From 92568dfe0e3dc2fd344f7aa9e8f14a175ed12b21 Mon Sep 17 00:00:00 2001
From: Raj Siva-Rajah <5361908+binaryfire@users.noreply.github.com>
Date: Fri, 26 Dec 2025 02:39:46 +0000
Subject: [PATCH] Fix operator precedence bugs and PSR-7 getHeader usage

FilesystemManager: Fix operator precedence in read-only check
- `?? false === true` was parsed as `?? (false === true)`
- Now correctly checks `($config['read-only'] ?? false) === true`

StartSession: Fix operator precedence in AJAX detection
- `! header(...) === 'X'` was parsed as `(! header(...)) === 'X'`
- Boolean === string is always false, so storeCurrentUrl never worked
- Now correctly checks `header(...) !== 'XMLHttpRequest'`

TestResponseAssert: Fix PSR-7 getHeader returns array not string
- `getHeader()` returns string[], not string
- Array === string is always false, so JSON error injection never worked
- Now correctly uses `getHeader(...)[0] ?? ''` with str_contains
---
 src/filesystem/src/FilesystemManager.php          | 2 +-
 src/foundation/src/Testing/TestResponseAssert.php | 2 +-
 src/session/src/Middleware/StartSession.php       | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/filesystem/src/FilesystemManager.php b/src/filesystem/src/FilesystemManager.php
index a03b6b3e6..429ac9b1f 100644
--- a/src/filesystem/src/FilesystemManager.php
+++ b/src/filesystem/src/FilesystemManager.php
@@ -379,7 +379,7 @@ function (&$parent) use ($config) {
      */
     protected function createFlysystem(FlysystemAdapter $adapter, array $config): FilesystemOperator
     {
-        if ($config['read-only'] ?? false === true) {
+        if (($config['read-only'] ?? false) === true) {
             /* @phpstan-ignore-next-line */
             $adapter = new ReadOnlyFilesystemAdapter($adapter);
         }
diff --git a/src/foundation/src/Testing/TestResponseAssert.php b/src/foundation/src/Testing/TestResponseAssert.php
index 71a90780f..0fbb673ac 100644
--- a/src/foundation/src/Testing/TestResponseAssert.php
+++ b/src/foundation/src/Testing/TestResponseAssert.php
@@ -61,7 +61,7 @@ public static function __callStatic(string $name, array $arguments): void
      */
     protected function injectResponseContext(ExpectationFailedException $exception): ExpectationFailedException
     {
-        if ($this->response->getHeader('Content-Type') === 'application/json') {
+        if (str_contains($this->response->getHeader('Content-Type')[0] ?? '', 'application/json')) {
             $testJson = new AssertableJsonString($this->response->getContent());
 
             if (isset($testJson['errors'])) {
diff --git a/src/session/src/Middleware/StartSession.php b/src/session/src/Middleware/StartSession.php
index 7a67a5674..af0d74ff5 100644
--- a/src/session/src/Middleware/StartSession.php
+++ b/src/session/src/Middleware/StartSession.php
@@ -158,7 +158,7 @@ protected function configHitsLottery(array $config): bool
     protected function storeCurrentUrl(Session $session): void
     {
         if ($this->request->isMethod('GET')
-            && ! $this->request->header('X-Requested-With') === 'XMLHttpRequest' // is not ajax
+            && $this->request->header('X-Requested-With') !== 'XMLHttpRequest' // is not ajax
             && ! $this->isPrefetch()
         ) {
             $session->setPreviousUrl($this->request->fullUrl());