If the SMTP connection is disconnected (read() returns false) we should
exit early and not wait for the read timeout. This has the added benefit
of making the mocks much simpler.
Refs #10221
This ports the safe parts of #9619 and updates the tests. Because
existing tests had to change and I was concerned about changing people's
email messages in a bugfix release I'm targetting 2.next with this
change.
In eaa2bbbcae I changed the behavior to
now use the TitleCased name as I didn't understand the intended behavior
or how apache was working in the reporter's specific case.
Refs #9229
Relying on tv.eurosport.com having a bad peer name is pretty fragile.
However, we can more easily rely on their cert coming from a CA we no
longer trust.
The client_ip header can easily be forged. In 'safe' modes we should
only trust the remote_addr which comes from the sapi. Remove support for
http_clientaddress as I can't seem to find where this ever came from in
PHP on the http specs.
This fixes a regression introduced in that change that we didn't
previously have tests for. The issue fixed in #8359 was related to
PHP7.0, whereas PHP5 didn't have an issue. Now both versions will work
the same.
Replace the complex and somewhat unfixable regexp based parser for
a parser that handles each line individually. Normalize multi-line
headers to replace multiple spaces with a single one. Section 4.2 of the
HTTP1.1 standard states
> Any LWS that occurs between field-content MAY be replaced with
> a single SP before interpreting the field value or forwarding the
> message downstream.
This makes me somewhat confident that we can safely normalize
multi-line HTTP header values.
Refs #8330
Not all webservers set CONTENT_TYPE. The built-in PHP webserver for
example sets HTTP_CONTENT_TYPE instead. Add a public method to the
request object to smooth over this difference.
Refs #6051, #8267
Having all the options consolidated in one places enables all the SSL
context options to be used in the SmtpTransport instead of just allowing
self_signed as proposed in #7496
On Windows based systems, both, backward as well as forward
slashes are supported as path separators, thus checking for `DS`
only, would allow to slip in `../` fragments.
refs #5905, cad57dcc28
