/**
* Unfortunately, PHP has no separation between the shell and
* request environments. This means sensitive data such as database
* information (it's common practice to set these when using services like
* Heroku and Pagoda Box) must be filtered out.
*
* The following steps are taken to alleviate this issue:
*
* * Only allow the
* [predefined variables](http://php.net/manual/en/reserved.variables.server.php)
* in `$_SERVER`.
*
* * Allow variables prefixed with `HTTP_` (HTTP headers).
*
* @return array The filtered PHP request environment.
*/
private function sanitized_php_environment()
{
$env = Arr::overwrite($this->allowed_php_environment_keys, $_SERVER);
foreach ($_SERVER as $key => $value) {
if (strpos($key, 'HTTP_') === 0) {
$env[$key] = $value;
}
}
if (!empty($_COOKIE)) {
// Add cookies
$env['rack.request.cookie_hash'] = $_COOKIE;
}
return array_filter($env);
}
/**
*
* @test
* @dataProvider provider_overwrite
*/
public function test_overwrite($expected, $arr1, $arr2, $arr3 = array(), $arr4 = array())
{
$this->assertSame($expected, Arr::overwrite($arr1, $arr2, $arr3, $arr4));
}
