From 0ee57a7b43d0e61c16b2d6ae229ca9dfa9149538 Mon Sep 17 00:00:00 2001 From: heinrichschiller Date: Fri, 13 Jun 2025 11:32:14 +0200 Subject: [PATCH 1/7] Add support for PHP 8.4 and update test scripts --- composer.json | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/composer.json b/composer.json index 507a24e..8f3565f 100644 --- a/composer.json +++ b/composer.json @@ -11,15 +11,15 @@ ], "homepage": "https://github.com/selective-php/samesite-cookie", "require": { - "php": "^7.2 || ^8.0", + "php": "8.1.* || 8.2.* || 8.3.* || 8.4.*", "psr/http-message": "^1", "psr/http-server-handler": "^1", "psr/http-server-middleware": "^1" }, "require-dev": { "friendsofphp/php-cs-fixer": "^3", - "middlewares/utils": "^3", - "phpstan/phpstan": "^1", + "middlewares/utils": "^3 || ^4", + "phpstan/phpstan": "^1 || ^2", "phpunit/phpunit": "^10", "slim/psr7": "^1", "squizlabs/php_codesniffer": "^3" @@ -49,13 +49,16 @@ "sniffer:check": "phpcs --standard=phpcs.xml", "sniffer:fix": "phpcbf --standard=phpcs.xml", "stan": "phpstan analyse -c phpstan.neon --no-progress --ansi", - "test": "phpunit --configuration phpunit.xml --do-not-cache-result --colors=always", + "test": "phpunit --configuration phpunit.xml --do-not-cache-result --colors=always --display-warnings --display-deprecations --no-coverage", "test:all": [ "@cs:check", "@sniffer:check", "@stan", "@test" ], - "test:coverage": "php -d xdebug.mode=coverage -r \"require 'vendor/bin/phpunit';\" -- --configuration phpunit.xml --do-not-cache-result --colors=always --coverage-clover build/logs/clover.xml --coverage-html build/coverage" + "test:coverage": [ + "@putenv XDEBUG_MODE=coverage", + "phpunit --configuration phpunit.xml --do-not-cache-result --colors=always --display-warnings --display-deprecations --coverage-clover build/coverage/clover.xml --coverage-html build/coverage --coverage-text" + ] } } From 03e1792f6c042102211d67df1bc33d2280f307ad Mon Sep 17 00:00:00 2001 From: heinrichschiller Date: Fri, 13 Jun 2025 11:33:00 +0200 Subject: [PATCH 2/7] update license year --- LICENSE | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/LICENSE b/LICENSE index bf7a9a3..bfcf021 100644 --- a/LICENSE +++ b/LICENSE @@ -1,6 +1,6 @@ The MIT License (MIT) -Copyright (c) 2023 odan +Copyright (c) 2025 odan Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal From 6feedd8a89232a58997db5e09a3ef18569bd51fc Mon Sep 17 00:00:00 2001 From: heinrichschiller Date: Fri, 13 Jun 2025 11:34:59 +0200 Subject: [PATCH 3/7] update requirements --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 4924e44..64699bc 100644 --- a/README.md +++ b/README.md @@ -12,7 +12,7 @@ A PSR-15 middleware to secure your site with SameSite cookies :cookie: ## Requirements -* PHP 8.1+ +* PHP 8.1 - 8.4 ## Installation From 283f5754121f57da3118966e9c36c30e60e36171 Mon Sep 17 00:00:00 2001 From: heinrichschiller Date: Fri, 13 Jun 2025 12:52:05 +0200 Subject: [PATCH 4/7] PHPStan, getName() never returns null so it can be removed from the return type. --- src/PhpSessionHandler.php | 9 +++++++-- src/SessionHandlerInterface.php | 2 +- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/src/PhpSessionHandler.php b/src/PhpSessionHandler.php index fd70b19..eb4e214 100644 --- a/src/PhpSessionHandler.php +++ b/src/PhpSessionHandler.php @@ -26,9 +26,14 @@ public function start(): void /** * {@inheritDoc} */ - public function getName(): ?string + public function getName(): string|null { - return (string)session_name(); + $sessionName = session_name(); + if ($sessionName === false) { + $sessionName = null; + } + + return $sessionName; } /** diff --git a/src/SessionHandlerInterface.php b/src/SessionHandlerInterface.php index 6205b26..d94e80d 100644 --- a/src/SessionHandlerInterface.php +++ b/src/SessionHandlerInterface.php @@ -26,7 +26,7 @@ public function start(): void; * * @return string|null The name */ - public function getName(): ?string; + public function getName(): string|null; /** * Get cookie params. From 2bd44719532b7c68c7a25b3f835b5d3e1bd57ef0 Mon Sep 17 00:00:00 2001 From: heinrichschiller Date: Fri, 13 Jun 2025 12:52:51 +0200 Subject: [PATCH 5/7] Fix nullable types for PHP 8.4 --- src/SameSiteCookieMiddleware.php | 4 ++-- src/SameSiteSessionMiddleware.php | 5 +++-- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/src/SameSiteCookieMiddleware.php b/src/SameSiteCookieMiddleware.php index 703dcaa..fcf9c1b 100644 --- a/src/SameSiteCookieMiddleware.php +++ b/src/SameSiteCookieMiddleware.php @@ -30,8 +30,8 @@ final class SameSiteCookieMiddleware implements MiddlewareInterface * @param SessionHandlerInterface|null $sessionHandler The session handler */ public function __construct( - SameSiteCookieConfiguration $configuration = null, - SessionHandlerInterface $sessionHandler = null + ?SameSiteCookieConfiguration $configuration = null, + ?SessionHandlerInterface $sessionHandler = null ) { $this->configuration = $configuration ?: new SameSiteCookieConfiguration(); $this->sessionHandler = $sessionHandler ?: new PhpSessionHandler(); diff --git a/src/SameSiteSessionMiddleware.php b/src/SameSiteSessionMiddleware.php index 67b0112..fa85c23 100644 --- a/src/SameSiteSessionMiddleware.php +++ b/src/SameSiteSessionMiddleware.php @@ -22,8 +22,9 @@ final class SameSiteSessionMiddleware implements MiddlewareInterface * * @param SessionHandlerInterface|null $sessionHandler The session handler */ - public function __construct(SessionHandlerInterface $sessionHandler = null) - { + public function __construct( + ?SessionHandlerInterface $sessionHandler = null + ) { $this->sessionHandler = $sessionHandler ?: new PhpSessionHandler(); } From 6f5ee01d7efc292b62259bdfdf2cfc1e13ea1810 Mon Sep 17 00:00:00 2001 From: heinrichschiller Date: Fri, 13 Jun 2025 13:07:39 +0200 Subject: [PATCH 6/7] Revert "PHPStan, getName() never returns null so it can be removed from the return type." This reverts commit 283f5754121f57da3118966e9c36c30e60e36171. --- src/PhpSessionHandler.php | 9 ++------- src/SessionHandlerInterface.php | 2 +- 2 files changed, 3 insertions(+), 8 deletions(-) diff --git a/src/PhpSessionHandler.php b/src/PhpSessionHandler.php index eb4e214..fd70b19 100644 --- a/src/PhpSessionHandler.php +++ b/src/PhpSessionHandler.php @@ -26,14 +26,9 @@ public function start(): void /** * {@inheritDoc} */ - public function getName(): string|null + public function getName(): ?string { - $sessionName = session_name(); - if ($sessionName === false) { - $sessionName = null; - } - - return $sessionName; + return (string)session_name(); } /** diff --git a/src/SessionHandlerInterface.php b/src/SessionHandlerInterface.php index d94e80d..6205b26 100644 --- a/src/SessionHandlerInterface.php +++ b/src/SessionHandlerInterface.php @@ -26,7 +26,7 @@ public function start(): void; * * @return string|null The name */ - public function getName(): string|null; + public function getName(): ?string; /** * Get cookie params. From a001fcd8f7fd114880b2ddfee6f3ad69c0dc2a13 Mon Sep 17 00:00:00 2001 From: heinrichschiller Date: Fri, 13 Jun 2025 13:13:35 +0200 Subject: [PATCH 7/7] test with settings --- tests/SameSiteCookieMiddlewareTest.php | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/tests/SameSiteCookieMiddlewareTest.php b/tests/SameSiteCookieMiddlewareTest.php index dd34827..327e1d6 100644 --- a/tests/SameSiteCookieMiddlewareTest.php +++ b/tests/SameSiteCookieMiddlewareTest.php @@ -32,4 +32,29 @@ public function testDefaultConfiguration(): void $this->assertSame('PHPSESSID=v3absd19o9pi6cjvhb5pkmsfo9; path=/; Secure; HttpOnly; SameSite=Lax;', $cookie); $this->assertSame('', (string)$response->getBody()); } + + /** + * Test with own settings. + */ + public function testDefaultConfigurationWithOwnSettings(): void + { + $settings = [ + 'start_session' => true, + 'same_site' => 'Strict', + 'http_only' => false, + ]; + + $configuration = new SameSiteCookieConfiguration($settings); + + session_id('v3absd19o9pi6cjvhb5pkmsfo9'); + + $response = $this->runQueue([ + new SameSiteSessionMiddleware(), + new SameSiteCookieMiddleware($configuration), + ]); + + $cookie = $response->getHeaderLine('Set-Cookie'); + $this->assertSame('PHPSESSID=v3absd19o9pi6cjvhb5pkmsfo9; path=/; Secure; SameSite=Strict;', $cookie); + $this->assertSame('', (string)$response->getBody()); + } }