Merge pull request php-curl-class#491 from zachborboa/master

zachborboa · web-flow · commit e2b3f7abfea9 · 2018-01-09T02:13:36.000-08:00
Fix php-curl-class#490: Allow malformed response header to be parsed without error
diff --git a/src/Curl/Curl.php b/src/Curl/Curl.php
@@ -1363,14 +1363,16 @@ private function parseHeaders($raw_headers)
 
         $raw_headers_count = count($raw_headers);
         for ($i = 1; $i < $raw_headers_count; $i++) {
-            list($key, $value) = explode(':', $raw_headers[$i], 2);
-            $key = trim($key);
-            $value = trim($value);
-            // Use isset() as array_key_exists() and ArrayAccess are not compatible.
-            if (isset($http_headers[$key])) {
-                $http_headers[$key] .= ',' . $value;
-            } else {
-                $http_headers[$key] = $value;
+            if (strpos($raw_headers[$i], ':') !== false) {
+                list($key, $value) = explode(':', $raw_headers[$i], 2);
+                $key = trim($key);
+                $value = trim($value);
+                // Use isset() as array_key_exists() and ArrayAccess are not compatible.
+                if (isset($http_headers[$key])) {
+                    $http_headers[$key] .= ',' . $value;
+                } else {
+                    $http_headers[$key] = $value;
+                }
             }
         }
 
diff --git a/tests/PHPCurlClass/PHPCurlClassTest.php b/tests/PHPCurlClass/PHPCurlClassTest.php
@@ -2615,6 +2615,25 @@ public function testEmptyResponse()
         $this->assertArrayHasKey('Status-Line', $response_headers);
     }
 
+    public function testMalformedResponseHeaders()
+    {
+        $response =
+            'HTTP/1.0 403 Forbidden' . "\n" .
+            'Cache-Control: no-cache' . "\n" .
+            'Content-Type: text/html' . "\n" .
+            'Strict-Transport-Security: max-age=0' .
+            "\r\n" .
+            "\n";
+
+        $reflector = new \ReflectionClass('\Curl\Curl');
+        $reflection_method = $reflector->getMethod('parseResponseHeaders');
+        $reflection_method->setAccessible(true);
+
+        $curl = new Curl();
+        $response_headers = $reflection_method->invoke($curl, $response);
+        $this->assertTrue($response_headers instanceof CaseInsensitiveArray);
+    }
+
     public function testArrayToStringConversion()
     {
         $test = new Test();
