From 14ec839d6749e0526e03eae5ff69c8fb767b1532 Mon Sep 17 00:00:00 2001
From: geldrin <g3ldrin@gmail.com>
Date: Tue, 29 Mar 2016 14:29:18 +0200
Subject: [PATCH 1/6] Fix Content-Length injection problems.

---
 Pest.php | 20 ++++++++++++++------
 1 file changed, 14 insertions(+), 6 deletions(-)

diff --git a/Pest.php b/Pest.php
index 7cb9d86..f266c24 100644
--- a/Pest.php
+++ b/Pest.php
@@ -207,14 +207,20 @@ protected function _isNumericallyIndexedArray($array)
     
     /**
      * Flatten headers from an associative array to a numerically indexed array of "Name: Value"
-     * style entries like CURLOPT_HTTPHEADER expects. Numerically indexed arrays are not modified.
+     * style entries like CURLOPT_HTTPHEADER expects. If $content_length is explicitly set,
+     * the function checks and adds 'Content-Length' value if needed.
+     * Other portions of numerically indexed arrays are not modified.
      *
      * @param array $headers
+     * @param int $content_length
      * @return array
      */
-    protected function prepHeaders($headers)
+    protected function prepHeaders($headers, $content_length = null)
     {
         if ($this->_isNumericallyIndexedArray($headers)) {
+            if ($content_length && strpos(strtolower($headers), 'content-length') === false)
+                $headers['Content-Length'] = $content_length;
+            
             return $headers;
         }
         
@@ -223,6 +229,9 @@ protected function prepHeaders($headers)
              $flattened[] = $name . ': ' . $value;
         }
         
+        if ($content_length && array_key_exists('Content-Length', $headers))
+            $headers[] = 'Content-Length:' . $content_length;
+        
         return $flattened;
     }
 
@@ -381,7 +390,7 @@ public function post($url, $data, $headers = array())
 
         $curl_opts = $this->curl_opts;
         $curl_opts[CURLOPT_CUSTOMREQUEST] = 'POST';
-        if (!is_array($data)) $headers[] = 'Content-Length: ' . strlen($data);
+        if (!is_array($data)) $this->prepHeaders($headers, strlen($data));
         $curl_opts[CURLOPT_HTTPHEADER] = $this->prepHeaders($headers);
         $curl_opts[CURLOPT_POSTFIELDS] = $data;
 
@@ -430,7 +439,7 @@ public function put($url, $data, $headers = array())
 
         $curl_opts = $this->curl_opts;
         $curl_opts[CURLOPT_CUSTOMREQUEST] = 'PUT';
-        if (!is_array($data)) $headers[] = 'Content-Length: ' . strlen($data);
+        if (!is_array($data)) $headers[] = $this->prepHeaders($headers, strlen($data));
         $curl_opts[CURLOPT_HTTPHEADER] = $this->prepHeaders($headers);
         $curl_opts[CURLOPT_POSTFIELDS] = $data;
 
@@ -456,8 +465,7 @@ public function patch($url, $data, $headers = array())
 
         $curl_opts = $this->curl_opts;
         $curl_opts[CURLOPT_CUSTOMREQUEST] = 'PATCH';
-        $headers[] = 'Content-Length: ' . strlen($data);
-        $curl_opts[CURLOPT_HTTPHEADER] = $this->prepHeaders($headers);
+        $curl_opts[CURLOPT_HTTPHEADER] = $this->prepHeaders($headers, strlen($data));
         $curl_opts[CURLOPT_POSTFIELDS] = $data;
 
         $curl = $this->prepRequest($curl_opts, $url);

From 9d8bcd6bd78395fed56f5aa5a8f394b103347849 Mon Sep 17 00:00:00 2001
From: geldrin <g3ldrin@gmail.com>
Date: Tue, 29 Mar 2016 16:08:30 +0200
Subject: [PATCH 2/6] Fixing array index check - now it will return TRUE only
 if the array indexes are exclusively numbers.

---
 Pest.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Pest.php b/Pest.php
index f266c24..40fe126 100644
--- a/Pest.php
+++ b/Pest.php
@@ -202,7 +202,7 @@ protected function prepRequest($opts, $url)
      */
     protected function _isNumericallyIndexedArray($array)
     {
-        return !(bool)count(array_filter(array_keys($array), 'is_string'));
+        return !(bool)(count(array_filter(array_keys($array), 'is_string')) === 0);
     }
     
     /**

From 35925521cf6ab2669f6b2149ae462a8c5ca67d3d Mon Sep 17 00:00:00 2001
From: geldrin <g3ldrin@gmail.com>
Date: Wed, 30 Mar 2016 09:22:49 +0200
Subject: [PATCH 3/6] Missing negation operator.

---
 Pest.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Pest.php b/Pest.php
index 40fe126..8edc268 100644
--- a/Pest.php
+++ b/Pest.php
@@ -229,7 +229,7 @@ protected function prepHeaders($headers, $content_length = null)
              $flattened[] = $name . ': ' . $value;
         }
         
-        if ($content_length && array_key_exists('Content-Length', $headers))
+        if ($content_length && !array_key_exists('Content-Length', $headers))
             $headers[] = 'Content-Length:' . $content_length;
         
         return $flattened;

From 3fe0732348b6fdbc0fd8dcd012f328a5c8b1cd80 Mon Sep 17 00:00:00 2001
From: geldrin <g3ldrin@gmail.com>
Date: Thu, 31 Mar 2016 15:56:41 +0200
Subject: [PATCH 4/6] fixed (case-insensitive) search on numerically indexed
 array

---
 Pest.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Pest.php b/Pest.php
index 8edc268..bded1ad 100644
--- a/Pest.php
+++ b/Pest.php
@@ -218,7 +218,7 @@ protected function _isNumericallyIndexedArray($array)
     protected function prepHeaders($headers, $content_length = null)
     {
         if ($this->_isNumericallyIndexedArray($headers)) {
-            if ($content_length && strpos(strtolower($headers), 'content-length') === false)
+            if ($content_length && array_search('content-length', array_map('strtolower', $headers)) === false)
                 $headers['Content-Length'] = $content_length;
             
             return $headers;

From d11fc10c5bba6fadd439d718d5996e5ba6915e9a Mon Sep 17 00:00:00 2001
From: geldrin <g3ldrin@gmail.com>
Date: Fri, 1 Apr 2016 09:26:31 +0200
Subject: [PATCH 5/6] fixing bad conditional statement

---
 Pest.php | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/Pest.php b/Pest.php
index bded1ad..2e230df 100644
--- a/Pest.php
+++ b/Pest.php
@@ -387,11 +387,12 @@ public function head($url)
     public function post($url, $data, $headers = array())
     {
         $data = $this->prepData($data);
+        $length = null;
 
         $curl_opts = $this->curl_opts;
         $curl_opts[CURLOPT_CUSTOMREQUEST] = 'POST';
-        if (!is_array($data)) $this->prepHeaders($headers, strlen($data));
-        $curl_opts[CURLOPT_HTTPHEADER] = $this->prepHeaders($headers);
+        if (!is_array($data)) $length = strlen($data);
+        $curl_opts[CURLOPT_HTTPHEADER] = $this->prepHeaders($headers, $length);
         $curl_opts[CURLOPT_POSTFIELDS] = $data;
 
         $curl = $this->prepRequest($curl_opts, $url);
@@ -436,11 +437,12 @@ public function prepData($data)
     public function put($url, $data, $headers = array())
     {
         $data = $this->prepData($data);
+        $length = null;
 
         $curl_opts = $this->curl_opts;
         $curl_opts[CURLOPT_CUSTOMREQUEST] = 'PUT';
-        if (!is_array($data)) $headers[] = $this->prepHeaders($headers, strlen($data));
-        $curl_opts[CURLOPT_HTTPHEADER] = $this->prepHeaders($headers);
+        if (!is_array($data)) $length = strlen($data);
+        $curl_opts[CURLOPT_HTTPHEADER] = $this->prepHeaders($headers, $length);
         $curl_opts[CURLOPT_POSTFIELDS] = $data;
 
         $curl = $this->prepRequest($curl_opts, $url);

From c99dae3aac4f6de7e64da5abc1226151c21a3ac8 Mon Sep 17 00:00:00 2001
From: geldrin <g3ldrin@gmail.com>
Date: Tue, 5 Apr 2016 12:39:53 +0200
Subject: [PATCH 6/6] removing negation opertator

---
 Pest.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Pest.php b/Pest.php
index 2e230df..7ae7350 100644
--- a/Pest.php
+++ b/Pest.php
@@ -202,7 +202,7 @@ protected function prepRequest($opts, $url)
      */
     protected function _isNumericallyIndexedArray($array)
     {
-        return !(bool)(count(array_filter(array_keys($array), 'is_string')) === 0);
+        return (bool)(count(array_filter(array_keys($array), 'is_string')) === 0);
     }
     
     /**