Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/zonuexe/psr13-link-poc
https://github.com/zonuexe/psr13-link-poc
Last synced: about 4 hours ago
JSON representation
- Host: GitHub
- URL: https://github.com/zonuexe/psr13-link-poc
- Owner: zonuexe
- License: other
- Created: 2020-03-20T22:41:27.000Z (almost 5 years ago)
- Default Branch: master
- Last Pushed: 2020-03-21T00:52:22.000Z (almost 5 years ago)
- Last Synced: 2024-11-06T02:49:13.725Z (about 2 months ago)
- Language: PHP
- Size: 5.86 KB
- Stars: 0
- Watchers: 4
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# PSR-13 Link PoC
[PSR-13: Link definition interfaces - PHP-FIG](https://www.php-fig.org/psr/psr-13/) is probably the least known PHP-FIG's recommendation, but its specifications and implementation are flawed.
## WebLink and URI Template
The specification is very distorted because `Psr\Link\LinkInterface` requires the `isTemplated` method. That specification was introduced in [RFC 6570](https://tools.ietf.org/html/rfc6570).
[PSR-13 1.4 Link Templates](https://www.php-fig.org/psr/psr-13/#14-link-templates)
> Some hypermedia formats support templated links while others do not, and may have a special way to denote that a link is a template. A Serializer for a format that does not support URI Templates MUST ignore any templated Links it encounters.
It is inevitable that unassembled template URIs are left behind. Because it is not the expected URI.
However, [`TemplatedHrefTrait::hrefIsTemplated()`](https://github.com/php-fig/link-util/blob/1.1.0/src/TemplatedHrefTrait.php) implementation of [fig/link-util](https://github.com/php-fig/link-util) that try to detect it are a bad idea.
```php
private function hrefIsTemplated($href)
{
return strpos($href, '{') !== false ||strpos($href, '}') !== false;
}
```This code goes against secure coding best practices. Never search for a string to determine if it is a template or not. Instead, define a separate Link class for fixed URIs and template URIs.
`"{"` and `"}"` are not delimiter in [RFC 3986](https://tools.ietf.org/html/rfc3986) URI Generic Syntax.
To create a FIG's `Link` object from user input like `$_SERVER['REQUEST_URI']` you need to explicitly escape.
```php
$uri = parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH);// Do not use https://www.php.net/urlencode
$link = new Link('current', strtr($uri, ['{' => '%7B', '}' => '%7D']));
```The same implementation has been [copied to Symfony](https://github.com/symfony/symfony/pull/33122).
## Why URI Template?
I noticed this problem about a year ago, but never came up with a use case.