Prevent HTTP header leakage on local file URIs in PHP 8.5+#888
Prevent HTTP header leakage on local file URIs in PHP 8.5+#888VINICIUSOLIVER wants to merge 1 commit intojsonrainbow:mainfrom
Conversation
|
🎉 You're making a difference! We appreciate your effort and dedication. A reviewer will check it out soon, but in the meantime, give yourself a pat on the back. Keep up the great work! 💪🚀 ⭐ Enjoying contributing? Star the project! ⭐Your contributions help this project grow, and we'd love your support in another way too! If you find this repo helpful, consider leaving a star 🌟 on GitHub. |
|
@VINICIUSOLIVER Can you provide a test for this bug fix? I've been looking at how headers could have been leaked but the retrieve method calls |
It calls But it also introduced a leaking headers issue, since it does not call However, on the main branch, we have this issue resolved in version 6.7.2: The bottom line is, I believe we need the same fix for the 5.x.x version as there is in 6.7.2. |
|
Ahh okay, so that is actually why is asked if the PR shouldn't be against the 5.x.x branch. Since I'm free now I'll see what I can do ATm. Thanks for your efforts and sharing your findings. |
…ch (#893) ## Description See #843 ## Related Issue Port of #843 Fixes #860 Replaces #888 ## Type of Change <!-- Mark the appropriate option with an "x" --> - [x] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected) - [ ] Documentation update - [ ] Code refactoring - [ ] Other (please describe): ## Checklist <!-- Mark completed items with an "x" --> - [x] I have read the [CONTRIBUTING](CONTRIBUTING.md) guidelines - [x] My code follows the code style of this project - [x] I have added tests that prove my fix is effective or that my feature works - [x] All new and existing tests pass - [x] I have updated the documentation accordingly - [x] My changes generate no new warnings ## Additional Notes <!-- Add any additional information that might be helpful for reviewers -->
|
This PR was replaced by #893 and is part of the 5.3.2 release https://github.com/jsonrainbow/json-schema/releases/tag/5.3.2 |
3 participants
Description
Related Issue
Type of Change
Checklist
Additional Notes
This PR addresses an issue in PHP 8.5+ where the new global function http_get_last_response_headers() returns headers from the previous HTTP request when the current URI uses a non-HTTP wrapper (like file://).
By adding a scheme check, we ensure that HTTP headers are only retrieved when the URI is actually a web request. This prevents the schema validator from incorrectly identifying local JSON files as text/xml due to state leakage from prior API calls.