symfony
diff --git a/‎src/Symfony/Component/HttpFoundation/AcceptHeader.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpFoundation/AcceptHeader.php
+8-3Lines changed: 8 additions & 3 deletions b/‎src/Symfony/Component/HttpFoundation/AcceptHeader.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpFoundation/AcceptHeader.php
+8-3Lines changed: 8 additions & 3 deletions
diff --git a/‎src/Symfony/Component/HttpFoundation/AcceptHeaderItem.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpFoundation/AcceptHeaderItem.php
+6-20Lines changed: 6 additions & 20 deletions b/‎src/Symfony/Component/HttpFoundation/AcceptHeaderItem.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpFoundation/AcceptHeaderItem.php
+6-20Lines changed: 6 additions & 20 deletions
diff --git a/‎src/Symfony/Component/HttpFoundation/CHANGELOG.md
Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpFoundation/CHANGELOG.md
+1Lines changed: 1 addition & 0 deletions b/‎src/Symfony/Component/HttpFoundation/CHANGELOG.md
Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpFoundation/CHANGELOG.md
+1Lines changed: 1 addition & 0 deletions
diff --git a/‎src/Symfony/Component/HttpFoundation/Cookie.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpFoundation/Cookie.php
+12-26Lines changed: 12 additions & 26 deletions b/‎src/Symfony/Component/HttpFoundation/Cookie.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpFoundation/Cookie.php
+12-26Lines changed: 12 additions & 26 deletions
diff --git a/‎src/Symfony/Component/HttpFoundation/HeaderBag.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpFoundation/HeaderBag.php
+3-19Lines changed: 3 additions & 19 deletions b/‎src/Symfony/Component/HttpFoundation/HeaderBag.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpFoundation/HeaderBag.php
+3-19Lines changed: 3 additions & 19 deletions
diff --git a/‎src/Symfony/Component/HttpFoundation/HeaderUtils.php
Copy file name to clipboard
+191Lines changed: 191 additions & 0 deletions b/‎src/Symfony/Component/HttpFoundation/HeaderUtils.php
Copy file name to clipboard
+191Lines changed: 191 additions & 0 deletions
diff --git a/‎src/Symfony/Component/HttpFoundation/Request.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpFoundation/Request.php
+21-5Lines changed: 21 additions & 5 deletions b/‎src/Symfony/Component/HttpFoundation/Request.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpFoundation/Request.php
+21-5Lines changed: 21 additions & 5 deletions
diff --git a/‎src/Symfony/Component/HttpFoundation/Tests/AcceptHeaderItemTest.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpFoundation/Tests/AcceptHeaderItemTest.php
+1-1Lines changed: 1 addition & 1 deletion b/‎src/Symfony/Component/HttpFoundation/Tests/AcceptHeaderItemTest.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpFoundation/Tests/AcceptHeaderItemTest.php
+1-1Lines changed: 1 addition & 1 deletion
@@ -52,12 +52,17 @@ public static function fromString($headerValue)
     {
         $index = 0;
 
-        return new self(array_map(function ($itemValue) use (&$index) {
-            $item = AcceptHeaderItem::fromString($itemValue);
+        $parts = HeaderUtils::split((string) $headerValue, ',;=');
+
+        return new self(array_map(function ($subParts) use (&$index) {
+            $part = array_shift($subParts);
+            $attributes = HeaderUtils::combineParts($subParts);
+
+            $item = new AcceptHeaderItem($part[0], $attributes);
             $item->setIndex($index++);
 
             return $item;
-        }, preg_split('/\s*(?:,*("[^"]+"),*|,*(\'[^\']+\'),*|,+)\s*/', $headerValue, 0, PREG_SPLIT_NO_EMPTY | PREG_SPLIT_DELIM_CAPTURE)));
+        }, $parts));
     }
 
     /**
 
@@ -59,24 +59,12 @@ public function __construct($value, array $attributes = array())
      */
     public static function fromString($itemValue)
     {
-        $bits = preg_split('/\s*(?:;*("[^"]+");*|;*(\'[^\']+\');*|;+)\s*/', $itemValue, 0, PREG_SPLIT_NO_EMPTY | PREG_SPLIT_DELIM_CAPTURE);
-        $value = array_shift($bits);
-        $attributes = array();
-
-        $lastNullAttribute = null;
-        foreach ($bits as $bit) {
-            if (($start = substr($bit, 0, 1)) === ($end = substr($bit, -1)) && ('"' === $start || '\'' === $start)) {
-                $attributes[$lastNullAttribute] = substr($bit, 1, -1);
-            } elseif ('=' === $end) {
-                $lastNullAttribute = $bit = substr($bit, 0, -1);
-                $attributes[$bit] = null;
-            } else {
-                $parts = explode('=', $bit);
-                $attributes[$parts[0]] = isset($parts[1]) && strlen($parts[1]) > 0 ? $parts[1] : '';
-            }
-        }
+        $parts = HeaderUtils::split($itemValue, ';=');
+
+        $part = array_shift($parts);
+        $attributes = HeaderUtils::combineParts($parts, 1);
 
-        return new self(($start = substr($value, 0, 1)) === ($end = substr($value, -1)) && ('"' === $start || '\'' === $start) ? substr($value, 1, -1) : $value, $attributes);
+        return new self($part[0], $attributes);
     }
 
     /**
@@ -88,9 +76,7 @@ public function __toString()
     {
         $string = $this->value.($this->quality < 1 ? ';q='.$this->quality : '');
         if (count($this->attributes) > 0) {
-            $string .= ';'.implode(';', array_map(function ($name, $value) {
-                return sprintf(preg_match('/[,;=]/', $value) ? '%s="%s"' : '%s=%s', $name, $value);
-            }, array_keys($this->attributes), $this->attributes));
+            $string .= '; '.HeaderUtils::joinAssoc($this->attributes, ';');
         }
 
         return $string;
 
@@ -9,6 +9,7 @@ CHANGELOG
  * deprecated setting session save handlers that do not implement `\SessionHandlerInterface` in `NativeSessionStorage::setSaveHandler()`
  * deprecated using `MongoDbSessionHandler` with the legacy mongo extension; use it with the mongodb/mongodb package and ext-mongodb instead
  * deprecated `MemcacheSessionHandler`; use `MemcachedSessionHandler` instead
+ * added `HeaderUtility`
 
 3.3.0
 -----
 
@@ -50,34 +50,20 @@ public static function fromString($cookie, $decode = false)
             'raw' => !$decode,
             'samesite' => null,
         );
-        foreach (explode(';', $cookie) as $part) {
-            if (false === strpos($part, '=')) {
-                $key = trim($part);
-                $value = true;
-            } else {
-                list($key, $value) = explode('=', trim($part), 2);
-                $key = trim($key);
-                $value = trim($value);
-            }
-            if (!isset($data['name'])) {
-                $data['name'] = $decode ? urldecode($key) : $key;
-                $data['value'] = true === $value ? null : ($decode ? urldecode($value) : $value);
-                continue;
-            }
-            switch ($key = strtolower($key)) {
-                case 'name':
-                case 'value':
-                    break;
-                case 'max-age':
-                    $data['expires'] = time() + (int) $value;
-                    break;
-                default:
-                    $data[$key] = $value;
-                    break;
-            }
+
+        $parts = HeaderUtils::split($cookie, ';=');
+        $part = array_shift($parts);
+
+        $name = $decode ? urldecode($part[0]) : $part[0];
+        $value = isset($part[1]) ? ($decode ? urldecode($part[1]) : $part[1]) : null;
+
+        $data = HeaderUtils::combineParts($parts) + $data;
+
+        if (isset($data['max-age'])) {
+            $data['expires'] = time() + (int) $data['max-age'];
         }
 
-        return new static($data['name'], $data['value'], $data['expires'], $data['path'], $data['domain'], $data['secure'], $data['httponly'], $data['raw'], $data['samesite']);
+        return new static($name, $value, $data['expires'], $data['path'], $data['domain'], $data['secure'], $data['httponly'], $data['raw'], $data['samesite']);
     }
 
     /**
 
@@ -286,21 +286,9 @@ public function count()
 
     protected function getCacheControlHeader()
     {
-        $parts = array();
         ksort($this->cacheControl);
-        foreach ($this->cacheControl as $key => $value) {
-            if (true === $value) {
-                $parts[] = $key;
-            } else {
-                if (preg_match('#[^a-zA-Z0-9._-]#', $value)) {
-                    $value = '"'.$value.'"';
-                }
-
-                $parts[] = "$key=$value";
-            }
-        }
 
-        return implode(', ', $parts);
+        return HeaderUtils::joinAssoc($this->cacheControl, ',');
     }
 
     /**
@@ -312,12 +300,8 @@ protected function getCacheControlHeader()
      */
     protected function parseCacheControl($header)
     {
-        $cacheControl = array();
-        preg_match_all('#([a-zA-Z][a-zA-Z_-]*)\s*(?:=(?:"([^"]*)"|([^ \t",;]*)))?#', $header, $matches, PREG_SET_ORDER);
-        foreach ($matches as $match) {
-            $cacheControl[strtolower($match[1])] = isset($match[3]) ? $match[3] : (isset($match[2]) ? $match[2] : true);
-        }
+        $parts = HeaderUtils::split($header, ',=');
 
-        return $cacheControl;
+        return HeaderUtils::combineParts($parts);
     }
 }
@@ -0,0 +1,191 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\HttpFoundation;
+
+/**
+ * HTTP header utility functions.
+ *
+ * @author Christian Schmidt <github@chsc.dk>
+ */
+class HeaderUtils
+{
+    /**
+     * This class should not be instantiated.
+     */
+    private function __construct()
+    {
+    }
+
+    /**
+     * Splits an HTTP header by one or more separators.
+     *
+     * Example:
+     *
+     *     HeaderUtils::split("da, en-gb;q=0.8", ",;")
+     *     // => array(array("da"), array("en-gb"), array("q", "0.8"))
+     *
+     * @param string $header     HTTP header value
+     * @param string $separators List of characters to split on, ordered by
+     *                           precedence, e.g. ",", ";=", or ",;="
+     *
+     * @return array Nested array with as many levels as there are characters in
+     *               $separators
+     */
+    public static function split(string $header, $separators)
+    {
+        $quotedSeparators = preg_quote($separators);
+
+        preg_match_all('
+            /
+                (?!\s)
+                    (?:
+                        # quoted-string
+                        "(?:[^"\\\\]|\\\\.)*(?:"|\\\\|$)
+                    |
+                        # token
+                        [^"'.$quotedSeparators.']+
+                    )+
+                (?<!\s)
+            |
+                # separator
+                \s*
+                (?<separator>['.$quotedSeparators.'])
+                \s*
+            /x', trim($header), $matches, PREG_SET_ORDER);
+
+        return self::groupParts($matches, $separators);
+    }
+
+    private static function groupParts(array $matches, $separators)
+    {
+        $separator = $separators[0];
+        $partSeparators = substr($separators, 1);
+
+        $i = 0;
+        $partMatches = array();
+        foreach ($matches as $match) {
+            if (isset($match['separator']) && $match['separator'] === $separator) {
+                ++$i;
+            } else {
+                $partMatches[$i][] = $match;
+            }
+        }
+
+        $parts = array();
+        if ($partSeparators) {
+            foreach ($partMatches as $matches) {
+                $parts[] = self::groupParts($matches, $partSeparators);
+            }
+        } else {
+            foreach ($partMatches as $matches) {
+                $parts[] = self::unquote($matches[0][0]);
+            }
+        }
+
+        return $parts;
+    }
+
+    /**
+     * Combines an array of arrays into one associative array.
+     *
+     * Each of the nested arrays should have one or two elements. The first
+     * value will be used as the keys in the associative array, and the second
+     * will be used as the values, or true if the nested array only contains one
+     * element.
+     *
+     * Example:
+     *
+     *     HeaderUtils::combineParts(array(array("foo", "abc"), array("bar")))
+     *     // => array("foo" => "abc", "bar" => true)
+     *
+     * @param array $parts Array of arrays
+     *
+     * @return array Associative array
+     */
+    public static function combineParts(array $parts)
+    {
+        $assoc = array();
+        foreach ($parts as $part) {
+            $name = strtolower($part[0]);
+            $value = isset($part[1]) ? $part[1] : true;
+            $assoc[$name] = $value;
+        }
+
+        return $assoc;
+    }
+
+    /**
+     * Joins an associative array into a string.
+     *
+     * The key and value of each entry are joined with "=", and all entries
+     * is joined with the specified separator and an additional space (for
+     * readability). Values are quoted if necessary.
+     *
+     * Example:
+     *
+     *     HeaderUtils::joinAssoc(array("foo" => "abc", "bar" => true, "baz" => "a b c"), ",")
+     *     // => 'foo=bar, baz, baz="a b c"'
+     *
+     * @param array  $assoc     The associative array
+     * @param string $separator Separator between each array entry
+     *
+     * @return string A string formatted for use in an HTTP header
+     */
+    public static function joinAssoc(array $assoc, $separator)
+    {
+        $parts = array();
+        foreach ($assoc as $name => $value) {
+            if (true === $value) {
+                $parts[] = $name;
+            } else {
+                $parts[] = $name.'='.self::quote($value);
+            }
+        }
+
+        return implode($separator.' ', $parts);
+    }
+
+    /**
+     * Encodes a string as a quoted string, if necessary.
+     *
+     * If a string contains characters not allowed by the "token" construct in
+     * the HTTP specification, it is backslash-escaped and enclosed in quotes
+     * to match the "quoted-string" construct.
+     *
+     * @param string $s The raw string
+     *
+     * @return return The quoted string
+     */
+    public static function quote($s)
+    {
+        if (preg_match('/^[a-z0-9!#$%&\'*.^_`|~-]+$/i', $s)) {
+            return $s;
+        }
+
+        return '"'.addcslashes($s, '"\\"').'"';
+    }
+
+    /**
+     * Decodes a quoted string.
+     *
+     * If passed an unquoted string that matches the "token" construct (as
+     * defined in the HTTP specification), it is passed through verbatimly.
+     *
+     * @param string $s The quoted string
+     *
+     * @return string The raw string
+     */
+    public static function unquote($s)
+    {
+        return preg_replace('/\\\\(.)|"/', '$1', $s);
+    }
+}
@@ -2075,8 +2075,16 @@ private function getTrustedValues($type, $ip = null)
         }
 
         if (self::$trustedHeaders[self::HEADER_FORWARDED] && $this->headers->has(self::$trustedHeaders[self::HEADER_FORWARDED])) {
-            $forwardedValues = $this->headers->get(self::$trustedHeaders[self::HEADER_FORWARDED]);
-            $forwardedValues = preg_match_all(sprintf('{(?:%s)=(?:"?\[?)([a-zA-Z0-9\.:_\-/]*+)}', self::$forwardedParams[$type]), $forwardedValues, $matches) ? $matches[1] : array();
+            $forwarded = $this->headers->get(self::$trustedHeaders[self::HEADER_FORWARDED]);
+            $parts = HeaderUtils::split($forwarded, ',;=');
+            $forwardedValues = array();
+            $param = self::$forwardedParams[$type];
+            foreach ($parts as $subParts) {
+                $assoc = HeaderUtils::combineParts($subParts);
+                if (isset($assoc[$param])) {
+                    $forwardedValues[] = $assoc[$param];
+                }
+            }
         }
 
         if (null !== $ip) {
@@ -2109,9 +2117,17 @@ private function normalizeAndFilterClientIps(array $clientIps, $ip)
         $firstTrustedIp = null;
 
         foreach ($clientIps as $key => $clientIp) {
-            // Remove port (unfortunately, it does happen)
-            if (preg_match('{((?:\d+\.){3}\d+)\:\d+}', $clientIp, $match)) {
-                $clientIps[$key] = $clientIp = $match[1];
+            if (strpos($clientIp, '.')) {
+                // Strip :port from IPv4 addresses. This is allowed in Forwarded
+                // and may occur in X-Forwarded-For.
+                $i = strpos($clientIp, ':');
+                if ($i) {
+                    $clientIps[$key] = $clientIp = substr($clientIp, 0, $i);
+                }
+            } elseif ('[' == $clientIp[0]) {
+                // Strip brackets and :port from IPv6 addresses.
+                $i = strpos($clientIp, ']', 1);
+                $clientIps[$key] = $clientIp = substr($clientIp, 1, $i - 1);
             }
 
             if (!filter_var($clientIp, FILTER_VALIDATE_IP)) {
 
@@ -66,7 +66,7 @@ public function provideToStringData()
             ),
             array(
                 'text/plain', array('charset' => 'utf-8', 'param' => 'this;should,not=matter', 'footnotes' => 'true'),
-                'text/plain;charset=utf-8;param="this;should,not=matter";footnotes=true',
+                'text/plain; charset=utf-8; param="this;should,not=matter"; footnotes=true',
             ),
         );
     }