[5.1] Fix for bad accept headers

[GrahamCampbell]

For some reason someone passed:

Mozilla/5.0 (Windows; U; Windows NT 5.1; pt-PT; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2 (.NET CLR 3.5.30729)

as an Accept header to my server (either by mistake, or as an attempt to attack it), and successfully crashed it with:

preg_match(): Compilation failed: missing ) at offset 25`

and since preg_match returns false when an error occurs, simply suppressing errors is the desired behaviour here.

[vlakoff]

More importantly, why does the regex crash?
Only hiding the possible error doesn't sound sufficient to me.

I guess there's some use of preg_quote to do.

[GrahamCampbell]

We don't need to care why it crashed. It was an invalid header.

[GrahamCampbell]

We just need the logic that if it does crash, it must be invalid.

[vlakoff]

You're possibly opening the door to server DoS by allowing to execute user-supplied special regex characters.

[vlakoff]

By the way, in Request.php there are 2 calls of matchesType:
one is $this->matchesType($accept, $type), the other is $this->matchesType($type, $accept).
(note the arguments order)

Apparently one is indeed incorrect. Have yet to figure out which one.

[GrahamCampbell]

Not a bug. They are intentionally the other way around in one of them.

[vlakoff]

If you're really sure on this, fine.

The regex still needs escaping though.