
-            $value = $this->filterHeaderValue($value);
+            /**
+             * Header names should be cast to a string because (valid) numeric header names will be automatically
+             * cast to an integer by PHP when used as an array key.
+             */
+            $header = (string) $header;
+            $value  = $this->filterHeaderValue($value);
 
             $this->assertHeader($header);
+            assert($header !== '');
 
             $headerNames[strtolower($header)] = $header;
             $headers[$header]                 = $value;

diff --git a/test/RequestTest.php b/test/RequestTest.php
@@ -185,11 +185,15 @@ public function testConstructorRaisesExceptionForInvalidBody(mixed $body): void
     public static function invalidHeaderTypes(): array
     {
         return [
-            'indexed-array' => [[['INVALID']], 'header name'],
-            'null'          => [['x-invalid-null' => null]],
-            'true'          => [['x-invalid-true' => true]],
-            'false'         => [['x-invalid-false' => false]],
-            'object'        => [['x-invalid-object' => (object) ['INVALID']]],
+            /**
+             * Indexed array test is disabled and left as a note because according to RFC 7230, numeric header names
+             * are valid
+             */
+            //'indexed-array' => [[['INVALID']], 'header name'], Integer Header names are effectively valid
+            'null'   => [['x-invalid-null' => null]],
+            'true'   => [['x-invalid-true' => true]],
+            'false'  => [['x-invalid-false' => false]],
+            'object' => [['x-invalid-object' => (object) ['INVALID']]],
         ];
     }
 

diff --git a/test/ResponseTest.php b/test/ResponseTest.php
@@ -276,11 +276,15 @@ public function testConstructorRaisesExceptionForInvalidBody(mixed $body): void
     public static function invalidHeaderTypes(): array
     {
         return [
-            'indexed-array' => [[['INVALID']], 'header name'],
-            'null'          => [['x-invalid-null' => null]],
-            'true'          => [['x-invalid-true' => true]],
-            'false'         => [['x-invalid-false' => false]],
-            'object'        => [['x-invalid-object' => (object) ['INVALID']]],
+            /**
+             * Indexed array test is disabled and left as a note because according to RFC 7230, numeric header names
+             * are valid
+             */
+            //'indexed-array' => [[['INVALID']], 'header name'], Integer/Numeric header names are valid
+            'null'   => [['x-invalid-null' => null]],
+            'true'   => [['x-invalid-true' => true]],
+            'false'  => [['x-invalid-false' => false]],
+            'object' => [['x-invalid-object' => (object) ['INVALID']]],
         ];
     }