Comments (8)
Xerkus
commented on May 24, 2024
1
Nevermind. I tested it wrong and missed default method value in the trait.
laminas-diactoros/src/RequestTrait.php
Line 34 in 800f287
This is already handled.
from laminas-diactoros.
weierophinney
commented on May 24, 2024
What would you consider a valid default? GET? HEAD? OPTIONS?
Additionally, IIRC, somebody presented a use case for allowing a nullable
method, so we'll need to see if those needs are still valid, and how to
handle that with the concept of a default.
On Mar 4, 2016 8:30 PM, "Marco Pivetta" [email protected] wrote:
Discovered while digging in php-http/curl-client#14
php-http/curl-client#14Apparently, diactoros defaults the HTTP method when building a new
Request('http://example.com') to '' (empty string). As far as I know, an
empty string is not a valid HTTP method (not sure if that assumption is
reflected in the HTTP spec), and therefore the initial state of a diactoros
HTTP request is invalid, and should lead to an exception.—
Reply to this email directly or view it on GitHub
zendframework/zend-diactoros#150.
Originally posted by @weierophinney at zendframework/zend-diactoros#150 (comment)
from laminas-diactoros.
weierophinney
commented on May 24, 2024
What would you consider a valid default? GET? HEAD? OPTIONS?
That is a good question, but I'm fairly sure that 90% of the web traffic is just GET, so going with that is a quite decent choice.
That would just be the default value, but the idea is to simply reject anything that isn't a valid HTTP method. For example, HTTP methods with invalid characters should also be rejected (spaces are one simple case that can be handled).
Overall, this logic can be encapsulated in a tiny HttpMethod value object, which doesn't need to be exposed to userland.
Originally posted by @Ocramius at zendframework/zend-diactoros#150 (comment)
from laminas-diactoros.
weierophinney
commented on May 24, 2024
I've just remembered that i implemented psr-7 starting from phly/http and added a default method in the constructor ('GET') and a simple http-method filtering method (mwop would have nameed it marhallMethod). Juts to get an idea form ths code fragment
//...
protected static $validMethods = [
'OPTIONS' => true,
'GET' => true,
'HEAD' => true,
'POST' => true,
'PUT' => true,
'DELETE' => true,
'TRACE' => true,
'CONNECT' => true,
'PATCH' => true,
'PROPFIND' => true,
];
/**
* Array of possible CSRF Header names
* @var array
*/
protected static $csrfHeaderNames = [
'X-CSRF-Token',
'X-CSRFToken',
'X-XSRF-TOKEN',
];
/**
* Constructor
* @param UriInterface $uri
* @param string $method
* @param array $headers
* @param Stream|resource|string $body
* @param string $protocolVersion
* @throws InvalidArgumentExceptions
*/
public function __construct(
$uri = null,
$method = 'GET',
$headers = [],
$body = 'php://temp',
$protocolVersion = '1.1'
) {
parent::__construct($protocolVersion, $headers, $body);
$this->method = $this->filterMethod($method);
// Initialize uri from constructor argument or build uri from request
// environment
if (null === $uri) {
$this->uri = new Uri('');
} else if (is_string($uri)) {
$this->uri = new Uri($uri);
} elseif($uri instanceof UriInterface) {
$this->uri = $uri;
} else {
throw new InvalidArgumentException(
'The constructor $uri must be a string, an instance of UriInterface or null'
);
}
}
//...
/**
* Validate the HTTP method
*
* @param null|string $method
* @throws InvalidArgumentException on invalid HTTP method.
*/
protected function filterMethod($method)
{
if (null === $method) {
return 'GET';
}
if (! is_string($method)) {
throw new InvalidArgumentException(
'The HTTP method must be a string'
);
}
$method = strtoupper($method);
if (! isset(static::$validMethods[$method])) {
throw new InvalidArgumentException(sprintf(
'Unsupported HTTP method "%s"',
$method
));
}
return $method;
}Originally posted by @pine3ree at zendframework/zend-diactoros#150 (comment)
from laminas-diactoros.
Xerkus
commented on May 24, 2024
@Ocramius is this still relevant?
from laminas-diactoros.
Ocramius
commented on May 24, 2024
Haven't used it in a while, but I don't remember us validating this input anywhere.
from laminas-diactoros.
Xerkus
commented on May 24, 2024
@Ocramius behavior is unchanged since the issue was opened. I was rather asking if it is a behavior that you still think needs to be changed.
from laminas-diactoros.
Ocramius
commented on May 24, 2024
Yeah, I'd say that an empty HTTP method is not viable, so we'd need some default or some exception
from laminas-diactoros.
Related Issues (20)
- Dependency Dashboard
- Multiple use of the UploadedFile object in PHPUnit test cases with the same file results in errors - File is consumed HOT 2
- `UploadedFile::moveTo()` doesn't remove the original file when used in CLI context and keep grab the handle. HOT 1
- `FilterUsingXForwardedHeaders` should correctly deal with `<host>:<port>` pair in `X-FORWARDED-HOST` header HOT 9
- [RFC]: Allow better constraint handling for PHP HOT 2
- Could ServerRequestFactory::marshallUriFromSapi() be made public? HOT 4
- Update to PSR-7 1.1/2.0 HOT 2
- Remove image stream compatibility from `Stream`
- CVE-2023-29530: Fix For PHP 7.4 HOT 16
- CLI command to register diactoros as pinned for `php-http/discovery`
- Drop deprecated function marshalUriFromSapi
- PhpInputStream::getContent() inconsistency HOT 9
- RFC: Read php input stream content into php temp stream to allow all stream features in PhpInputStream HOT 1
- Numeric header names handling in PSR-7 message objects
- V3 getBody()->getContents() no longer returns full stream on second call HOT 3
- `composer.json` provides non-existing versions of `psr/http-factory`
- Error with HTTP2 and NGINX
- PSR-7 Integration Tests Failing HOT 2
- Build is failing because of an update of the iata status code phrases
- Multipart Stream Factory HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from laminas-diactoros.