From c98e33dc59ddf88ed9cf840c54a4d1b3a8bc0cd2 Mon Sep 17 00:00:00 2001 From: Jonathan Hernandez Date: Thu, 29 Jan 2026 11:22:57 +0100 Subject: [PATCH 1/4] Upgrade PHPUnit to fix security vulnerability Fixes unsafe deserialization in PHPT code coverage handling by upgrading PHPUnit from 4.8 to 8.5.52. This requires bumping minimum PHP to 7.2. --- CHANGELOG.md | 7 +++++++ composer.json | 4 ++-- tests/AdsBibcodeTest.php | 2 +- tests/ArxivIdTest.php | 2 +- tests/DoiTest.php | 2 +- tests/HandleTest.php | 2 +- tests/IsbnTest.php | 2 +- tests/NationalClinicalTrialIdTest.php | 2 +- tests/OrcidIdTest.php | 2 +- tests/PubmedIdTest.php | 2 +- tests/RepecIdTest.php | 2 +- tests/UriTest.php | 2 +- tests/UrnTest.php | 2 +- 13 files changed, 20 insertions(+), 13 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b79d757..c3f17f3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. This project adheres to [Semantic Versioning](http://semver.org/). +## [CURRENT] +### Changed +- Minimum PHP version is now 7.2 (previously 5.4) + +### Security +- Upgrade PHPUnit to 8.5.52 to fix unsafe deserialization vulnerability + ## [0.10.1] - 2018-04-09 ### Fixed - Restored support for extracting hyphenated ISBN-10s with registration group diff --git a/composer.json b/composer.json index 3c0f17f..fd58e8c 100644 --- a/composer.json +++ b/composer.json @@ -15,10 +15,10 @@ } ], "require": { - "php": ">= 5.4.0" + "php": ">= 7.2" }, "require-dev": { - "phpunit/phpunit": "^4.8" + "phpunit/phpunit": "^8.5.52" }, "suggest": { "ext-mbstring": "Needed for multibyte string support (alternatively, require symfony/polyfill-mbstring)" diff --git a/tests/AdsBibcodeTest.php b/tests/AdsBibcodeTest.php index 8e52b97..4437a5d 100644 --- a/tests/AdsBibcodeTest.php +++ b/tests/AdsBibcodeTest.php @@ -1,7 +1,7 @@ Date: Thu, 29 Jan 2026 11:25:19 +0100 Subject: [PATCH 2/4] Migrate CI from Travis to GitHub Actions Test against PHP 7.2 through 8.3. --- .github/workflows/tests.yml | 30 ++++++++++++++++++++++++++++++ .gitignore | 1 + .travis.yml | 10 ---------- CHANGELOG.md | 1 + 4 files changed, 32 insertions(+), 10 deletions(-) create mode 100644 .github/workflows/tests.yml delete mode 100644 .travis.yml diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml new file mode 100644 index 0000000..34fd53b --- /dev/null +++ b/.github/workflows/tests.yml @@ -0,0 +1,30 @@ +name: Tests + +on: + push: + pull_request: + +jobs: + test: + runs-on: ubuntu-latest + + strategy: + matrix: + php: ['7.2', '7.3', '7.4', '8.0', '8.1', '8.2', '8.3'] + + name: PHP ${{ matrix.php }} + + steps: + - uses: actions/checkout@v4 + + - name: Setup PHP + uses: shivammathur/setup-php@v2 + with: + php-version: ${{ matrix.php }} + coverage: none + + - name: Install dependencies + run: composer install --prefer-dist --no-progress + + - name: Run tests + run: vendor/bin/phpunit diff --git a/.gitignore b/.gitignore index 987e2a2..e96516b 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ composer.lock vendor +.phpunit.result.cache diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index d33b060..0000000 --- a/.travis.yml +++ /dev/null @@ -1,10 +0,0 @@ -language: php -php: - - 5.4 - - 5.5 - - 5.6 - - 7.0 - - 7.1 - - 7.2 -install: - - composer install diff --git a/CHANGELOG.md b/CHANGELOG.md index c3f17f3..00a43f0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,7 @@ project adheres to [Semantic Versioning](http://semver.org/). ## [CURRENT] ### Changed - Minimum PHP version is now 7.2 (previously 5.4) +- Migrate CI from Travis to GitHub Actions ### Security - Upgrade PHPUnit to 8.5.52 to fix unsafe deserialization vulnerability From 336a99efb6cc8542a1b05994792d1377f09cc5db Mon Sep 17 00:00:00 2001 From: Jonathan Hernandez Date: Thu, 29 Jan 2026 11:49:37 +0100 Subject: [PATCH 3/4] Add type hints to extract() methods Add ?string parameter and array return type hints to all extract() methods. This fixes PHP 8.1+ deprecation warnings about passing null to string functions. --- CHANGELOG.md | 1 + phpunit.xml | 2 +- src/AdsBibcode.php | 3 ++- src/ArxivId.php | 4 +++- src/Doi.php | 3 ++- src/Handle.php | 3 ++- src/Isbn.php | 12 +++++++----- src/NationalClinicalTrialId.php | 3 ++- src/OrcidId.php | 3 ++- src/PubmedId.php | 4 +++- src/RepecId.php | 3 ++- src/Uri.php | 3 ++- src/Urn.php | 3 ++- 13 files changed, 31 insertions(+), 16 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 00a43f0..11c53e3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,7 @@ project adheres to [Semantic Versioning](http://semver.org/). ### Changed - Minimum PHP version is now 7.2 (previously 5.4) - Migrate CI from Travis to GitHub Actions +- Add type hints to all `extract()` methods (`?string` parameter, `array` return) ### Security - Upgrade PHPUnit to 8.5.52 to fix unsafe deserialization vulnerability diff --git a/phpunit.xml b/phpunit.xml index 320fa80..08e423c 100644 --- a/phpunit.xml +++ b/phpunit.xml @@ -1,6 +1,6 @@ - + tests diff --git a/src/AdsBibcode.php b/src/AdsBibcode.php index e3e1e97..504bb63 100644 --- a/src/AdsBibcode.php +++ b/src/AdsBibcode.php @@ -3,8 +3,9 @@ class AdsBibcode { - public static function extract($str) + public static function extract(?string $str): array { + $str = $str ?? ''; preg_match_all('/\b\d{4}[a-z][0-9a-z&.]{14}\b/ui', $str, $matches); return $matches[0]; diff --git a/src/ArxivId.php b/src/ArxivId.php index 7448ae7..9add1ae 100644 --- a/src/ArxivId.php +++ b/src/ArxivId.php @@ -29,8 +29,10 @@ class ArxivId }xiu EOT; - public static function extract($str) + public static function extract(?string $str): array { + $str = $str ?? ''; + return array_merge(self::extractPre2007ArxivIds($str), self::extractPost2007ArxivIds($str)); } diff --git a/src/Doi.php b/src/Doi.php index 3c22971..89bed93 100644 --- a/src/Doi.php +++ b/src/Doi.php @@ -32,8 +32,9 @@ class Doi }xu EOT; - public static function extract($str) + public static function extract(?string $str): array { + $str = $str ?? ''; preg_match_all(self::REGEXP, mb_strtolower($str, 'UTF-8'), $matches); return $matches[0]; diff --git a/src/Handle.php b/src/Handle.php index eab6871..e1a46bb 100644 --- a/src/Handle.php +++ b/src/Handle.php @@ -3,8 +3,9 @@ class Handle { - public static function extract($str) + public static function extract(?string $str): array { + $str = $str ?? ''; preg_match_all('#\b[\d.]+/\S+\b#u', $str, $matches); return $matches[0]; diff --git a/src/Isbn.php b/src/Isbn.php index 63a1062..2cceca3 100644 --- a/src/Isbn.php +++ b/src/Isbn.php @@ -48,8 +48,10 @@ class Isbn }xu EOT; - public static function extract($str) + public static function extract(?string $str): array { + $str = $str ?? ''; + return array_merge(self::extractIsbnAs($str), self::extractIsbn13s($str), self::extractIsbn10s($str)); } @@ -123,9 +125,9 @@ private static function stripHyphenation($match, $limit) return $isbn; } - private static function isValidIsbn13($str) + private static function isValidIsbn13(?string $str): bool { - if (strlen($str) !== 13) { + if ($str === null || strlen($str) !== 13) { return false; } @@ -134,9 +136,9 @@ private static function isValidIsbn13($str) return $checkDigit === (int) $str[12]; } - private static function isValidIsbn10($str) + private static function isValidIsbn10(?string $str): bool { - if (strlen($str) !== 10) { + if ($str === null || strlen($str) !== 10) { return false; } diff --git a/src/NationalClinicalTrialId.php b/src/NationalClinicalTrialId.php index 8b7aebf..0327e32 100644 --- a/src/NationalClinicalTrialId.php +++ b/src/NationalClinicalTrialId.php @@ -3,8 +3,9 @@ class NationalClinicalTrialId { - public static function extract($str) + public static function extract(?string $str): array { + $str = $str ?? ''; preg_match_all('/\bNCT\d+\b/ui', $str, $matches); return array_map('strtoupper', $matches[0]); diff --git a/src/OrcidId.php b/src/OrcidId.php index 064c97b..fd70ce3 100644 --- a/src/OrcidId.php +++ b/src/OrcidId.php @@ -4,8 +4,9 @@ class OrcidId { - public static function extract($str) + public static function extract(?string $str): array { + $str = $str ?? ''; preg_match_all('/\d{4}-\d{4}-\d{4}-\d{3}[\dX]/i', $str, $matches); return array_filter(array_map('strtoupper', $matches[0]), [__CLASS__, 'isValid']); diff --git a/src/PubmedId.php b/src/PubmedId.php index 1a17e98..b291be6 100644 --- a/src/PubmedId.php +++ b/src/PubmedId.php @@ -38,8 +38,10 @@ class PubmedId }xu EOT; - public static function extract($str) + public static function extract(?string $str): array { + $str = $str ?? ''; + return array_merge(self::extractPubmedIds($str), self::extractPubmedUris($str)); } diff --git a/src/RepecId.php b/src/RepecId.php index ae0e26d..6589c10 100644 --- a/src/RepecId.php +++ b/src/RepecId.php @@ -3,8 +3,9 @@ class RepecId { - public static function extract($str) + public static function extract(?string $str): array { + $str = $str ?? ''; preg_match_all('/\brepec:\S+\b/ui', $str, $matches); return array_map( diff --git a/src/Uri.php b/src/Uri.php index 48273cc..856cf03 100644 --- a/src/Uri.php +++ b/src/Uri.php @@ -52,8 +52,9 @@ class Uri #x EOF; - public static function extract($str) + public static function extract(?string $str): array { + $str = $str ?? ''; preg_match_all(self::REGEXP, $str, $matches); return $matches[0]; diff --git a/src/Urn.php b/src/Urn.php index c97cc60..59ea15a 100644 --- a/src/Urn.php +++ b/src/Urn.php @@ -3,8 +3,9 @@ class Urn { - public static function extract($str) + public static function extract(?string $str): array { + $str = $str ?? ''; preg_match_all( '/\burn:(?!urn:)[a-z0-9][a-z0-9\-]{1,31}:(?:[a-z0-9()+,-.:=@;$_!*\']|' . '%(?:2[1-9a-f]|[3-6][0-9a-f]|7[0-9a-e]))+/i', From 4f9e7362f8399ec158648dc3dc0040c1afb13175 Mon Sep 17 00:00:00 2001 From: Jonathan Hernandez Date: Thu, 29 Jan 2026 15:22:34 +0100 Subject: [PATCH 4/4] Update documentation for v1.0.0 --- CHANGELOG.md | 3 ++- LICENSE | 2 +- README.md | 8 ++++---- 3 files changed, 7 insertions(+), 6 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 11c53e3..56f5bad 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,7 +2,7 @@ All notable changes to this project will be documented in this file. This project adheres to [Semantic Versioning](http://semver.org/). -## [CURRENT] +## [1.0.0] - 2026-01-29 ### Changed - Minimum PHP version is now 7.2 (previously 5.4) - Migrate CI from Travis to GitHub Actions @@ -90,4 +90,5 @@ project adheres to [Semantic Versioning](http://semver.org/). [0.8.0]: https://github.com/altmetric/php-identifiers/releases/tag/v0.8.0 [0.9.0]: https://github.com/altmetric/php-identifiers/releases/tag/v0.9.0 [0.10.0]: https://github.com/altmetric/php-identifiers/releases/tag/v0.10.0 +[1.0.0]: https://github.com/altmetric/php-identifiers/releases/tag/v1.0.0 [0.10.1]: https://github.com/altmetric/php-identifiers/releases/tag/v0.10.1 diff --git a/LICENSE b/LICENSE index 3054d0d..5f21785 100644 --- a/LICENSE +++ b/LICENSE @@ -1,6 +1,6 @@ The MIT License (MIT) -Copyright (c) 2016-2017 Altmetric LLP +Copyright (c) 2016-2026 Altmetric LLP Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/README.md b/README.md index badbda1..a4d80d6 100644 --- a/README.md +++ b/README.md @@ -1,10 +1,10 @@ -# Identifiers [![Build Status](https://travis-ci.org/altmetric/php-identifiers.svg?branch=master)](https://travis-ci.org/altmetric/php-identifiers) +# Identifiers [![Tests](https://github.com/altmetric/php-identifiers/actions/workflows/tests.yml/badge.svg)](https://github.com/altmetric/php-identifiers/actions/workflows/tests.yml) Collection of utilities related to the extraction, validation and normalization of various scholarly identifiers. -**Current version:** 0.10.1 -**Supported PHP versions:** 5.4, 5.5, 5.6, 7 +**Current version:** 1.0.0 +**Supported PHP versions:** 7.2+ ## Installation @@ -161,6 +161,6 @@ We also maintain [a version of this library for Ruby](https://github.com/altmetr ## License -Copyright © 2016-2017 Altmetric LLP +Copyright © 2016-2026 Altmetric LLP Distributed under the [MIT License](http://opensource.org/licenses/MIT).