3 All notable changes to this project will be documented in this file, in reverse chronological order by release.
13 - [#325](https://github.com/zendframework/zend-diactoros/pull/325) changes the behavior of `ServerRequest::withParsedBody()`. Per
14 - PSR-7, it now no longer allows values other than `null`, arrays, or objects.
16 - [#325](https://github.com/zendframework/zend-diactoros/pull/325) changes the behavior of each of `Request`, `ServerRequest`, and
17 `Response` in relation to the validation of header values. Previously, we
18 allowed empty arrays to be provided via `withHeader()`; however, this was
19 contrary to the PSR-7 specification. Empty arrays are no longer allowed.
31 - [#325](https://github.com/zendframework/zend-diactoros/pull/325) ensures that `Uri::withUserInfo()` no longer ignores values of
34 - [#325](https://github.com/zendframework/zend-diactoros/pull/325) fixes how header values are merged when calling
35 `withAddedHeader()`, ensuring that array keys are ignored.
57 - [#324](https://github.com/zendframework/zend-diactoros/pull/324) fixes a reference
58 to an undefined variable in the `ServerRequestFactory`, which made it
59 impossible to fetch a specific header by name.
69 - This release modifies how `ServerRequestFactory` marshals the request URI. In
70 prior releases, we would attempt to inspect the `X-Rewrite-Url` and
71 `X-Original-Url` headers, using their values, if present. These headers are
72 issued by the ISAPI_Rewrite module for IIS (developed by HeliconTech).
73 However, we have no way of guaranteeing that the module is what issued the
74 headers, making it an unreliable source for discovering the URI. As such, we
75 have removed this feature in this release of Diactoros.
77 If you are developing a middleware application, you can mimic the
78 functionality via middleware as follows:
81 use Psr\Http\Message\ResponseInterface;
82 use Psr\Http\Message\ServerRequestInterface;
83 use Psr\Http\Server\RequestHandlerInterface;
84 use Zend\Diactoros\Uri;
86 public function process(ServerRequestInterface $request, RequestHandlerInterface $handler) : ResponseInterface
90 $httpXRewriteUrl = $request->getHeaderLine('X-Rewrite-Url');
91 if ($httpXRewriteUrl !== null) {
92 $requestUri = $httpXRewriteUrl;
95 $httpXOriginalUrl = $request->getHeaderLine('X-Original-Url');
96 if ($httpXOriginalUrl !== null) {
97 $requestUri = $httpXOriginalUrl;
100 if ($requestUri !== null) {
101 $request = $request->withUri(new Uri($requestUri));
104 return $handler->handle($request);
108 If you use middleware such as the above, make sure you also instruct your web
109 server to strip any incoming headers of the same name so that you can
110 guarantee they are issued by the ISAPI_Rewrite module.
124 ## 1.8.3 - 2018-07-24
144 - [#321](https://github.com/zendframework/zend-diactoros/pull/321) updates the logic in `Uri::withPort()` to ensure that it checks that the
145 value provided is either an integer or a string integer, as only those values
146 may be cast to integer without data loss.
148 - [#320](https://github.com/zendframework/zend-diactoros/pull/320) adds checking within `Response` to ensure that the provided reason
149 phrase is a string; an `InvalidArgumentException` is now raised if it is not. This change
150 ensures the class adheres strictly to the PSR-7 specification.
152 - [#319](https://github.com/zendframework/zend-diactoros/pull/319) provides a fix to `Zend\Diactoros\Response` that ensures that the status
153 code returned is _always_ an integer (and never a string containing an
154 integer), thus ensuring it strictly adheres to the PSR-7 specification.
156 ## 1.8.2 - 2018-07-19
176 - [#318](https://github.com/zendframework/zend-diactoros/pull/318) fixes the logic for discovering whether an HTTPS scheme is in play
177 to be case insensitive when comparing header and SAPI values, ensuring no
178 false negative lookups occur.
180 - [#314](https://github.com/zendframework/zend-diactoros/pull/314) modifies error handling around opening a file resource within
181 `Zend\Diactoros\Stream::setStream()` to no longer use the second argument to
182 `set_error_handler()`, and instead check the error type in the handler itself;
183 this fixes an issue when the handler is nested inside another error handler,
184 which currently has buggy behavior within the PHP engine.
186 ## 1.8.1 - 2018-07-09
194 - [#313](https://github.com/zendframework/zend-diactoros/pull/313) changes the reason phrase associated with the status code 425
195 to "Too Early", corresponding to a new definition of the code as specified by the IANA.
207 - [#312](https://github.com/zendframework/zend-diactoros/pull/312) fixes how the `normalizeUploadedFiles()` utility function handles nested trees of
208 uploaded files, ensuring it detects them properly.
210 ## 1.8.0 - 2018-06-27
214 - [#307](https://github.com/zendframework/zend-diactoros/pull/307) adds the following functions under the `Zend\Diactoros` namespace, each of
215 which may be used to derive artifacts from SAPI supergloabls for the purposes
216 of generating a `ServerRequest` instance:
217 - `normalizeServer(array $server, callable $apacheRequestHeaderCallback = null) : array`
218 (main purpose is to aggregate the `Authorization` header in the SAPI params
220 - `marshalProtocolVersionFromSapi(array $server) : string`
221 - `marshalMethodFromSapi(array $server) : string`
222 - `marshalUriFromSapi(array $server, array $headers) : Uri`
223 - `marshalHeadersFromSapi(array $server) : array`
224 - `parseCookieHeader(string $header) : array`
225 - `createUploadedFile(array $spec) : UploadedFile` (creates the instance from
226 a normal `$_FILES` entry)
227 - `normalizeUploadedFiles(array $files) : UploadedFileInterface[]` (traverses
228 a potentially nested array of uploaded file instances and/or `$_FILES`
229 entries, including those aggregated under mod_php, php-fpm, and php-cgi in
230 order to create a flat array of `UploadedFileInterface` instances to use in a
239 - [#307](https://github.com/zendframework/zend-diactoros/pull/307) deprecates `ServerRequestFactory::normalizeServer()`; the method is
240 no longer used internally, and users should instead use `Zend\Diactoros\normalizeServer()`,
243 - [#307](https://github.com/zendframework/zend-diactoros/pull/307) deprecates `ServerRequestFactory::marshalHeaders()`; the method is
244 no longer used internally, and users should instead use `Zend\Diactoros\marshalHeadersFromSapi()`,
247 - [#307](https://github.com/zendframework/zend-diactoros/pull/307) deprecates `ServerRequestFactory::marshalUriFromServer()`; the method
248 is no longer used internally. Users should use `marshalUriFromSapi()` instead.
250 - [#307](https://github.com/zendframework/zend-diactoros/pull/307) deprecates `ServerRequestFactory::marshalRequestUri()`. the method is no longer
251 used internally, and currently proxies to `marshalUriFromSapi()`, pulling the
252 discovered path from the `Uri` instance returned by that function. Users
253 should use `marshalUriFromSapi()` instead.
255 - [#307](https://github.com/zendframework/zend-diactoros/pull/307) deprecates `ServerRequestFactory::marshalHostAndPortFromHeaders()`; the method
256 is no longer used internally, and currently proxies to `marshalUriFromSapi()`,
257 pulling the discovered host and port from the `Uri` instance returned by that
258 function. Users should use `marshalUriFromSapi()` instead.
260 - [#307](https://github.com/zendframework/zend-diactoros/pull/307) deprecates `ServerRequestFactory::getHeader()`; the method is no longer
261 used internally. Users should copy and paste the functionality into their own
262 applications if needed, or rely on headers from a fully-populated `Uri`
265 - [#307](https://github.com/zendframework/zend-diactoros/pull/307) deprecates `ServerRequestFactory::stripQueryString()`; the method is no longer
266 used internally, and users can mimic the functionality via the expression
267 `$path = explode('?', $path, 2)[0];`.
269 - [#307](https://github.com/zendframework/zend-diactoros/pull/307) deprecates `ServerRequestFactory::normalizeFiles()`; the functionality
270 is no longer used internally, and users can use `normalizeUploadedFiles()` as
273 - [#303](https://github.com/zendframework/zend-diactoros/pull/303) deprecates `Zend\Diactoros\Response\EmitterInterface` and its various implementations. These are now provided via the
274 [zendframework/zend-httphandlerrunner](https://docs.zendframework.com/zend-httphandlerrunner) package as 1:1 substitutions.
276 - [#303](https://github.com/zendframework/zend-diactoros/pull/303) deprecates the `Zend\Diactoros\Server` class. Users are directed to the `RequestHandlerRunner` class from the
277 [zendframework/zend-httphandlerrunner](https://docs.zendframework.com/zend-httphandlerrunner) package as an alternative.
287 ## 1.7.2 - 2018-05-29
307 - [#301](https://github.com/zendframework/zend-diactoros/pull/301) adds stricter comparisons within the `uri` class to ensure non-empty
308 values are not treated as empty.
310 ## 1.7.1 - 2018-02-26
318 - [#293](https://github.com/zendframework/zend-diactoros/pull/293) updates
319 `Uri::getHost()` to cast the value via `strtolower()` before returning it.
320 While this represents a change, it is fixing a bug in our implementation:
321 the PSR-7 specification for the method, which follows IETF RFC 3986 section
322 3.2.2, requires that the host name be normalized to lowercase.
334 - [#290](https://github.com/zendframework/zend-diactoros/pull/290) fixes
335 `Stream::getSize()` such that it checks that the result of `fstat` was
336 succesful before attempting to return its `size` member; in the case of an
337 error, it now returns `null`.
339 ## 1.7.0 - 2018-01-04
343 - [#285](https://github.com/zendframework/zend-diactoros/pull/285) adds a new
344 custom response type, `Zend\Diactoros\Response\XmlResponse`, for generating
345 responses representing XML. Usage is the same as with the `HtmlResponse` or
346 `TextResponse`; the response generated will have a `Content-Type:
347 application/xml` header by default.
349 - [#280](https://github.com/zendframework/zend-diactoros/pull/280) adds the
350 response status code/phrase pairing "103 Early Hints" to the
351 `Response::$phrases` property. This is a new status proposed via
352 [RFC 8297](https://datatracker.ietf.org/doc/rfc8297/).
354 - [#279](https://github.com/zendframework/zend-diactoros/pull/279) adds explicit
355 support for PHP 7.2; previously, we'd allowed build failures, though none
356 occured; we now require PHP 7.2 builds to pass.
374 ## 1.6.1 - 2017-10-12
382 - [#273](https://github.com/zendframework/zend-diactoros/pull/273) updates each
383 of the SAPI emitter implementations to emit the status line after emitting
384 other headers; this is done to ensure that the status line is not overridden
397 - [#273](https://github.com/zendframework/zend-diactoros/pull/273) modifies how
398 the `SapiEmitterTrait` calls `header()` to ensure that a response code is
399 _always_ passed as the third argument; this is done to prevent PHP from
400 silently overriding it.
402 ## 1.6.0 - 2017-09-13
410 - [#270](https://github.com/zendframework/zend-diactoros/pull/270) changes the
411 behavior of `Zend\Diactoros\Server`: it no longer creates an output buffer.
413 - [#270](https://github.com/zendframework/zend-diactoros/pull/270) changes the
414 behavior of the two SAPI emitters in two backwards-incompatible ways:
416 - They no longer auto-inject a `Content-Length` header. If you need this
417 functionality, zendframework/zend-expressive-helpers 4.1+ provides it via
418 `Zend\Expressive\Helper\ContentLengthMiddleware`.
420 - They no longer flush the output buffer. Instead, if headers have been sent,
421 or the output buffer exists and has a non-zero length, the emitters raise an
422 exception, as mixed PSR-7/output buffer content creates a blocking issue.
423 If you are emitting content via `echo`, `print`, `var_dump`, etc., or not
424 catching PHP errors or exceptions, you will need to either fix your
425 application to always work with a PSR-7 response, or provide your own
426 emitters that allow mixed output mechanisms.
440 ## 1.5.0 - 2017-08-22
444 - [#205](https://github.com/zendframework/zend-diactoros/pull/205) adds support
447 - [#250](https://github.com/zendframework/zend-diactoros/pull/250) adds a new
448 API to `JsonResponse` to avoid the need for decoding the response body in
449 order to make changes to the underlying content. New methods include:
450 - `getPayload()`: retrieve the unencoded payload.
451 - `withPayload($data)`: create a new instance with the given data.
452 - `getEncodingOptions()`: retrieve the flags to use when encoding the payload
454 - `withEncodingOptions(int $encodingOptions)`: create a new instance that uses
455 the provided flags when encoding the payload to JSON.
459 - [#249](https://github.com/zendframework/zend-diactoros/pull/249) changes the
460 behavior of the various `Uri::with*()` methods slightly: if the value
461 represents no change, these methods will return the same instance instead of a
464 - [#248](https://github.com/zendframework/zend-diactoros/pull/248) changes the
465 behavior of `Uri::getUserInfo()` slightly: it now (correctly) returns the
466 percent-encoded values for the user and/or password, per RFC 3986 Section
467 3.2.1. `withUserInfo()` will percent-encode values, using a mechanism that
468 prevents double-encoding.
470 - [#243](https://github.com/zendframework/zend-diactoros/pull/243) changes the
471 exception messages thrown by `UploadedFile::getStream()` and `moveTo()` when
472 an upload error exists to include details about the upload error.
474 - [#233](https://github.com/zendframework/zend-diactoros/pull/233) adds a new
475 argument to `SapiStreamEmitter::emit`, `$maxBufferLevel` **between** the
476 `$response` and `$maxBufferLength` arguments. This was done because the
477 `Server::listen()` method passes only the response and `$maxBufferLevel` to
478 emitters; previously, this often meant that streams were being chunked 2 bytes
479 at a time versus the expected default of 8kb.
481 If you were calling the `SapiStreamEmitter::emit()` method manually
482 previously, you will need to update your code.
490 - [#205](https://github.com/zendframework/zend-diactoros/pull/205) and
491 [#243](https://github.com/zendframework/zend-diactoros/pull/243) **remove
492 support for PHP versions prior to 5.6 as well as HHVM**.
496 - [#248](https://github.com/zendframework/zend-diactoros/pull/248) fixes how the
497 `Uri` class provides user-info within the URI authority; the value is now
498 correctly percent-encoded , per RFC 3986 Section 3.2.1.
500 ## 1.4.1 - 2017-08-17
512 - [#260](https://github.com/zendframework/zend-diactoros/pull/260) removes
513 support for HHVM, as tests have failed against it for some time.
517 - [#247](https://github.com/zendframework/zend-diactoros/pull/247) fixes the
518 `Stream` and `RelativeStream` `__toString()` method implementations to check
519 if the stream `isSeekable()` before attempting to `rewind()` it, ensuring that
520 the method does not raise exceptions (PHP does not allow exceptions in that
521 method). In particular, this fixes an issue when using AWS S3 streams.
523 - [#252](https://github.com/zendframework/zend-diactoros/pull/252) provides a
524 fix to the `SapiEmitterTrait` to ensure that any `Set-Cookie` headers in the
525 response instance do not override those set by PHP when a session is created
528 - [#257](https://github.com/zendframework/zend-diactoros/pull/257) provides a
529 fix for the `PhpInputStream::read()` method to ensure string content that
530 evaluates as empty (including `0`) is still cached.
532 - [#258](https://github.com/zendframework/zend-diactoros/pull/258) updates the
533 `Uri::filterPath()` method to allow parens within a URI path, per [RFC 3986
534 section 3.3](https://tools.ietf.org/html/rfc3986#section-3.3) (parens are
535 within the character set "sub-delims").
537 ## 1.4.0 - 2017-04-06
541 - [#219](https://github.com/zendframework/zend-diactoros/pull/219) adds two new
542 classes, `Zend\Diactoros\Request\ArraySerializer` and
543 `Zend\Diactoros\Response\ArraySerializer`. Each exposes the static methods
544 `toArray()` and `fromArray()`, allowing de/serialization of messages from and
547 - [#236](https://github.com/zendframework/zend-diactoros/pull/236) adds two new
548 constants to the `Response` class: `MIN_STATUS_CODE_VALUE` and
549 `MAX_STATUS_CODE_VALUE`.
553 - [#240](https://github.com/zendframework/zend-diactoros/pull/240) changes the
554 behavior of `ServerRequestFactory::fromGlobals()` when no `$cookies` argument
555 is present. Previously, it would use `$_COOKIES`; now, if a `Cookie` header is
556 present, it will parse and use that to populate the instance instead.
558 This change allows utilizing cookies that contain period characters (`.`) in
559 their names (PHP's built-in cookie handling renames these to replace `.` with
560 `_`, which can lead to synchronization issues with clients).
562 - [#235](https://github.com/zendframework/zend-diactoros/pull/235) changes the
563 behavior of `Uri::__toString()` to better follow proscribed behavior in PSR-7.
564 In particular, prior to this release, if a scheme was missing but an authority
565 was present, the class was incorrectly returning a value that did not include
566 a `//` prefix. As of this release, it now does this correctly.
580 ## 1.3.11 - 2017-04-06
588 - [#241](https://github.com/zendframework/zend-diactoros/pull/241) changes the
589 constraint by which the package provides `psr/http-message-implementation` to
590 simply `1.0` instead of `~1.0.0`, to follow how other implementations provide
603 - [#161](https://github.com/zendframework/zend-diactoros/pull/161) adds
604 additional validations to header names and values to ensure no malformed values
607 - [#234](https://github.com/zendframework/zend-diactoros/pull/234) fixes a
608 number of reason phrases in the `Response` instance, and adds automation from
609 the canonical IANA sources to ensure any new phrases added are correct.
611 ## 1.3.10 - 2017-01-23
627 - [#226](https://github.com/zendframework/zend-diactoros/pull/226) fixed an
628 issue with the `SapiStreamEmitter` causing the response body to be cast
629 to `(string)` and also be read as a readable stream, potentially producing
632 ## 1.3.9 - 2017-01-17
648 - [#223](https://github.com/zendframework/zend-diactoros/issues/223)
649 [#224](https://github.com/zendframework/zend-diactoros/pull/224) fixed an issue
650 with the `SapiStreamEmitter` consuming too much memory when producing output
653 ## 1.3.8 - 2017-01-05
669 - [#222](https://github.com/zendframework/zend-diactoros/pull/222) fixes the
670 `SapiStreamEmitter`'s handling of the `Content-Range` header to properly only
671 emit a range of bytes if the header value is in the form `bytes {first-last}/length`.
672 This allows using other range units, such as `items`, without incorrectly
673 emitting truncated content.
675 ## 1.3.7 - 2016-10-11
679 - [#208](https://github.com/zendframework/zend-diactoros/pull/208) adds several
680 missing response codes to `Zend\Diactoros\Response`, including:
682 - 308 ('Permanent Redirect')
683 - 444 ('Connection Closed Without Response')
684 - 499 ('Client Closed Request')
685 - 510 ('Not Extended')
686 - 599 ('Network Connect Timeout Error')
687 - [#211](https://github.com/zendframework/zend-diactoros/pull/211) adds support
688 for UTF-8 characters in query strings handled by `Zend\Diactoros\Uri`.
702 ## 1.3.6 - 2016-09-07
706 - [#170](https://github.com/zendframework/zend-diactoros/pull/170) prepared
707 documentation for publication at https://zendframework.github.io/zend-diactoros/
708 - [#165](https://github.com/zendframework/zend-diactoros/pull/165) adds support
709 for Apache `REDIRECT_HTTP_*` header detection in the `ServerRequestFactory`.
710 - [#166](https://github.com/zendframework/zend-diactoros/pull/166) adds support
711 for UTF-8 characters in URI paths.
712 - [#204](https://github.com/zendframework/zend-diactoros/pull/204) adds testing
713 against PHP 7.1 release-candidate builds.
725 - [#186](https://github.com/zendframework/zend-diactoros/pull/186) fixes a typo
726 in a variable name within the `SapiStreamEmitter`.
727 - [#200](https://github.com/zendframework/zend-diactoros/pull/200) updates the
728 `SapiStreamEmitter` to implement a check for `isSeekable()` prior to attempts
729 to rewind; this allows it to work with non-seekable streams such as the
731 - [#169](https://github.com/zendframework/zend-diactoros/pull/169) ensures that
732 response serialization always provides a `\r\n\r\n` sequence following the
733 headers, even when no message body is present, to ensure it conforms with RFC
735 - [#175](https://github.com/zendframework/zend-diactoros/pull/175) updates the
736 `Request` class to set the `Host` header from the URI host if no header is
737 already present. (Ensures conformity with PSR-7 specification.)
738 - [#197](https://github.com/zendframework/zend-diactoros/pull/197) updates the
739 `Uri` class to ensure that string serialization does not include a colon after
740 the host name if no port is present in the instance.
742 ## 1.3.5 - 2016-03-17
758 - [#160](https://github.com/zendframework/zend-diactoros/pull/160) fixes HTTP
759 protocol detection in the `ServerRequestFactory` to work correctly with HTTP/2.
761 ## 1.3.4 - 2016-03-17
765 - [#119](https://github.com/zendframework/zend-diactoros/pull/119) adds the 451
766 (Unavailable for Legal Reasons) status code to the `Response` class.
778 - [#117](https://github.com/zendframework/zend-diactoros/pull/117) provides
779 validation of the HTTP protocol version.
780 - [#127](https://github.com/zendframework/zend-diactoros/pull/127) now properly
781 removes attributes with `null` values when calling `withoutAttribute()`.
782 - [#132](https://github.com/zendframework/zend-diactoros/pull/132) updates the
783 `ServerRequestFactory` to marshal the request path fragment, if present.
784 - [#142](https://github.com/zendframework/zend-diactoros/pull/142) updates the
785 exceptions thrown by `HeaderSecurity` to include the header name and/or
787 - [#148](https://github.com/zendframework/zend-diactoros/pull/148) fixes several
788 stream operations to ensure they raise exceptions when the internal pointer
789 is at an invalid position.
790 - [#151](https://github.com/zendframework/zend-diactoros/pull/151) ensures
791 URI fragments are properly encoded.
793 ## 1.3.3 - 2016-01-04
809 - [#135](https://github.com/zendframework/zend-diactoros/pull/135) fixes the
810 behavior of `ServerRequestFactory::marshalHeaders()` to no longer omit
811 `Cookie` headers from the aggregated headers. While the values are parsed and
812 injected into the cookie params, it's useful to have access to the raw headers
815 ## 1.3.2 - 2015-12-22
819 - [#124](https://github.com/zendframework/zend-diactoros/pull/124) adds four
820 more optional arguments to the `ServerRequest` constructor:
822 - `array $queryParams`
823 - `null|array|object $parsedBody`
824 - `string $protocolVersion`
825 `ServerRequestFactory` was updated to pass values for each of these parameters
826 when creating an instance, instead of using the related `with*()` methods on
839 - [#122](https://github.com/zendframework/zend-diactoros/pull/122) updates the
840 `ServerRequestFactory` to retrieve the HTTP protocol version and inject it in
841 the generated `ServerRequest`, which previously was not performed.
843 ## 1.3.1 - 2015-12-16
859 - [#113](https://github.com/zendframework/zend-diactoros/pull/113) fixes an
860 issue in the response serializer, ensuring that the status code in the
861 deserialized response is an integer.
862 - [#115](https://github.com/zendframework/zend-diactoros/pull/115) fixes an
863 issue in the various text-basd response types (`TextResponse`, `HtmlResponse`,
864 and `JsonResponse`); due to the fact that the constructor was not
865 rewinding the message body stream, `getContents()` was thus returning `null`,
866 as the pointer was at the end of the stream. The constructor now rewinds the
867 stream after populating it in the constructor.
869 ## 1.3.0 - 2015-12-15
873 - [#110](https://github.com/zendframework/zend-diactoros/pull/110) adds
874 `Zend\Diactoros\Response\SapiEmitterTrait`, which provides the following
875 private method definitions:
876 - `injectContentLength()`
881 The `SapiEmitter` implementation has been updated to remove those methods and
882 instead compose the trait.
883 - [#111](https://github.com/zendframework/zend-diactoros/pull/111) adds
884 a new emitter implementation, `SapiStreamEmitter`; this emitter type will
885 loop through the stream instead of emitting it in one go, and supports content
900 ## 1.2.1 - 2015-12-15
916 - [#101](https://github.com/zendframework/zend-diactoros/pull/101) fixes the
917 `withHeader()` implementation to ensure that if the header existed previously
918 but using a different casing strategy, the previous version will be removed
919 in the cloned instance.
920 - [#103](https://github.com/zendframework/zend-diactoros/pull/103) fixes the
921 constructor of `Response` to ensure that null status codes are not possible.
922 - [#99](https://github.com/zendframework/zend-diactoros/pull/99) fixes
923 validation of header values submitted via request and response constructors as
925 - numeric (integer and float) values are now properly allowed (this solves
926 some reported issues with setting Content-Length headers)
927 - invalid header names (non-string values or empty strings) now raise an
929 - invalid individual header values (non-string, non-numeric) now raise an
932 ## 1.2.0 - 2015-11-24
936 - [#88](https://github.com/zendframework/zend-diactoros/pull/88) updates the
937 `SapiEmitter` to emit a `Content-Length` header with the content length as
938 reported by the response body stream, assuming that
939 `StreamInterface::getSize()` returns an integer.
940 - [#77](https://github.com/zendframework/zend-diactoros/pull/77) adds a new
941 response type, `Zend\Diactoros\Response\TextResponse`, for returning plain
942 text responses. By default, it sets the content type to `text/plain;
943 charset=utf-8`; per the other response types, the signature is `new
944 TextResponse($text, $status = 200, array $headers = [])`.
945 - [#90](https://github.com/zendframework/zend-diactoros/pull/90) adds a new
946 `Zend\Diactoros\CallbackStream`, allowing you to back a stream with a PHP
947 callable (such as a generator) to generate the message content. Its
948 constructor accepts the callable: `$stream = new CallbackStream($callable);`
960 - [#77](https://github.com/zendframework/zend-diactoros/pull/77) updates the
961 `HtmlResponse` to set the charset to utf-8 by default (if no content type
962 header is provided at instantiation).
964 ## 1.1.4 - 2015-10-16
968 - [#98](https://github.com/zendframework/zend-diactoros/pull/98) adds
969 `JSON_UNESCAPED_SLASHES` to the default `json_encode` flags used by
970 `Zend\Diactoros\Response\JsonResponse`.
982 - [#96](https://github.com/zendframework/zend-diactoros/pull/96) updates
983 `withPort()` to allow `null` port values (indicating usage of default for
985 - [#91](https://github.com/zendframework/zend-diactoros/pull/91) fixes the
986 logic of `withUri()` to do a case-insensitive check for an existing `Host`
987 header, replacing it with the new one.
989 ## 1.1.3 - 2015-08-10
993 - [#73](https://github.com/zendframework/zend-diactoros/pull/73) adds caching of
994 the vendor directory to the Travis-CI configuration, to speed up builds.
1006 - [#71](https://github.com/zendframework/zend-diactoros/pull/71) fixes the
1007 docblock of the `JsonResponse` constructor to typehint the `$data` argument
1009 - [#73](https://github.com/zendframework/zend-diactoros/pull/73) changes the
1010 behavior in `Request` such that if it marshals a stream during instantiation,
1011 the stream is marked as writeable (specifically, mode `wb+`).
1012 - [#85](https://github.com/zendframework/zend-diactoros/pull/85) updates the
1013 behavior of `Zend\Diactoros\Uri`'s various `with*()` methods that are
1014 documented as accepting strings to raise exceptions on non-string input.
1015 Previously, several simply passed non-string input on verbatim, others
1016 normalized the input, and a few correctly raised the exceptions. Behavior is
1017 now consistent across each.
1018 - [#87](https://github.com/zendframework/zend-diactoros/pull/87) fixes
1019 `UploadedFile` to ensure that `moveTo()` works correctly in non-SAPI
1020 environments when the file provided to the constructor is a path.
1022 ## 1.1.2 - 2015-07-12
1038 - [#67](https://github.com/zendframework/zend-diactoros/pull/67) ensures that
1039 the `Stream` class only accepts `stream` resources, not any resource.
1041 ## 1.1.1 - 2015-06-25
1057 - [#64](https://github.com/zendframework/zend-diactoros/pull/64) fixes the
1058 behavior of `JsonResponse` with regards to serialization of `null` and scalar
1059 values; the new behavior is to serialize them verbatim, without any casting.
1061 ## 1.1.0 - 2015-06-24
1065 - [#52](https://github.com/zendframework/zend-diactoros/pull/52),
1066 [#58](https://github.com/zendframework/zend-diactoros/pull/58),
1067 [#59](https://github.com/zendframework/zend-diactoros/pull/59), and
1068 [#61](https://github.com/zendframework/zend-diactoros/pull/61) create several
1069 custom response types for simplifying response creation:
1071 - `Zend\Diactoros\Response\HtmlResponse` accepts HTML content via its
1072 constructor, and sets the `Content-Type` to `text/html`.
1073 - `Zend\Diactoros\Response\JsonResponse` accepts data to serialize to JSON via
1074 its constructor, and sets the `Content-Type` to `application/json`.
1075 - `Zend\Diactoros\Response\EmptyResponse` allows creating empty, read-only
1076 responses, with a default status code of 204.
1077 - `Zend\Diactoros\Response\RedirectResponse` allows specifying a URI for the
1078 `Location` header in the constructor, with a default status code of 302.
1080 Each also accepts an optional status code, and optional headers (which can
1081 also be used to provide an alternate `Content-Type` in the case of the HTML
1082 and JSON responses).
1090 - [#43](https://github.com/zendframework/zend-diactoros/pull/43) removed both
1091 `ServerRequestFactory::marshalUri()` and `ServerRequestFactory::marshalHostAndPort()`,
1092 which were deprecated prior to the 1.0 release.
1096 - [#29](https://github.com/zendframework/zend-diactoros/pull/29) fixes request
1097 method validation to allow any valid token as defined by [RFC
1098 7230](http://tools.ietf.org/html/rfc7230#appendix-B). This allows usage of
1099 custom request methods, vs a static, hard-coded list.
1101 ## 1.0.5 - 2015-06-24
1117 - [#60](https://github.com/zendframework/zend-diactoros/pull/60) fixes
1118 the behavior of `UploadedFile` when the `$errorStatus` provided at
1119 instantiation is not `UPLOAD_ERR_OK`. Prior to the fix, an
1120 `InvalidArgumentException` would occur at instantiation due to the fact that
1121 the upload file was missing or invalid. With the fix, no exception is raised
1122 until a call to `moveTo()` or `getStream()` is made.
1124 ## 1.0.4 - 2015-06-23
1126 This is a security release.
1128 A patch has been applied to `Zend\Diactoros\Uri::filterPath()` that ensures that
1129 paths can only begin with a single leading slash. This prevents the following
1130 potential security issues:
1132 - XSS vectors. If the URI path is used for links or form targets, this prevents
1133 cases where the first segment of the path resembles a domain name, thus
1134 creating scheme-relative links such as `//example.com/foo`. With the patch,
1135 the leading double slash is reduced to a single slash, preventing the XSS
1137 - Open redirects. If the URI path is used for `Location` or `Link` headers,
1138 without a scheme and authority, potential for open redirects exist if clients
1139 do not prepend the scheme and authority. Again, preventing a double slash
1140 corrects the vector.
1142 If you are using `Zend\Diactoros\Uri` for creating links, form targets, or
1143 redirect paths, and only using the path segment, we recommend upgrading
1148 - [#25](https://github.com/zendframework/zend-diactoros/pull/25) adds
1149 documentation. Documentation is written in markdown, and can be converted to
1150 HTML using [bookdown](http://bookdown.io). New features now MUST include
1151 documentation for acceptance.
1163 - [#51](https://github.com/zendframework/zend-diactoros/pull/51) fixes
1164 `MessageTrait::getHeaderLine()` to return an empty string instead of `null` if
1165 the header is undefined (which is the behavior specified in PSR-7).
1166 - [#57](https://github.com/zendframework/zend-diactoros/pull/57) fixes the
1167 behavior of how the `ServerRequestFactory` marshals upload files when they are
1168 represented as a nested associative array.
1169 - [#49](https://github.com/zendframework/zend-diactoros/pull/49) provides several
1170 fixes that ensure that Diactoros complies with the PSR-7 specification:
1171 - `MessageInterface::getHeaderLine()` MUST return a string (that string CAN be
1172 empty). Previously, Diactoros would return `null`.
1173 - If no `Host` header is set, the `$preserveHost` flag MUST be ignored when
1174 calling `withUri()` (previously, Diactoros would not set the `Host` header
1175 if `$preserveHost` was `true`, but no `Host` header was present).
1176 - The request method MUST be a string; it CAN be empty. Previously, Diactoros
1177 would return `null`.
1178 - The request MUST return a `UriInterface` instance from `getUri()`; that
1179 instance CAN be empty. Previously, Diactoros would return `null`; now it
1180 lazy-instantiates an empty `Uri` instance on initialization.
1181 - [ZF2015-05](http://framework.zend.com/security/advisory/ZF2015-05) was
1182 addressed by altering `Uri::filterPath()` to prevent emitting a path prepended
1183 with multiple slashes.
1185 ## 1.0.3 - 2015-06-04
1189 - [#48](https://github.com/zendframework/zend-diactoros/pull/48) drops the
1190 minimum supported PHP version to 5.4, to allow an easier upgrade path for
1191 Symfony 2.7 users, and potential Drupal 8 usage.
1205 ## 1.0.2 - 2015-06-04
1209 - [#27](https://github.com/zendframework/zend-diactoros/pull/27) adds phonetic
1210 pronunciation of "Diactoros" to the README file.
1211 - [#36](https://github.com/zendframework/zend-diactoros/pull/36) adds property
1212 annotations to the class-level docblock of `Zend\Diactoros\RequestTrait` to
1213 ensure properties inherited from the `MessageTrait` are inherited by
1226 - [#41](https://github.com/zendframework/zend-diactoros/pull/41) fixes the
1227 namespace for test files to begin with `ZendTest` instead of `Zend`.
1228 - [#46](https://github.com/zendframework/zend-diactoros/pull/46) ensures that
1229 the cookie and query params for the `ServerRequest` implementation are
1230 initialized as arrays.
1231 - [#47](https://github.com/zendframework/zend-diactoros/pull/47) modifies the
1232 internal logic in `HeaderSecurity::isValid()` to use a regular expression
1233 instead of character-by-character comparisons, improving performance.
1235 ## 1.0.1 - 2015-05-26
1239 - [#10](https://github.com/zendframework/zend-diactoros/pull/10) adds
1240 `Zend\Diactoros\RelativeStream`, which will return stream contents relative to
1241 a given offset (i.e., a subset of the stream). `AbstractSerializer` was
1242 updated to create a `RelativeStream` when creating the body of a message,
1243 which will prevent duplication of the stream in-memory.
1244 - [#21](https://github.com/zendframework/zend-diactoros/pull/21) adds a
1245 `.gitattributes` file that excludes directories and files not needed for
1246 production; this will further minify the package for production use cases.
1258 - [#9](https://github.com/zendframework/zend-diactoros/pull/9) ensures that
1259 attributes are initialized to an empty array, ensuring that attempts to
1260 retrieve single attributes when none are defined will not produce errors.
1261 - [#14](https://github.com/zendframework/zend-diactoros/pull/14) updates
1262 `Zend\Diactoros\Request` to use a `php://temp` stream by default instead of
1263 `php://memory`, to ensure requests do not create an out-of-memory condition.
1264 - [#15](https://github.com/zendframework/zend-diactoros/pull/15) updates
1265 `Zend\Diactoros\Stream` to ensure that write operations trigger an exception
1266 if the stream is not writeable. Additionally, it adds more robust logic for
1267 determining if a stream is writeable.
1269 ## 1.0.0 - 2015-05-21
1271 First stable release, and first release as `zend-diactoros`.