|
32 | 32 | use function is_array; |
33 | 33 | use function is_object; |
34 | 34 | use function preg_match; |
| 35 | +use function str_starts_with; |
35 | 36 | use function strlen; |
36 | 37 | use function strpos; |
37 | 38 | use function strstr; |
@@ -91,13 +92,21 @@ public static function input(string $buffer, TcpConnection $connection): int |
91 | 92 | } |
92 | 93 |
|
93 | 94 | $length = $crlfPos + 4; |
94 | | - $method = strstr($buffer, ' ', true); |
95 | | - if (!in_array($method, ['GET', 'POST', 'OPTIONS', 'HEAD', 'DELETE', 'PUT', 'PATCH'])) { |
| 95 | + $header = substr($buffer, 0, $crlfPos); |
| 96 | + |
| 97 | + if ( |
| 98 | + !str_starts_with($header, 'GET ') && |
| 99 | + !str_starts_with($header, 'POST ') && |
| 100 | + !str_starts_with($header, 'OPTIONS ') && |
| 101 | + !str_starts_with($header, 'HEAD ') && |
| 102 | + !str_starts_with($header, 'DELETE ') && |
| 103 | + !str_starts_with($header, 'PUT ') && |
| 104 | + !str_starts_with($header, 'PATCH ') |
| 105 | + ) { |
96 | 106 | $connection->close("HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\n\r\n", true); |
97 | 107 | return 0; |
98 | 108 | } |
99 | 109 |
|
100 | | - $header = substr($buffer, 0, $crlfPos); |
101 | 110 | if (preg_match('/\b(?:Transfer-Encoding\b.*)|(?:Content-Length:\s*(\d+)(?!.*\bTransfer-Encoding\b))/is', $header, $matches)) { |
102 | 111 | if (!isset($matches[1])) { |
103 | 112 | $connection->close("HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\n\r\n", true); |
|
0 commit comments