Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 1.4.4

Bug #8214 Ignore invalid HTTP headers
Submitted: 2006-07-14 02:40 UTC Modified: 2006-10-24 15:19 UTC
From: rofranco at c17 dot net Assigned: avb
Status: Closed Package: HTTP_Request (version 1.3.0)
PHP Version: 4.3.10 OS: Debian GNU/Linux
Roadmaps: (Not assigned)    
Subscription  


 [2006-07-14 02:40 UTC] rofranco at c17 dot net (Rodolfo Franco)
Description: ------------ We have found a case where a web server running Microsoft-IIS/5.0 returns an "HTTP/1.1 302 MOVED TEMPORARILY" header as the first line of the response. The problem is that, between the rest of the header lines, it is including an invalid "HTTP/1.1 404 Not Found" header which is generating a warning in method "_processHeader" in this line: list($headername, $headervalue) = explode(':', $header, 2); We have added a previous validation in order to ignore malformed headers. Test script: --------------- Here you have the erroneous HTTP response. For example, Firefox web browser seems to ignore the invalid header. http://www.biomedcentral.com/currtreatoptionsgastroenterol I'm including the contents of the diff function in case you want to apply a patch: Index: Request.php =================================================================== --- Request.php (revisión: 820) +++ Request.php (copia de trabajo) @@ -1075,6 +1075,8 @@ */ function _processHeader($header) { + // If the header has an invalid syntax, ignore it + if (strpos($header,':') === false) return; list($headername, $headervalue) = explode(':', $header, 2); $headername = strtolower($headername); $headervalue = ltrim($headervalue);

Comments

 [2006-10-24 15:19 UTC] avb (Alexey Borzov)
This bug has been fixed in CVS. If this was a documentation problem, the fix will appear on pear.php.net by the end of next Sunday (CET). If this was a problem with the pear.php.net website, the change should be live shortly. Otherwise, the fix will appear in the package's next release. Thank you for the report and for helping us make PEAR better.