[HttpFoundation] Fix AcceptHeader overwrites items with different parameters

yoeunes · yoeunes · commit c99d747a3764 · 2025-11-03T11:02:13.000+01:00
diff --git a/src/Symfony/Component/HttpFoundation/AcceptHeader.php b/src/Symfony/Component/HttpFoundation/AcceptHeader.php
@@ -73,15 +73,39 @@ public function __toString(): string
      */
     public function has(string $value): bool
     {
-        return isset($this->items[$value]);
+        return isset($this->items[$value]) || null !== $this->get($value);
     }
 
     /**
      * Returns given value's item, if exists.
      */
     public function get(string $value): ?AcceptHeaderItem
     {
-        return $this->items[$value] ?? $this->items[explode('/', $value)[0].'/*'] ?? $this->items['*/*'] ?? $this->items['*'] ?? null;
+        $queryItem = AcceptHeaderItem::fromString($value.';q=1');
+        $baseValue = $queryItem->getValue();
+        $queryAttributes = $queryItem->getAttributes();
+        $parametersString = $this->buildCanonicalParams($queryAttributes);
+        $canonicalKey = $baseValue.($parametersString ? ';'.$parametersString : '');
+
+        if (isset($this->items[$canonicalKey])) {
+            return $this->items[$canonicalKey];
+        }
+
+        // Find all matching candidates
+        $candidates = [];
+        foreach ($this->items as $item) {
+            if ($this->matches($item, $queryItem)) {
+                $candidates[] = $item;
+            }
+        }
+
+        if (!$candidates) {
+            return null;
+        }
+
+        $this->sortCandidates($candidates, $queryItem);
+
+        return $candidates[0];
     }
 
     /**
@@ -91,7 +115,16 @@ public function get(string $value): ?AcceptHeaderItem
      */
     public function add(AcceptHeaderItem $item): static
     {
-        $this->items[$item->getValue()] = $item;
+        $baseValue = $item->getValue();
+        $itemAttributes = $item->getAttributes();
+
+        // Canonicalize parameters: sort by name, format as 'name=value' or 'name'
+        $parametersString = $this->buildCanonicalParams($itemAttributes);
+        $canonicalKey = $baseValue.($parametersString ? ';'.$parametersString : '');
+
+        // Add or overwrite (though duplicates unlikely after canonicalization)
+        $this->items[$canonicalKey] = $item;
+
         $this->sorted = false;
 
         return $this;
@@ -147,4 +180,145 @@ private function sort(): void
             $this->sorted = true;
         }
     }
+
+    /**
+     * Sorts candidates by specificity, quality, parameter count, and original order.
+     *
+     * @param AcceptHeaderItem[] $candidates
+     */
+    private function sortCandidates(array &$candidates, AcceptHeaderItem $queryItem): void
+    {
+        usort($candidates, function (AcceptHeaderItem $a, AcceptHeaderItem $b) use ($queryItem) {
+            $specificityA = $this->getSpecificity($a, $queryItem);
+            $specificityB = $this->getSpecificity($b, $queryItem);
+            if ($specificityA !== $specificityB) {
+                return $specificityB <=> $specificityA;
+            }
+            if ($a->getQuality() !== $b->getQuality()) {
+                return $b->getQuality() <=> $a->getQuality();
+            }
+            $parameterCountA = \count($this->getMediaParams($a));
+            $parameterCountB = \count($this->getMediaParams($b));
+            if ($parameterCountA !== $parameterCountB) {
+                return $parameterCountB <=> $parameterCountA;
+            }
+
+            return $a->getIndex() <=> $b->getIndex();
+        });
+    }
+
+    /**
+     * Builds a canonical string representation of attributes.
+     *
+     * @param array<string, mixed> $attributes
+     */
+    private function buildCanonicalParams(array $attributes): string
+    {
+        $normalizedAttributes = [];
+        foreach ($attributes as $name => $value) {
+            $lowerName = strtolower($name);
+            if ('q' === $lowerName) {
+                continue;
+            }
+            $normalizedAttributes[$lowerName] = $value;
+        }
+        ksort($normalizedAttributes);
+        $parameterParts = [];
+        foreach ($normalizedAttributes as $name => $value) {
+            if (null === $value) {
+                $parameterParts[] = $name;
+            } else {
+                $quotedValue = \is_string($value) && str_contains($value, ' ') ? '"'.addslashes($value).'"' : $value;
+                $parameterParts[] = $name.'='.$quotedValue;
+            }
+        }
+
+        return implode(';', $parameterParts);
+    }
+
+    /**
+     * Checks if a given header item (range) matches a queried item (value).
+     *
+     * @param AcceptHeaderItem $item      The item from the Accept header (e.g., text/*;format=flowed)
+     * @param AcceptHeaderItem $queryItem The item being queried (e.g., text/plain;format=flowed;charset=utf-8)
+     */
+    private function matches(AcceptHeaderItem $item, AcceptHeaderItem $queryItem): bool
+    {
+        $requestedValue = $queryItem->getValue();
+        if (!str_contains($requestedValue, '/')) {
+            // Charset/Language: exact or *
+            $rangeValue = $item->getValue();
+
+            return strtolower($rangeValue) === strtolower($requestedValue) || '*' === strtolower($rangeValue) || '*/*' === strtolower($rangeValue);
+        }
+        // Media type
+        [$requestedType, $requestedSubtype] = explode('/', $requestedValue, 2);
+        if (!$requestedSubtype) {
+            return false;
+        }
+        $rangeValue = $item->getValue();
+        [$rangeType, $rangeSubtype] = explode('/', $rangeValue, 2) + ['', '*'];
+        if ('*' !== $rangeType && strtolower($rangeType) !== strtolower($requestedType)) {
+            return false;
+        }
+        if ('*' !== $rangeSubtype && strtolower($rangeSubtype) !== strtolower($requestedSubtype)) {
+            return false;
+        }
+        // Check params: range params must be matched by value params
+        $requestedAttributes = $queryItem->getAttributes();
+        $normalizedRequestedAttrs = [];
+        foreach ($requestedAttributes as $name => $val) {
+            $normalizedRequestedAttrs[strtolower($name)] = $val;
+        }
+        $itemAttributes = $item->getAttributes();
+        foreach ($itemAttributes as $name => $val) {
+            $lowerName = strtolower($name);
+            if ('q' === $lowerName) {
+                continue;
+            }
+            if (!\array_key_exists($lowerName, $normalizedRequestedAttrs) || $normalizedRequestedAttrs[$lowerName] !== $val) {
+                return false;
+            }
+        }
+
+        return true;
+    }
+
+    /**
+     * Calculates a specificity score for a given item against a query.
+     *
+     * @param AcceptHeaderItem $item      The item from the Accept header
+     * @param AcceptHeaderItem $queryItem The item being queried
+     */
+    private function getSpecificity(AcceptHeaderItem $item, AcceptHeaderItem $queryItem): int
+    {
+        $requestedValue = $queryItem->getValue();
+        if (!str_contains($requestedValue, '/')) {
+            return strtolower($item->getValue()) === strtolower($requestedValue) ? 2 : 1;
+        }
+        [$rangeType, $rangeSubtype] = explode('/', strtolower($item->getValue()), 2) + ['', '*'];
+        $specificity = 0;
+        if ('*' !== $rangeSubtype) {
+            $specificity = 3;
+        } elseif ('*' !== $rangeType) {
+            $specificity = 2;
+        } else {
+            $specificity = 1;
+        }
+
+        // Add parameter count to specificity (shifted to allow for type/subtype precedence)
+        $paramCount = \count($this->getMediaParams($item));
+
+        return ($specificity * 1000) + $paramCount;
+    }
+
+    /**
+     * Returns all attributes of an item, excluding the quality ('q') parameter.
+     *
+     * @return array<string, mixed>
+     */
+    private function getMediaParams(AcceptHeaderItem $item): array
+    {
+        return array_filter($item->getAttributes(), fn ($k) => 'q' !== strtolower($k), \ARRAY_FILTER_USE_KEY);
+    }
 }
diff --git a/src/Symfony/Component/HttpFoundation/Tests/AcceptHeaderTest.php b/src/Symfony/Component/HttpFoundation/Tests/AcceptHeaderTest.php
@@ -100,6 +100,8 @@ public static function provideSortingData()
             'quality has priority' => ['*;q=0.3,ISO-8859-1,utf-8;q=0.7', ['ISO-8859-1', 'utf-8', '*']],
             'order matters when q is equal' => ['*;q=0.3,ISO-8859-1;q=0.7,utf-8;q=0.7', ['ISO-8859-1', 'utf-8', '*']],
             'order matters when q is equal2' => ['*;q=0.3,utf-8;q=0.7,ISO-8859-1;q=0.7', ['utf-8', 'ISO-8859-1', '*']],
+            'additional attributes like "format" should be handled according RFC 9110' => ['text/*;q=0.3, text/plain;q=0.7, text/plain;format=flowed, text/plain;format=fixed;q=0.4, */*;q=0.5', ['text/plain;format=flowed', 'text/plain', '*/*', 'text/plain;format=fixed', 'text/*']],
+            'additional attributes like "format" should be handled according obsoleted RFC 7231 as well' => ['text/*;q=0.3, text/html;q=0.7, text/html;level=1, text/html;level=2;q=0.4, */*;q=0.5', ['text/html;level=1', 'text/html', '*/*', 'text/html;level=2', 'text/*']],
         ];
     }
 
@@ -109,7 +111,7 @@ public static function provideSortingData()
     public function testDefaultValue($acceptHeader, $value, $expectedQuality)
     {
         $header = AcceptHeader::fromString($acceptHeader);
-        $this->assertSame($expectedQuality, $header->get($value)->getQuality());
+        $this->assertSame($expectedQuality, $header->get($value)?->getQuality());
     }
 
     public static function provideDefaultValueData()
@@ -128,5 +130,70 @@ public static function provideDefaultValueData()
         yield ['*;q=0.3, ISO-8859-1;q=0.7, utf-8;q=0.7', '*', 0.3];
         yield ['*;q=0.3, ISO-8859-1;q=0.7, utf-8;q=0.7', 'utf-8', 0.7];
         yield ['*;q=0.3, ISO-8859-1;q=0.7, utf-8;q=0.7', 'SHIFT_JIS', 0.3];
+        yield 'additional attributes like "format" should be handled according RFC 9110' => ['text/*;q=0.3, text/plain;q=0.7, text/plain;format=flowed, text/plain;format=fixed;q=0.4, */*;q=0.5', 'text/plain;format=flowed', 1.0];
+        yield 'additional attributes like "format" should be handled according obsoleted RFC 7231 as well' => ['text/*;q=0.3, text/html;q=0.7, text/html;level=1, text/html;level=2;q=0.4, */*;q=0.5', 'text/html;level=1', 1.0];
+
+        // Edge cases for case-insensitivity
+        yield 'case-insensitive param names' => ['text/plain;format=flowed;q=0.8, text/plain;Format=fixed', 'text/plain;format=fixed', 1.0];
+        yield 'case-insensitive charset' => ['text/plain;Charset=utf-8', 'text/plain;charset=utf-8', 1.0];
+        yield 'case-sensitive value no match' => ['text/plain;charset=UTF-8', 'text/plain;charset=utf-8', null];
+
+        // Quoted values and specials
+        yield 'quoted value with space' => ['text/plain;param="value with space"', 'text/plain;param="value with space"', 1.0];
+        yield 'quoted value with backslash' => ['text/plain;param="value\\with\\backslash"', 'text/plain;param="value\\with\\backslash"', 1.0];
+        yield 'mismatched quoted' => ['text/plain;param="value with space"', 'text/plain;param=value with space', 1.0];
+
+        // Flag params or empty
+        yield 'flag param' => ['text/plain;flowed;q=0.9', 'text/plain;flowed', 0.9];
+        yield 'empty param value' => ['text/plain;param=', 'text/plain;param=""', 1.0];
+        yield 'missing required flag' => ['text/plain;flowed', 'text/plain', null];
+
+        // Extra params in query
+        yield 'extra param in query' => ['text/plain;format=flowed', 'text/plain;format=flowed;charset=utf-8', 1.0];
+        yield 'missing required param in query' => ['text/plain;format=flowed', 'text/plain;charset=utf-8', null];
+        yield 'wildcard with param' => ['text/*;format=flowed', 'text/plain;format=flowed', 1.0];
+        yield 'wildcard missing param' => ['text/*;format=flowed', 'text/plain', null];
+
+        // Wildcards and specificity
+        yield 'specificity priority' => ['*/*;q=0.1, text/*;format=flowed;q=0.5, text/plain;q=0.8', 'text/plain;format=flowed', 0.8];
+        yield 'wildcard with param match' => ['*/*;param=test', 'text/plain;param=test', 1.0];
+        yield 'wildcard with param no match' => ['*/*;param=test', 'text/plain', null];
+
+        // Non-media types
+        yield 'charset wildcard' => ['utf-8;q=0.9, *;q=0.5', 'iso-8859-1', 0.5];
+        yield 'language star' => ['*;q=0.5', 'en-US', 0.5];
+        yield 'non-media */*' => ['*/*;q=0.5', 'utf-8', 0.5];
+
+        // Ties and duplicates
+        yield 'duplicate params tie on index' => ['text/plain;format=flowed;q=0.8, text/plain;format=flowed;q=0.8', 'text/plain;format=flowed', 0.8];
+        yield 'param count tie' => ['text/plain;q=0.5, text/plain;format=flowed;q=0.5', 'text/plain;format=flowed;extra=foo', 0.5];
+
+        // Invalid/malformed
+        yield 'non-media invalid' => ['text', 'text', 1.0];
+        yield 'invalid subtype' => ['text/', 'text/plain', null];
+        yield 'empty header' => ['', 'text/plain', null];
+
+        // Mixed case types
+        yield 'mixed case type' => ['Text/Plain;Format=flowed', 'text/plain;format=flowed', 1.0];
+        yield 'mixed case charset' => ['UTF-8;q=0.9', 'utf-8', 0.9];
+    }
+
+    public function testPerformanceWithLargeHeader()
+    {
+        $largeHeader = [];
+        for ($i = 0; $i < 100; ++$i) {
+            $largeHeader[] = "text/plain;param{$i}=value;q=0.5";
+        }
+        $headerString = implode(', ', $largeHeader);
+        $header = AcceptHeader::fromString($headerString);
+
+        $start = microtime(true);
+        for ($j = 0; $j < 1000; ++$j) {
+            $header->get('text/plain;param50=value');
+        }
+        $duration = microtime(true) - $start;
+
+        // No assert, just for manual check; should be < 1s
+        $this->assertLessThan(1.0, $duration, 'Performance test for large header');
     }
 }
