[BUGFIX] Don't break on numeric $_SERVER keys 36/62736/5
authorDaniel Siepmann <daniel.siepmann@typo3.org>
Tue, 17 Dec 2019 21:23:08 +0000 (22:23 +0100)
committerBenni Mack <benni@typo3.org>
Thu, 16 Jan 2020 14:37:03 +0000 (15:37 +0100)
Prevent PHP TypeError when creating request from globals containing
numeric keys.

Resolves: #89980
Releases: master
Change-Id: I4c22891a0a341b11cb6c9a42923dadeb45a07524
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/62736
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Susanne Moog <look@susi.dev>
Tested-by: Felix P. <f.pachowsky@neusta.de>
Tested-by: Alexander Schnitzler <review.typo3.org@alexanderschnitzler.de>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Susanne Moog <look@susi.dev>
Reviewed-by: Felix P. <f.pachowsky@neusta.de>
Reviewed-by: Alexander Schnitzler <review.typo3.org@alexanderschnitzler.de>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Benni Mack <benni@typo3.org>
typo3/sysext/core/Classes/Http/ServerRequestFactory.php
typo3/sysext/core/Tests/Unit/Http/ServerRequestFactoryTest.php

index 964a3a0..6cfa8ed 100644 (file)
@@ -98,6 +98,9 @@ class ServerRequestFactory implements ServerRequestFactoryInterface
     {
         $headers = [];
         foreach ($server as $key => $value) {
+            if (!is_string($key)) {
+                continue;
+            }
             if (strpos($key, 'HTTP_COOKIE') === 0) {
                 // Cookies are handled using the $_COOKIE superglobal
                 continue;
index 5281f80..e07c99e 100644 (file)
@@ -17,6 +17,7 @@ namespace TYPO3\CMS\Core\Tests\Unit\Http;
 
 use Psr\Http\Message\ServerRequestFactoryInterface;
 use Psr\Http\Message\ServerRequestInterface;
+use TYPO3\CMS\Core\Http\ServerRequest;
 use TYPO3\CMS\Core\Http\ServerRequestFactory;
 use TYPO3\CMS\Core\Http\UploadedFile;
 use TYPO3\TestingFramework\Core\Unit\UnitTestCase;
@@ -203,4 +204,19 @@ class ServerRequestFactoryTest extends UnitTestCase
 
         self::assertEmpty($uploadedFiles);
     }
+
+    /**
+     * @test
+     */
+    public function handlesNumericKeys()
+    {
+        $_SERVER['HTTP_HOST'] = 'localhost';
+        $_SERVER['REQUEST_URI'] = '/index.php';
+        $_SERVER[1] = '1';
+
+        $request = ServerRequestFactory::fromGlobals();
+
+        self::assertInstanceOf(ServerRequest::class, $request, '$_SERVER with numeric key prevented creation.');
+        self::assertEquals([], $request->getHeader('1'), 'Numeric keys are not processed, default empty array should be returned.');
+    }
 }