Support IPv6 validation

composer.json

@@ -45,7 +45,7 @@
 	},
 	"extra": {
 		"branch-alias": {
-			"dev-master": "3.3-dev"
+			"dev-master": "4.0-dev"
 		}
 	}
 }

src/Http/FileUpload.php

@@ -42,13 +42,16 @@ final class FileUpload
 	private readonly int $error;
 
 
-	public function __construct(?array $value)
+	public function __construct(array|string|null $value)
 	{
-		foreach (['name', 'size', 'tmp_name', 'error'] as $key) {
-			if (!isset($value[$key]) || !is_scalar($value[$key])) {
-				$value = [];
-				break;
-			}
+		if (is_string($value)) {
+			$value = [
+				'name' => basename($value),
+				'full_path' => $value,
+				'size' => filesize($value),
+				'tmp_name' => $value,
+				'error' => UPLOAD_ERR_OK,
+			];
 		}
 
 		$this->name = $value['name'] ?? '';
@@ -64,6 +67,7 @@ public function __construct(?array $value)
 	 */
 	public function getName(): string
 	{
+		trigger_error(__METHOD__ . '() is deprecated, use getUntrustedName()', E_USER_DEPRECATED);
 		return $this->name;
 	}
 

src/Http/Helpers.php

@@ -23,9 +23,6 @@ final class Helpers
 	/** @internal */
 	public const StrictCookieName = '_nss';
 
-	/** @deprecated */
-	public const STRICT_COOKIE_NAME = self::StrictCookieName;
-
 
 	/**
 	 * Returns HTTP valid date format.

src/Http/IRequest.php

@@ -58,22 +58,19 @@ function getUrl(): UrlScript;
 	/**
 	 * Returns variable provided to the script via URL query ($_GET).
 	 * If no key is passed, returns the entire array.
-	 * @return mixed
 	 */
-	function getQuery(?string $key = null);
+	function getQuery(?string $key = null): mixed;
 
 	/**
 	 * Returns variable provided to the script via POST method ($_POST).
 	 * If no key is passed, returns the entire array.
-	 * @return mixed
 	 */
-	function getPost(?string $key = null);
+	function getPost(?string $key = null): mixed;
 
 	/**
 	 * Returns uploaded file.
-	 * @return FileUpload|array|null
 	 */
-	function getFile(string $key);
+	function getFile(string $key): ?FileUpload;
 
 	/**
 	 * Returns uploaded files.
@@ -82,9 +79,8 @@ function getFiles(): array;
 
 	/**
 	 * Returns variable provided to the script via HTTP cookies.
-	 * @return mixed
 	 */
-	function getCookie(string $key);
+	function getCookie(string $key): mixed;
 
 	/**
 	 * Returns variables provided to the script via HTTP cookies.

src/Http/IResponse.php

@@ -337,9 +337,8 @@ interface IResponse
 
 	/**
 	 * Sets HTTP response code.
-	 * @return static
 	 */
-	function setCode(int $code, ?string $reason = null);
+	function setCode(int $code, ?string $reason = null): static;
 
 	/**
 	 * Returns HTTP response code.
@@ -348,21 +347,18 @@ function getCode(): int;
 
 	/**
 	 * Sends a HTTP header and replaces a previous one.
-	 * @return static
 	 */
-	function setHeader(string $name, string $value);
+	function setHeader(string $name, string $value): static;
 
 	/**
 	 * Adds HTTP header.
-	 * @return static
 	 */
-	function addHeader(string $name, string $value);
+	function addHeader(string $name, string $value): static;
 
 	/**
 	 * Sends a Content-type HTTP header.
-	 * @return static
 	 */
-	function setContentType(string $type, ?string $charset = null);
+	function setContentType(string $type, ?string $charset = null): static;
 
 	/**
 	 * Redirects to a new URL.
@@ -371,9 +367,8 @@ function redirect(string $url, int $code = self::S302_Found): void;
 
 	/**
 	 * Sets the time (like '20 minutes') before a page cached on a browser expires, null means "must-revalidate".
-	 * @return static
 	 */
-	function setExpiration(?string $expire);
+	function setExpiration(?string $expire): static;
 
 	/**
 	 * Checks if headers have been sent.
@@ -392,20 +387,25 @@ function getHeaders(): array;
 
 	/**
 	 * Sends a cookie.
-	 * @return static
 	 */
 	function setCookie(
 		string $name,
 		string $value,
 		string|int|\DateTimeInterface|null $expire,
 		?string $path = null,
 		?string $domain = null,
-		?bool $secure = null,
-		?bool $httpOnly = null,
-	);
+		bool $secure = false,
+		bool $httpOnly = true,
+		string $sameSite = self::SameSiteLax,
+	): static;
 
 	/**
 	 * Deletes a cookie.
 	 */
-	function deleteCookie(string $name, ?string $path = null, ?string $domain = null, ?bool $secure = null);
+	function deleteCookie(
+		string $name,
+		?string $path = null,
+		?string $domain = null,
+		bool $secure = false,
+	);
 }

src/Http/Request.php

@@ -189,6 +189,7 @@ public function getHeaders(): array
 	 */
 	public function getReferer(): ?UrlImmutable
 	{
+		trigger_error(__METHOD__ . '() is deprecated', E_USER_DEPRECATED);
 		return isset($this->headers['referer'])
 			? new UrlImmutable($this->headers['referer'])
 			: null;
@@ -252,10 +253,6 @@ public function getRemoteAddress(): ?string
 	 */
 	public function getRemoteHost(): ?string
 	{
-		if ($this->remoteHost === null && $this->remoteAddress !== null) {
-			$this->remoteHost = gethostbyaddr($this->remoteAddress);
-		}
-
 		return $this->remoteHost;
 	}
 
@@ -269,6 +266,20 @@ public function getRawBody(): ?string
 	}
 
 
+	/**
+	 * Returns decoded content of HTTP request body.
+	 */
+	public function getDecodedBody(): mixed
+	{
+		$type = $this->getHeader('Content-Type');
+		return match ($type) {
+			'application/json' => json_decode($this->getRawBody()),
+			'application/x-www-form-urlencoded' => $_POST,
+			default => throw new \Exception("Unsupported content type: $type"),
+		};
+	}
+
+
 	/**
 	 * Returns basic HTTP authentication credentials.
 	 * @return array{string, string}|null

src/Http/RequestFactory.php

@@ -374,9 +374,10 @@ private function parseHostAndPort(string $s): ?array
 	}
 
 
-	/** @deprecated */
+	/** @deprecated use fromGlobals() */
 	public function createHttpRequest(): Request
 	{
+		trigger_error(__METHOD__ . '() is deprecated, use fromGlobals()', E_USER_DEPRECATED);
 		return $this->fromGlobals();
 	}
 }

src/Http/Response.php

@@ -233,8 +233,8 @@ public function setCookie(
 		?string $path = null,
 		?string $domain = null,
 		?bool $secure = null,
-		?bool $httpOnly = null,
-		?string $sameSite = null,
+		bool $httpOnly = true,
+		string $sameSite = self::SameSiteLax,
 	): static
 	{
 		self::checkHeaders();
@@ -243,8 +243,8 @@ public function setCookie(
 			'path' => $path ?? ($domain ? '/' : $this->cookiePath),
 			'domain' => $domain ?? ($path ? '' : $this->cookieDomain),
 			'secure' => $secure ?? $this->cookieSecure,
-			'httponly' => $httpOnly ?? true,
-			'samesite' => $sameSite ?? self::SameSiteLax,
+			'httponly' => $httpOnly,
+			'samesite' => $sameSite,
 		]);
 		return $this;
 	}

src/Http/SessionSection.php

@@ -17,9 +17,6 @@
  */
 class SessionSection implements \IteratorAggregate, \ArrayAccess
 {
-	public bool $warnOnUndefined = false;
-
-
 	/**
 	 * Do not call directly. Use Session::getSection().
 	 */
@@ -97,6 +94,7 @@ public function remove(string|array|null $name = null): void
 	 */
 	public function __set(string $name, $value): void
 	{
+		trigger_error("Writing to \$session->$name is deprecated, use \$session->set('$name', \$value) instead", E_USER_DEPRECATED);
 		$this->session->autoStart(true);
 		$this->getData()[$name] = $value;
 	}
@@ -108,12 +106,9 @@ public function __set(string $name, $value): void
 	 */
 	public function &__get(string $name): mixed
 	{
+		trigger_error("Reading from \$session->$name is deprecated, use \$session->get('$name') instead", E_USER_DEPRECATED);
 		$this->session->autoStart(true);
 		$data = &$this->getData();
-		if ($this->warnOnUndefined && !array_key_exists($name, $data ?? [])) {
-			trigger_error("The variable '$name' does not exist in session section");
-		}
-
 		return $data[$name];
 	}
 
@@ -124,6 +119,7 @@ public function &__get(string $name): mixed
 	 */
 	public function __isset(string $name): bool
 	{
+		trigger_error("Using \$session->$name is deprecated, use \$session->get('$name') instead", E_USER_DEPRECATED);
 		$this->session->autoStart(false);
 		return isset($this->getData()[$name]);
 	}
@@ -135,6 +131,7 @@ public function __isset(string $name): bool
 	 */
 	public function __unset(string $name): void
 	{
+		trigger_error("Unset(\$session->$name) is deprecated, use \$session->remove('$name') instead", E_USER_DEPRECATED);
 		$this->remove($name);
 	}
 
@@ -145,6 +142,7 @@ public function __unset(string $name): void
 	 */
 	public function offsetSet($name, $value): void
 	{
+		trigger_error("Writing to \$session['$name'] is deprecated, use \$session->set('$name', \$value) instead", E_USER_DEPRECATED);
 		$this->__set($name, $value);
 	}
 
@@ -155,6 +153,7 @@ public function offsetSet($name, $value): void
 	 */
 	public function offsetGet($name): mixed
 	{
+		trigger_error("Reading from \$session['$name'] is deprecated, use \$session->get('$name') instead", E_USER_DEPRECATED);
 		return $this->get($name);
 	}
 
@@ -165,6 +164,7 @@ public function offsetGet($name): mixed
 	 */
 	public function offsetExists($name): bool
 	{
+		trigger_error("Using \$session['$name'] is deprecated, use \$session->get('$name') instead", E_USER_DEPRECATED);
 		return $this->__isset($name);
 	}
 
@@ -175,6 +175,7 @@ public function offsetExists($name): bool
 	 */
 	public function offsetUnset($name): void
 	{
+		trigger_error("Unset(\$session['$name']) is deprecated, use \$session->remove('$name') instead", E_USER_DEPRECATED);
 		$this->remove($name);
 	}