Open crscheid opened 3 years ago
@crscheid
Laminas-Feed should be updated to use PSR-7…
You can already use a PSR-7 client. Example:
Laminas\Feed\Reader\Reader::setHttpClient(
new class implements Laminas\Feed\Reader\Http\ClientInterface {
public function get($uri)
{
return new Laminas\Feed\Reader\Http\Psr7ResponseDecorator(
(new GuzzleHttp\Client())->request('GET', $uri)
);
}
}
);
$url = 'https://news.google.com/rss/search?q=%22ecommerce%22+when%3A7d&hl=en-US&gl=US&ceid=US%3Aen';
$feed = Laminas\Feed\Reader\Reader::import($url);
echo $feed->getDescription(); // Google News
https://docs.laminas.dev/laminas-feed/psr7-clients/
When sending a request to an RSS feed that delivers the header twice, first as a string, then as an array, Laminas reports
PHP Error: [] operator not supported for strings in /var/www/vendor/laminas/laminas-http/src/Headers.php on line 454
Can you create a test and send it as a pull request? It seems that not all PHP versions are affected. Thanks in advance! 👍
@froschdesign: Thanks for the feedback, I will check using PSR-7 ... more than happy to move beyond the deprecated dependency. Once I do so, let me see if this occurs further. If not, I will close this issue. Thank you.
Bug Report
Summary
Header handling in the dependency for laminas/laminas-http has an error when it receives a header that it treats as a single string first followed by an array type header with the same data. Because the header has already been set like a string, the call to set it as an array fails.
I am fully aware that laminas/laminas-http is in security only support now which is why I'm posting the bug report to laminas-feed where the issue is manifesting. Laminas-Feed should be updated to use PSR-7 or the bug should be fixed.
Current behavior
When sending a request to an RSS feed that delivers the header twice, first as a string, then as an array, Laminas reports
PHP Error: [] operator not supported for strings in /var/www/vendor/laminas/laminas-http/src/Headers.php on line 454
How to reproduce
This occurs specifically when utilizing Google's news search to RSS feed approach. It returns two sets of
Content-Security-Policy
headers.When set in the order of
require-trusted-types-for 'script';report-uri /_/DotsSplashUi/cspreport
followed by
script-src 'report-sample' 'nonce-e2kBBs8/LEHElepgO1hnkA' 'unsafe-inline'; object-src 'none'; base-uri 'self'; report-uri /_/DotsSplashUi/cspreport; worker-src 'self';
Laminas-http fails.
However, it does so inconsisently because the responding server does not always send the headers back in the same order. If the headers are sent back in the reverse order, the process succeeds, but actually overwrites the array header with the string header.
To reproduce, run this multiple times.
Expected behavior
We should expect the headers to be assembled even if an array type is passed to the client after a string type.