[zendframework#7235] Correctly match header field names

- Using rules from [RFC 7230 section 3.2](http://tools.ietf.org/html/rfc7230#section-3.2)
weierophinney · Mar 23, 2015 · aa77925 · aa77925
1 parent 21f7e7c
commit aa77925
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 13 deletions.
diff --git a/library/Zend/Http/Header/GenericHeader.php b/library/Zend/Http/Header/GenericHeader.php
@@ -88,18 +88,16 @@ public function setFieldName($fieldName)
             throw new Exception\InvalidArgumentException('Header name must be a string');
         }
 
-        // Pre-filter to normalize valid characters, change underscore to dash
-        $fieldName = str_replace('_', '-', $fieldName);
-
         /*
-         * Following RFC 2616 section 4.2
-         *
-         * message-header = field-name ":" [ field-value ]
-         * field-name     = token
+         * Following RFC 7230 section 3.2
          *
-         * @see http://tools.ietf.org/html/rfc2616#section-2.2 for token definition.
+         * header-field = field-name ":" [ field-value ]
+         * field-name   = token
+         * token        = 1*tchar
+         * tchar        = "!" / "#" / "$" / "%" / "&" / "'" / "*" / "+" / "-" / "." /
+         *                "^" / "_" / "`" / "|" / "~" / DIGIT / ALPHA
          */
-        if (!preg_match('/^[!#-\'*+\-\.0-9A-Z\^-z|~]+$/', $fieldName)) {
+        if (!preg_match('/^[!#$%&\'*+\-\.\^_`|~0-9a-zA-Z]+$/', $fieldName)) {
             throw new Exception\InvalidArgumentException(
                 'Header name must be a valid RFC 2616 (section 4.2) field-name.'
             );

diff --git a/tests/ZendTest/Http/Header/GenericHeaderTest.php b/tests/ZendTest/Http/Header/GenericHeaderTest.php
@@ -25,8 +25,8 @@ public function testValidFieldName($name)
             new GenericHeader($name);
         } catch (InvalidArgumentException $e) {
             $this->assertEquals(
-                 $e->getMessage(),
-                     'Header name must be a valid RFC 2616 (section 4.2) field-name.'
+                $e->getMessage(),
+                'Header name must be a valid RFC 2616 (section 4.2) field-name.'
             );
             $this->fail('Allowed char rejected: ' . ord($name)); // For easy debug
         }
@@ -43,12 +43,21 @@ public function testInvalidFieldName($name)
             $this->fail('Invalid char allowed: ' . ord($name)); // For easy debug
         } catch (InvalidArgumentException $e) {
             $this->assertEquals(
-                 $e->getMessage(),
-                     'Header name must be a valid RFC 2616 (section 4.2) field-name.'
+                $e->getMessage(),
+                'Header name must be a valid RFC 2616 (section 4.2) field-name.'
             );
         }
     }
 
+    /**
+     * @group 7295
+     */
+    public function testDoesNotReplaceUnderscoresWithDashes()
+    {
+        $header = new GenericHeader('X_Foo_Bar');
+        $this->assertEquals('X_Foo_Bar', $header->getFieldName());
+    }
+
     /**
      * Valid field name characters.
      *