Upgrade PHPUnit to 10.x. Fix Stream conformance #190
Conversation
gsteel
commented
Aug 1, 2024
•
gsteel
commented
| Q | A |
|---|---|
| QA | yes |
|
This uses 1.x-dev of There's no release there yet: php-http/psr7-integration-tests#76 Some failing tests need attention… |
|
The release is here: https://github.com/php-http/psr7-integration-tests/releases/tag/1.4.0 |
|
So we can't upgrade to PHPUnit 10 without first resolving BC issues around numeric header names, and we won't be able to support PHP 8.4 without upgrading to PHPUnit 10. This patch is a BC break (probably) because it casts header names to string prior to validation on the assumption that numeric keys have already been cast to int by PHP. Paging @laminas/technical-steering-committee for input… Do we need to release a major here? |
|
My thoughts are, BC break = Major version bump. What would be the burden/implications from this? |
|
Can you elaborate? Numeric headers can not be handled by the library interface and it can not be resolved. |
Signed-off-by: George Steel <george@net-glue.co.uk>
Signed-off-by: George Steel <george@net-glue.co.uk>
|
Agreed with @Xerkus - header names cannot be purely numeric (and this not integers). If anything, this feels like resolving a potential error for users, and not introducing a break. |
|
It appears to me that tests no longer pass with the previous behaviour of throwing an exception for integer header names when creating the request from globals. To get the integration tests to pass, I've cast numerics to string in the appropriate place, but this is the BC break - currently, users expect integer header names to be exceptional and this patch makes them valid as per RFC whatever. It doesn't affect the existing issue that |
@weierophinney OK - maybe I'm a bit confused here - I thought that numeric header names were valid according to RFC 7230 ?? |
|
Please see the issue I linked and issues it refers to. We can not allow numeric headers. |
|
Please remove type casting for headers from the PR. It hides the issue for the current test implementation. |
|
@Xerkus - I'm going to go back to the drawing board on this patch to identify properly where existing test cases are failing. |
Signed-off-by: George Steel <george@net-glue.co.uk>
Signed-off-by: George Steel <george@net-glue.co.uk>
Signed-off-by: George Steel <george@net-glue.co.uk>
|
@gsteel for context, we filtered out numeric headers from globals when request is created but did not forbid numeric headers in the headers security check because @weierophinney wanted to bring it to PHP-FIG first. There are numeric headers in the wild from a random http client as evidenced by the original report but we couldn't identify any valid use case for them. Strictly speaking, unregistered headers not prefixed with |
|
Thanks @Xerkus and @weierophinney So it turns out that I added some failing tests around this during the upgrade to PHPUnit 10. Whilst I was waiting for the integration tests to get released, I forgot I'd added them and assumed they were new failures. Generally speaking, I'm just a bit of an idiot!! Sorry for wasting everyone's time - this should be a straight-forward review now. |
This is no longer true with RFC9110, where Section 16.3.2.1 states:
Numeric only field names are discouraged, but not illegal:
|
I was not aware we got newer RFC on this. Thank you. |
Signed-off-by: George Steel <george@net-glue.co.uk>
| <code><![CDATA[! $crFound]]></code> | ||
| <code><![CDATA[! $crFound]]></code> |
There was a problem hiding this comment.
I wonder if this CDATA thrashing in the baseline is due to different xml libraries available when baseline is updated.
There was a problem hiding this comment.
Maybe - I have libxml 2.9.13 locally for PHP 8.1
…onditions Signed-off-by: George Steel <george@net-glue.co.uk>
Xerkus
changed the title
|
@gsteel Thank you |
