Integer strings have the nasty habit of being cast to actual integers by PHP, making them problematic for usage in an associative array, despite being valid per the RFC 7230 ABNF.
Additionally, having them pass through marshal_headers_from_sapi() means that once ServerRequest gets them and tries to use them, HeaderSecurity::assertValidName() will raise an exception for integers, which could lead to unexpected server errors.
This patch chooses to filter such header names out entirely.
It also documents the change, and ways to address it if you previously depended on integer header field names.
Description
Integer strings have the nasty habit of being cast to actual integers by PHP, making them problematic for usage in an associative array, despite being valid per the RFC 7230 ABNF.
Additionally, having them pass through
marshal_headers_from_sapi()means that onceServerRequestgets them and tries to use them,HeaderSecurity::assertValidName()will raise an exception for integers, which could lead to unexpected server errors.This patch chooses to filter such header names out entirely. It also documents the change, and ways to address it if you previously depended on integer header field names.
Fixes #11