Description
Bug Report
| Q | A |
|---|---|
| Version(s) | 2.15.0 |
Summary
Header handling in the dependency for laminas/laminas-http has an error when it receives a header that it treats as a single string first followed by an array type header with the same data. Because the header has already been set like a string, the call to set it as an array fails.
I am fully aware that laminas/laminas-http is in security only support now which is why I'm posting the bug report to laminas-feed where the issue is manifesting. Laminas-Feed should be updated to use PSR-7 or the bug should be fixed.
Current behavior
When sending a request to an RSS feed that delivers the header twice, first as a string, then as an array, Laminas reports
PHP Error: [] operator not supported for strings in /var/www/vendor/laminas/laminas-http/src/Headers.php on line 454
How to reproduce
This occurs specifically when utilizing Google's news search to RSS feed approach. It returns two sets of Content-Security-Policy headers.
When set in the order of
require-trusted-types-for 'script';report-uri /_/DotsSplashUi/cspreport
followed by
script-src 'report-sample' 'nonce-e2kBBs8/LEHElepgO1hnkA' 'unsafe-inline'; object-src 'none'; base-uri 'self'; report-uri /_/DotsSplashUi/cspreport; worker-src 'self';
Laminas-http fails.
However, it does so inconsisently because the responding server does not always send the headers back in the same order. If the headers are sent back in the reverse order, the process succeeds, but actually overwrites the array header with the string header.
To reproduce, run this multiple times.
$url = 'https://news.google.com/rss/search?q=%22ecommerce%22+when%3A7d&hl=en-US&gl=US&ceid=US%3Aen';
$feed_result = \Laminas\Feed\Reader\Reader::import($feed_url);Expected behavior
We should expect the headers to be assembled even if an array type is passed to the client after a string type.
Activity