Merge branch 'develop'

Prepping for 2.2.0RC1.

src/Client.php

@@ -282,7 +282,7 @@ public function getLastRawResponse()
     /**
      * Get the redirections count
      *
-     * @return integer
+     * @return int
      */
     public function getRedirectionsCount()
     {
@@ -298,8 +298,18 @@ public function getRedirectionsCount()
     public function setUri($uri)
     {
         if (!empty($uri)) {
+            // remember host of last request
+            $lastHost = $this->getRequest()->getUri()->getHost();
             $this->getRequest()->setUri($uri);
 
+            // if host changed, the HTTP authentication should be cleared for security
+            // reasons, see #4215 for a discussion - currently authentication is also
+            // cleared for peer subdomains due to technical limits
+            $nextHost = $this->getRequest()->getUri()->getHost();
+            if (!preg_match('/' . preg_quote($lastHost, '/') . '$/i', $nextHost)) {
+                $this->clearAuth();
+            }
+
             // Set auth if username and password has been specified in the uri
             if ($this->getUri()->getUser() && $this->getUri()->getPassword()) {
                 $this->setAuth($this->getUri()->getUser(), $this->getUri()->getPassword());
@@ -444,6 +454,37 @@ public function setParameterGet(array $query)
         return $this;
     }
 
+    /**
+     * Reset all the HTTP parameters (request, response, etc)
+     *
+     * @param  bool   $clearCookies  Also clear all valid cookies? (defaults to false)
+     * @param  bool   $clearAuth     Also clear http authentication? (defaults to true)
+     * @return Client
+     */
+    public function resetParameters($clearCookies = false, $clearAuth = true)
+    {
+        $uri = $this->getUri();
+
+        $this->streamName      = null;
+        $this->encType         = null;
+        $this->request         = null;
+        $this->response        = null;
+        $this->lastRawRequest  = null;
+        $this->lastRawResponse = null;
+
+        $this->setUri($uri);
+
+        if ($clearCookies) {
+            $this->clearCookies();
+        }
+
+        if ($clearAuth) {
+            $this->clearAuth();
+        }
+
+        return $this;
+    }
+
     /**
      * Return the current cookies
      *
@@ -673,6 +714,14 @@ public function setAuth($user, $password, $type = self::AUTH_BASIC)
         return $this;
     }
 
+    /**
+     * Clear http authentication
+     */
+    public function clearAuth()
+    {
+        $this->auth = array();
+    }
+
     /**
      * Calculate the response value according to the HTTP authentication type
      *
@@ -728,31 +777,6 @@ protected function calcAuthDigest($user, $password, $type = self::AUTH_BASIC, $d
         return $response;
     }
 
-    /**
-     * Reset all the HTTP parameters (auth,cookies,request, response, etc)
-     *
-     * @param  bool   $clearCookies  Also clear all valid cookies? (defaults to false)
-     * @return Client
-     */
-    public function resetParameters($clearCookies = false)
-    {
-        $uri = $this->getUri();
-
-        $this->auth       = null;
-        $this->streamName = null;
-        $this->encType    = null;
-        $this->request    = null;
-        $this->response   = null;
-
-        $this->setUri($uri);
-
-        if ($clearCookies) {
-            $this->clearCookies();
-        }
-
-        return $this;
-    }
-
     /**
      * Dispatch
      *
@@ -897,13 +921,15 @@ public function send(Request $request = null)
                    ((! $this->config['strictredirects']) && ($response->getStatusCode() == 302 ||
                        $response->getStatusCode() == 301))) {
 
-                    $this->resetParameters();
+                    $this->resetParameters(false, false);
                     $this->setMethod(Request::METHOD_GET);
                 }
 
+
                 // If we got a well formed absolute URI
                 if (($scheme = substr($location, 0, 6)) &&
                         ($scheme == 'http:/' || $scheme == 'https:')) {
+                    // setURI() clears parameters if host changed, see #4215
                     $this->setUri($location);
                 } else {
 
@@ -933,12 +959,26 @@ public function send(Request $request = null)
                 break;
             }
 
-        } while ($this->redirectCounter < $this->config['maxredirects']);
+        } while ($this->redirectCounter <= $this->config['maxredirects']);
 
         $this->response = $response;
         return $response;
     }
 
+    /**
+     * Fully reset the HTTP client (auth, cookies, request, response, etc.)
+     *
+     * @return Client
+     */
+    public function reset()
+    {
+       $this->resetParameters();
+       $this->clearAuth();
+       $this->clearCookies();
+
+       return $this;
+    }
+
     /**
      * Set a file to upload (using a POST request)
      *
@@ -1004,7 +1044,7 @@ public function removeFileUpload($filename)
      *
      * @param   string $domain
      * @param   string $path
-     * @param   boolean $secure
+     * @param   bool $secure
      * @return  Header\Cookie|bool
      */
     protected function prepareCookies($domain, $path, $secure)

src/Client/Adapter/Proxy.php

@@ -192,7 +192,7 @@ public function write($method, $uri, $httpVer = '1.1', $headers = array(), $body
      * Preform handshaking with HTTPS proxy using CONNECT method
      *
      * @param string  $host
-     * @param integer $port
+     * @param int $port
      * @param string  $httpVer
      * @param array   $headers
      * @throws AdapterException\RuntimeException

src/Client/Adapter/Test.php

@@ -41,7 +41,7 @@ class Test implements AdapterInterface
     /**
      * Current position in the response buffer
      *
-     * @var integer
+     * @var int
      */
     protected $responseIndex = 0;
 
@@ -199,7 +199,7 @@ public function addResponse($response)
      * Sets the position of the response buffer.  Selects which
      * response will be returned on the next call to read().
      *
-     * @param integer $index
+     * @param int $index
      * @throws Exception\OutOfRangeException
      */
     public function setResponseIndex($index)

src/Header/AbstractAccept.php

@@ -419,7 +419,7 @@ protected function sortFieldValueParts()
             }
 
             // Asterisks
-            $values = array('type', 'subtype','format');
+            $values = array('type', 'subtype', 'format');
             foreach ($values as $value) {
                 if ($a->$value == '*' && $b->$value != '*') {
                     return 1;

src/Header/AbstractLocation.php

@@ -10,9 +10,9 @@
 namespace Zend\Http\Header;
 
 use Zend\Uri\Exception as UriException;
-use Zend\Uri\UriInterface;
-use Zend\Uri\UriFactory;
 use Zend\Uri\Uri;
+use Zend\Uri\UriFactory;
+use Zend\Uri\UriInterface;
 
 
 /**

src/Header/Accept.php

@@ -8,8 +8,8 @@
  */
 
 namespace Zend\Http\Header;
-use Zend\Http\Header\Accept\FieldValuePart;
 
+use Zend\Http\Header\Accept\FieldValuePart;
 
 /**
  * Accept Header

src/Header/AcceptCharset.php

@@ -8,6 +8,7 @@
  */
 
 namespace Zend\Http\Header;
+
 use Zend\Http\Header\Accept\FieldValuePart;
 
 /**

src/Header/AcceptEncoding.php

@@ -8,6 +8,7 @@
  */
 
 namespace Zend\Http\Header;
+
 use Zend\Http\Header\Accept\FieldValuePart;
 
 /**

src/Header/AcceptLanguage.php

@@ -8,8 +8,8 @@
  */
 
 namespace Zend\Http\Header;
-use Zend\Http\Header\Accept\FieldValuePart;
 
+use Zend\Http\Header\Accept\FieldValuePart;
 
 /**
  * Accept Language Header

src/Header/SetCookie.php

@@ -37,14 +37,14 @@ class SetCookie implements MultipleHeaderInterface
     /**
      * Version
      *
-     * @var integer
+     * @var int
      */
     protected $version = null;
 
     /**
      * Max Age
      *
-     * @var integer
+     * @var int
      */
     protected $maxAge = null;
 
@@ -317,7 +317,7 @@ public function getValue()
     /**
      * Set version
      *
-     * @param integer $version
+     * @param int $version
      * @throws Exception\InvalidArgumentException
      */
     public function setVersion($version)
@@ -331,7 +331,7 @@ public function setVersion($version)
     /**
      * Get version
      *
-     * @return integer
+     * @return int
      */
     public function getVersion()
     {
@@ -341,7 +341,7 @@ public function getVersion()
     /**
      * Set Max-Age
      *
-     * @param integer $maxAge
+     * @param int $maxAge
      * @throws Exception\InvalidArgumentException
      */
     public function setMaxAge($maxAge)
@@ -355,7 +355,7 @@ public function setMaxAge($maxAge)
     /**
      * Get Max-Age
      *
-     * @return integer
+     * @return int
      */
     public function getMaxAge()
     {
@@ -512,9 +512,9 @@ public function isValidForRequest($requestDomain, $path, $isSecure = false)
      * Checks whether the cookie should be sent or not in a specific scenario
      *
      * @param string|Zend\Uri\Uri $uri URI to check against (secure, domain, path)
-     * @param boolean $matchSessionCookies Whether to send session cookies
+     * @param bool $matchSessionCookies Whether to send session cookies
      * @param int $now Override the current time when checking for expiry time
-     * @return boolean
+     * @return bool
      */
     public function match($uri, $matchSessionCookies = true, $now = null)
     {
@@ -554,7 +554,7 @@ public function match($uri, $matchSessionCookies = true, $now = null)
      * @param  string $cookieDomain
      * @param  string $host
      *
-     * @return boolean
+     * @return bool
      */
     public static function matchCookieDomain($cookieDomain, $host)
     {
@@ -580,7 +580,7 @@ public static function matchCookieDomain($cookieDomain, $host)
      *
      * @param  string $cookiePath
      * @param  string $path
-     * @return boolean
+     * @return bool
      */
     public static function matchCookiePath($cookiePath, $path)
     {

src/Response.php

@@ -233,7 +233,7 @@ public function getCookie()
     /**
      * Set HTTP status code and (optionally) message
      *
-     * @param  integer $code
+     * @param  int $code
      * @throws Exception\InvalidArgumentException
      * @return Response
      */