Comments (8)
This has affected me as well. Twice in the last couple of weeks I have noticed my websocket server was offline and checking the logs it looks like someone send an invalid request consisting of HEAD / \r\n\r\n
PHP Notice: Undefined offset: 1 in /var/www/vhosts/ws_server/vendor/guzzlehttp/psr7/src/Message.php on line 209
PHP Fatal error: Uncaught TypeError: Argument 5 passed to GuzzleHttp\Psr7\Request::__construct() must be of the type string, null given, called in /var/www/vhosts/ws_server/vendor/guzzlehttp/psr7/src/Message.php on line 212 and defined in /var/www/vhosts/ws_server/vendor/guzzlehttp/psr7/src/Request.php:35
Stack trace:
#0 /var/www/vhosts/ws_server/vendor/guzzlehttp/psr7/src/Message.php(212): GuzzleHttp\Psr7\Request->__construct('HEAD', '/', Array, '', NULL)
#1 /var/www/vhosts/ws_server/vendor/cboden/ratchet/src/Ratchet/Http/HttpRequestParser.php(62): GuzzleHttp\Psr7\Message::parseRequest('HEAD / \r\n\r\n')
#2 /var/www/vhosts/ws_server/vendor/cboden/ratchet/src/Ratchet/Http/HttpRequestParser.php(40): Ratchet\Http\HttpRequestParser->parse('HEAD / \r\n\r\n')
#3 /var/www/vhosts/ws_server/vendor/cboden/ratchet/src/Ratchet/Http/HttpServer.php(42): Ratchet\Http\HttpRequestParser->onMessage(Object(Ratchet\Server\IoConnection),
'HEAD / in /var/www/vhosts/ws_server/vendor/guzzlehttp/psr7/src/Request.php on line 35
From my local testing, it appears most invalid requests are trapped by the preg_match
on line 205, but as long as your request first line is in the form of Method [space] Path [space]
and anything following this does not contain a /
then Guzzle will fail to get a value for $version
and crash.
from psr7.
What's the exact version of guzzlehttp/psr7
do you have installed, please?
from psr7.
I don't think we should silently change the version to 1.1, but we can probably make sure that we throw the most appropriate exception.
from psr7.
I don't think we should silently change the version to 1.1, but we can probably make sure that we throw the most appropriate exception.
Line 209 is defaulting to 1.1 if not supplied, which is exactly this situation.
$version = isset($parts[2]) ? explode('/', $parts[2])[1] : '1.1';
Another option would be to extend the isset()
test to check that $parts[2]
includes a /
and that it isn't the last non-space character. That would also resolve the Undefined Offset notice that is thrown because [1]
doesn't exist.
What's the exact version of
guzzlehttp/psr7
do you have installed, please?
According to my composer.lock
file, I am on 2.4.3
"name": "guzzlehttp/psr7",
"version": "2.4.3",
from psr7.
What's the exact version of guzzlehttp/psr7 do you have installed, please?
The version of guzzlehttp/psr7 I use is the latest version of 2.4.3.
composer show guzzlehttp/psr7 | grep 'versions'
versions : * 2.4.3
I don't think we should silently change the version to 1.1, but we can probably make sure that we throw the most appropriate exception.
I just need to solve the situation where the process exits.
If it can be solved with proper exception handling,
I don't think there will be any problem using it.
from psr7.
The problem you are facing needs to be fixed at the other end, really. Not having an HTTP version is an invalid response. All I am discussing here is if we should be crashing in a different way. ;)
from psr7.
The problem you are facing needs to be fixed at the other end, really. Not having an HTTP version is an invalid response. All I am discussing here is if we should be crashing in a different way. ;)
Thank you for your kind reply.
I agree with the answer.
However, the HTTP header is manipulated to transmit
I don't think we can respond enough to malicious attacks.
$version = isset($parts[2]) ? explode('/', $parts[2])[1] : '1.1';
In Logic after 209 Line,
$version != null ? $version : '1.1'
If you can do a null check of $version,
I think we can solve these errors.
Or Ian-hubbard-alkolizer
's suggestion
...
Another option would be to extend the isset() test to check that $parts[2] includes a / and that it isn't the last non-space character. That would also resolve the Undefined Offset notice that is thrown because [1] doesn't exist.
I think that's a good idea.
209 Line Example
if ((isset($parts[2]) && $parts[2]) && strpos($parts[2],'/') !== false) {
$version = explode('/', $parts[2])[1];
} else {
$version = '1.1';
}
from psr7.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed after 2 weeks if no further activity occurs. Thank you for your contributions.
from psr7.
Related Issues (20)
- Missing typehints HOT 1
- GuzzleHttp\Psr7\Uri Incorrectly filled port, when converted to a string HOT 2
- Message::toString throw error when headers is list array HOT 1
- Content-Type assumption not done if the file don't have extension HOT 4
- $response->getBody()->getContents() returns empty string HOT 4
- "HTTP/2 200 is not valid header value" on 2.5.0 HOT 11
- AAC MimeType has a Typo HOT 5
- Remove ralouphie/getallheaders dependency ? HOT 5
- Exception in \GuzzleHttp\Psr7\Message::toString with poor (numeric) header HOT 3
- `Uri::__toString()` can yield malformed URIs HOT 1
- Header::parse loosing cookies with same name
- Declaration Error in GuzzleHttp\Psr7\Uri because of missing type hint for arguments. HOT 5
- summarize the multibytes(utf8) payload stream maybe cause the content unreadable
- Cross Origin - Allow optional protocol upgrade HOT 4
- StreamWrapper::stream_stat() should not always return an array
- Parsing Link header doesn’t handle URLs with commas HOT 1
- Header validation (InvalidArgumentException : ":<header>" is not valid header name) HOT 6
- Change \GuzzleHttp\Psr7\Utils::modifyRequest to keep initial Request object with modifications instead of creating new Request
- Support non standard HTTP status codes HOT 1
- Body resource cannot be detached when using `ServerRequest::fromGlobals()`
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from psr7.