/** * Unfortunately, PHP has no separation between the shell and * request environments. This means sensitive data such as database * information (it's common practice to set these when using services like * Heroku and Pagoda Box) must be filtered out. * * The following steps are taken to alleviate this issue: * * * Only allow the * [predefined variables](http://php.net/manual/en/reserved.variables.server.php) * in `$_SERVER`. * * * Allow variables prefixed with `HTTP_` (HTTP headers). * * @return array The filtered PHP request environment. */ private function sanitized_php_environment() { $env = Arr::overwrite($this->allowed_php_environment_keys, $_SERVER); foreach ($_SERVER as $key => $value) { if (strpos($key, 'HTTP_') === 0) { $env[$key] = $value; } } if (!empty($_COOKIE)) { // Add cookies $env['rack.request.cookie_hash'] = $_COOKIE; } return array_filter($env); }
/** * * @test * @dataProvider provider_overwrite */ public function test_overwrite($expected, $arr1, $arr2, $arr3 = array(), $arr4 = array()) { $this->assertSame($expected, Arr::overwrite($arr1, $arr2, $arr3, $arr4)); }