Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 1.1.4

Bug #13125 HTTP protocol specification mis-implementation
Submitted: 2008-02-15 19:30 UTC
From: jausions Assigned: jausions
Status: Closed Package: HTTP_Download (version CVS)
PHP Version: Irrelevant OS: Irrelevant
Roadmaps: (Not assigned)    
Subscription  


 [2008-02-15 19:30 UTC] jausions (Philippe Jausions)
Description: ------------ The specification: http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.35.1 Stipulates: "If the last-byte-pos value is present, it MUST be greater than or equal to the first-byte-pos in that byte-range-spec, or the byte- range-spec is syntactically invalid. The recipient of a byte-range- set that includes one or more syntactically invalid byte-range-spec values MUST ignore the header field that includes that byte-range- set." The test of start <= end is not implemented in getChunks(). I'm preparing a patch.

Comments

 [2008-02-17 14:52 UTC] jausions (Philippe Jausions)
After looking deeper in the code, it appears that last-byte >= first-byte is checked for, but at the wrong time (when some content range may have already be sent) and with the wrong behavior (returning 416, instead of ignoring the range request.) I'm still preparing a patch though :-)
 [2008-02-17 20:31 UTC] jausions (Philippe Jausions)
The patches correct / enhance the package as follow: - Better detection of malformed Range header (bug #13124), - More compliant handling of malformed / unsatisfiable ranges (bug #13125), - Merges overlapping requested ranges, - Support for unknown content-length (for custom streams) (req #13121)
 [2009-12-14 09:08 UTC] jausions (Philippe Jausions)
-Status: Open +Status: Closed -Assigned To: +Assigned To: jausions
This bug has been fixed in SVN. If this was a documentation problem, the fix will appear on pear.php.net by the end of next Sunday (CET). If this was a problem with the pear.php.net website, the change should be live shortly. Otherwise, the fix will appear in the package's next release. Thank you for the report and for helping us make PEAR better.