Remove support for the X-Original-Url and X-Rewrite-Url headers for 2.2 branch

[pgmillon]

This patch modifies the logic of Zend\Http\PhpEnvironment\Request::detectRequestUri() such that it will ignore the X-Original-Url and X-Rewrite-Url headers when marshaling the request URI.

Please release a 2.2.11 including this patch based on https://github.com/zendframework/zend-http/commit/5234f4a9e8137b731ab95d6a17879d4eb8fb9e39 for https://framework.zend.com/security/advisory/ZF2018-01.

[froschdesign]

@pgmillon Sorry, maybe I'm do not understand your pull requests, but the changes are already released with version 2.8.1: https://github.com/zendframework/zend-http/releases/tag/release-2.8.1

[pgmillon]

Hi, Thanks for taking the time to answer: I know it's indeed fixed in later version (and that's where I cherry-picked from), but I need to maintain a PHP-5.3-compatible version of https://github.com/nuxeo/nuxeo-php-client for a customer, which means being stuck with zend-http 2.2.x

[froschdesign]

@pgmillon Sorry, but version 2.2 of zend-http is no longer supported and PHP 5.3 is dead – PHP 5 is completely dead!

Normally I would say: create a fork, add the bugfix and use it in your application. But PHP 5 is no longer an option. No active or security support anymore!