Release 2.4.0 (#521)

guzzle · Jun 20, 2022 · 13388f0 · 13388f0
1 parent fbe99c4
commit 13388f0
Show file tree

Hide file tree

Showing 5 changed files with 126 additions and 8 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,20 +7,27 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## Unreleased
 
+## 2.4.0 - 2022-06-20
+
+### Added
+
+- Added provisional PHP 8.2 support
+- Added `UriComparator::isCrossOrigin` method
+
 ## 2.3.0 - 2022-06-09
 
 ### Fixed
 
-- Added `Header::splitList()`
-- Added `Utils::tryGetContents`
-- Improved `Stream::getContents()`
+- Added `Header::splitList` method
+- Added `Utils::tryGetContents` method
+- Improved `Stream::getContents` method
 - Updated mimetype mappings
 
 ## 2.2.2 - 2022-06-08
 
 ### Fixed
 
-- Fix `Message::parseRequestUri()` for numeric headers
+- Fix `Message::parseRequestUri` for numeric headers
 - Re-wrap exceptions thrown in `fread` into runtime exceptions
 - Throw an exception when multipart options is misformatted
 

diff --git a/README.md b/README.md
@@ -1,6 +1,6 @@
 # PSR-7 Message Implementation
 
-This repository contains a full [PSR-7](http://www.php-fig.org/psr/psr-7/)
+This repository contains a full [PSR-7](https://www.php-fig.org/psr/psr-7/)
 message implementation, several stream decorators, and some helpful
 functionality like query string parsing.
 
@@ -669,7 +669,7 @@ manually but instead is used indirectly via `Psr\Http\Message\UriInterface::__to
 
 `public static function fromParts(array $parts): UriInterface`
 
-Creates a URI from a hash of [`parse_url`](http://php.net/manual/en/function.parse-url.php) components.
+Creates a URI from a hash of [`parse_url`](https://www.php.net/manual/en/function.parse-url.php) components.
 
 
 ### `GuzzleHttp\Psr7\Uri::withQueryValue`
@@ -694,6 +694,16 @@ associative array of key => value.
 Creates a new URI with a specific query string value removed. Any existing query string values that exactly match the
 provided key are removed.
 
+## Cross-Origin Detection
+
+`GuzzleHttp\Psr7\UriComparator` provides methods to determine if a modified URL should be considered cross-origin.
+
+### `GuzzleHttp\Psr7\UriComparator::isCrossOrigin`
+
+`public static function isCrossOrigin(UriInterface $original, UriInterface $modified): bool`
+
+Determines if a modified URL should be considered cross-origin with respect to an original URL.
+
 ## Reference Resolution
 
 `GuzzleHttp\Psr7\UriResolver` provides methods to resolve a URI reference in the context of a base URI according
@@ -818,21 +828,25 @@ Whether two URIs can be considered equivalent. Both URIs are normalized automati
 This of course assumes they will be resolved against the same base URI. If this is not the case, determination of
 equivalence or difference of relative references does not mean anything.
 
+
 ## Version Guidance
 
 | Version | Status         | PHP Version      |
 |---------|----------------|------------------|
-| 1.x     | Security fixes | >= 5.4, < 8.2    |
+| 1.x     | Security fixes | >=5.4,<8.1       |
 | 2.x     | Latest         | ^7.2.5 \|\| ^8.0 |
 
+
 ## Security
 
 If you discover a security vulnerability within this package, please send an email to security@tidelift.com. All security vulnerabilities will be promptly addressed. Please do not disclose security-related issues publicly until a fix has been announced. Please see [Security Policy](https://github.com/guzzle/psr7/security/policy) for more information.
 
+
 ## License
 
 Guzzle is made available under the MIT License (MIT). Please see [License File](LICENSE) for more information.
 
+
 ## For Enterprise
 
 Available as part of the Tidelift Subscription

diff --git a/composer.json b/composer.json
@@ -79,7 +79,7 @@
     },
     "extra": {
         "branch-alias": {
-            "dev-master": "2.3-dev"
+            "dev-master": "2.4-dev"
         }
     },
     "config": {

diff --git a/src/UriComparator.php b/src/UriComparator.php
@@ -0,0 +1,52 @@
+<?php
+
+declare(strict_types=1);
+
+namespace GuzzleHttp\Psr7;
+
+use Psr\Http\Message\UriInterface;
+
+/**
+ * Provides methods to determine if a modified URL should be considered cross-origin.
+ *
+ * @author Graham Campbell
+ */
+final class UriComparator
+{
+    /**
+     * Determines if a modified URL should be considered cross-origin with
+     * respect to an original URL.
+     */
+    public static function isCrossOrigin(UriInterface $original, UriInterface $modified): bool
+    {
+        if (\strcasecmp($original->getHost(), $modified->getHost()) !== 0) {
+            return true;
+        }
+
+        if ($original->getScheme() !== $modified->getScheme()) {
+            return true;
+        }
+
+        if (self::computePort($original) !== self::computePort($modified)) {
+            return true;
+        }
+
+        return false;
+    }
+
+    private static function computePort(UriInterface $uri): int
+    {
+        $port = $uri->getPort();
+
+        if (null !== $port) {
+            return $port;
+        }
+
+        return 'https' === $uri->getScheme() ? 443 : 80;
+    }
+
+    private function __construct()
+    {
+        // cannot be instantiated
+    }
+}
diff --git a/tests/UriComparatorTest.php b/tests/UriComparatorTest.php
@@ -0,0 +1,45 @@
+<?php
+
+declare(strict_types=1);
+
+namespace GuzzleHttp\Tests\Psr7;
+
+use GuzzleHttp\Psr7\Uri;
+use GuzzleHttp\Psr7\UriComparator;
+use PHPUnit\Framework\TestCase;
+
+/**
+ * @covers GuzzleHttp\Psr7\UriComparator
+ */
+class UriComparatorTest extends TestCase
+{
+    /**
+     * @dataProvider getCrossOriginExamples
+     */
+    public function testIsCrossOrigin(string $original, string $modified, bool $expected): void
+    {
+        self::assertSame($expected, UriComparator::isCrossOrigin(new Uri($original), new Uri($modified)));
+    }
+
+    public function getCrossOriginExamples(): array
+    {
+        return [
+            ['http://example.com/123', 'http://example.com/', false],
+            ['http://example.com/123', 'http://example.com:80/', false],
+            ['http://example.com:80/123', 'http://example.com/', false],
+            ['http://example.com:80/123', 'http://example.com:80/', false],
+            ['http://example.com/123', 'https://example.com/', true],
+            ['http://example.com/123', 'http://www.example.com/', true],
+            ['http://example.com/123', 'http://example.com:81/', true],
+            ['http://example.com:80/123', 'http://example.com:81/', true],
+            ['https://example.com/123', 'https://example.com/', false],
+            ['https://example.com/123', 'https://example.com:443/', false],
+            ['https://example.com:443/123', 'https://example.com/', false],
+            ['https://example.com:443/123', 'https://example.com:443/', false],
+            ['https://example.com/123', 'http://example.com/', true],
+            ['https://example.com/123', 'https://www.example.com/', true],
+            ['https://example.com/123', 'https://example.com:444/', true],
+            ['https://example.com:443/123', 'https://example.com:444/', true],
+        ];
+    }
+}