Keep 308-399 HTTP response codes when header('Location:') is called.

Fixes bug #67428 (header('Location: foo') will override a 308-399 response
code).

diff --git a/NEWS b/NEWS
index 424dcf01bf8b216319c3f78e7391412121ef1e0a..6d6c461bc94b3c6777fb8d514459a66831fa7807 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -2,6 +2,10 @@ PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? ??? 2014, PHP 5.4.31
 
+- Core:
+  . Fixed bug #67428 (header('Location: foo') will override a 308-399 response
+    code). (Adam)
+
 ?? ??? 2014, PHP 5.4.30
 
 - Core:

diff --git a/ext/standard/tests/general_functions/header_redirection_001.phpt b/ext/standard/tests/general_functions/header_redirection_001.phpt
new file mode 100644 (file)
index 0000000..ecf57ec
--- /dev/null
+++ b/ext/standard/tests/general_functions/header_redirection_001.phpt
@@ -0,0 +1,11 @@
+--TEST--
+Location: headers change the status code
+--CGI--
+--FILE--
+<?php
+header('Location: http://example.com/');
+?>
+--EXPECTHEADERS--
+Status: 302 Moved Temporarily
+Location: http://example.com/
+--EXPECT--

diff --git a/ext/standard/tests/general_functions/header_redirection_002.phpt b/ext/standard/tests/general_functions/header_redirection_002.phpt
new file mode 100644 (file)
index 0000000..2bf6dec
--- /dev/null
+++ b/ext/standard/tests/general_functions/header_redirection_002.phpt
@@ -0,0 +1,12 @@
+--TEST--
+Location: headers override non-201 and 3xx response codes
+--CGI--
+--FILE--
+<?php
+header("HTTP/1.1 418 I'm a Teapot");
+header('Location: http://example.com/');
+?>
+--EXPECTHEADERS--
+Status: 302 Moved Temporarily
+Location: http://example.com/
+--EXPECT--

diff --git a/ext/standard/tests/general_functions/header_redirection_003.phpt b/ext/standard/tests/general_functions/header_redirection_003.phpt
new file mode 100644 (file)
index 0000000..678e314
--- /dev/null
+++ b/ext/standard/tests/general_functions/header_redirection_003.phpt
@@ -0,0 +1,11 @@
+--TEST--
+Location: headers respect the header() response code parameter
+--CGI--
+--FILE--
+<?php
+header('Location: http://example.com/', true, 404);
+?>
+--EXPECTHEADERS--
+Status: 404 Not Found
+Location: http://example.com/
+--EXPECT--

diff --git a/ext/standard/tests/general_functions/header_redirection_004.phpt b/ext/standard/tests/general_functions/header_redirection_004.phpt
new file mode 100644 (file)
index 0000000..678e314
--- /dev/null
+++ b/ext/standard/tests/general_functions/header_redirection_004.phpt
@@ -0,0 +1,11 @@
+--TEST--
+Location: headers respect the header() response code parameter
+--CGI--
+--FILE--
+<?php
+header('Location: http://example.com/', true, 404);
+?>
+--EXPECTHEADERS--
+Status: 404 Not Found
+Location: http://example.com/
+--EXPECT--

diff --git a/ext/standard/tests/general_functions/header_redirection_005.phpt b/ext/standard/tests/general_functions/header_redirection_005.phpt
new file mode 100644 (file)
index 0000000..fc3e0f7
--- /dev/null
+++ b/ext/standard/tests/general_functions/header_redirection_005.phpt
@@ -0,0 +1,12 @@
+--TEST--
+Location: headers do not override the 201 response code
+--CGI--
+--FILE--
+<?php
+header('HTTP/1.1 201 Created');
+header('Location: http://example.com/');
+?>
+--EXPECTHEADERS--
+Status: 201 Created
+Location: http://example.com/
+--EXPECT--

diff --git a/ext/standard/tests/general_functions/header_redirection_006.phpt b/ext/standard/tests/general_functions/header_redirection_006.phpt
new file mode 100644 (file)
index 0000000..5fb5209
--- /dev/null
+++ b/ext/standard/tests/general_functions/header_redirection_006.phpt
@@ -0,0 +1,12 @@
+--TEST--
+Location: headers do not override the 300 Multiple Choices response code
+--CGI--
+--FILE--
+<?php
+header('HTTP/1.1 300 Multiple Choices');
+header('Location: http://example.com/');
+?>
+--EXPECTHEADERS--
+Status: 300 Multiple Choices
+Location: http://example.com/
+--EXPECT--

diff --git a/ext/standard/tests/general_functions/header_redirection_007.phpt b/ext/standard/tests/general_functions/header_redirection_007.phpt
new file mode 100644 (file)
index 0000000..6769b08
--- /dev/null
+++ b/ext/standard/tests/general_functions/header_redirection_007.phpt
@@ -0,0 +1,12 @@
+--TEST--
+Location: headers do not override the 301 Moved Permanently response code
+--CGI--
+--FILE--
+<?php
+header('HTTP/1.1 301 Moved Permanently');
+header('Location: http://example.com/');
+?>
+--EXPECTHEADERS--
+Status: 301 Moved Permanently
+Location: http://example.com/
+--EXPECT--

diff --git a/ext/standard/tests/general_functions/header_redirection_008.phpt b/ext/standard/tests/general_functions/header_redirection_008.phpt
new file mode 100644 (file)
index 0000000..5099370
--- /dev/null
+++ b/ext/standard/tests/general_functions/header_redirection_008.phpt
@@ -0,0 +1,12 @@
+--TEST--
+Location: headers do not override the 302 Found response code
+--CGI--
+--FILE--
+<?php
+header('HTTP/1.1 302 Found');
+header('Location: http://example.com/');
+?>
+--EXPECTHEADERS--
+Status: 302 Found
+Location: http://example.com/
+--EXPECT--

diff --git a/ext/standard/tests/general_functions/header_redirection_009.phpt b/ext/standard/tests/general_functions/header_redirection_009.phpt
new file mode 100644 (file)
index 0000000..f8d27f9
--- /dev/null
+++ b/ext/standard/tests/general_functions/header_redirection_009.phpt
@@ -0,0 +1,12 @@
+--TEST--
+Location: headers do not override the 303 See Other response code
+--CGI--
+--FILE--
+<?php
+header('HTTP/1.1 303 See Other');
+header('Location: http://example.com/');
+?>
+--EXPECTHEADERS--
+Status: 303 See Other
+Location: http://example.com/
+--EXPECT--

diff --git a/ext/standard/tests/general_functions/header_redirection_010.phpt b/ext/standard/tests/general_functions/header_redirection_010.phpt
new file mode 100644 (file)
index 0000000..316112d
--- /dev/null
+++ b/ext/standard/tests/general_functions/header_redirection_010.phpt
@@ -0,0 +1,12 @@
+--TEST--
+Location: headers do not override the 304 Not Modified response code
+--CGI--
+--FILE--
+<?php
+header('HTTP/1.1 304 Not Modified');
+header('Location: http://example.com/');
+?>
+--EXPECTHEADERS--
+Status: 304 Not Modified
+Location: http://example.com/
+--EXPECT--

diff --git a/ext/standard/tests/general_functions/header_redirection_011.phpt b/ext/standard/tests/general_functions/header_redirection_011.phpt
new file mode 100644 (file)
index 0000000..bfd8789
--- /dev/null
+++ b/ext/standard/tests/general_functions/header_redirection_011.phpt
@@ -0,0 +1,12 @@
+--TEST--
+Location: headers do not override the 305 Use Proxy response code
+--CGI--
+--FILE--
+<?php
+header('HTTP/1.1 305 Use Proxy');
+header('Location: http://example.com/');
+?>
+--EXPECTHEADERS--
+Status: 305 Use Proxy
+Location: http://example.com/
+--EXPECT--

diff --git a/ext/standard/tests/general_functions/header_redirection_012.phpt b/ext/standard/tests/general_functions/header_redirection_012.phpt
new file mode 100644 (file)
index 0000000..657028b
--- /dev/null
+++ b/ext/standard/tests/general_functions/header_redirection_012.phpt
@@ -0,0 +1,12 @@
+--TEST--
+Location: headers do not override the 307 Temporary Redirect response code
+--CGI--
+--FILE--
+<?php
+header('HTTP/1.1 307 Temporary Redirect');
+header('Location: http://example.com/');
+?>
+--EXPECTHEADERS--
+Status: 307 Temporary Redirect
+Location: http://example.com/
+--EXPECT--

diff --git a/ext/standard/tests/general_functions/header_redirection_013.phpt b/ext/standard/tests/general_functions/header_redirection_013.phpt
new file mode 100644 (file)
index 0000000..4dce0d0
--- /dev/null
+++ b/ext/standard/tests/general_functions/header_redirection_013.phpt
@@ -0,0 +1,12 @@
+--TEST--
+Location: headers do not override the 308 Permanent Redirect response code
+--CGI--
+--FILE--
+<?php
+header('HTTP/1.1 308 Permanent Redirect');
+header('Location: http://example.com/');
+?>
+--EXPECTHEADERS--
+Status: 308 Permanent Redirect
+Location: http://example.com/
+--EXPECT--

diff --git a/ext/standard/tests/general_functions/header_redirection_014.phpt b/ext/standard/tests/general_functions/header_redirection_014.phpt
new file mode 100644 (file)
index 0000000..a5fb6e8
--- /dev/null
+++ b/ext/standard/tests/general_functions/header_redirection_014.phpt
@@ -0,0 +1,12 @@
+--TEST--
+Location: headers do not override the 399 Choose Your Own Adventure response code
+--CGI--
+--FILE--
+<?php
+header('HTTP/1.1 399 Choose Your Own Adventure');
+header('Location: http://example.com/');
+?>
+--EXPECTHEADERS--
+Status: 399 Choose Your Own Adventure
+Location: http://example.com/
+--EXPECT--

diff --git a/main/SAPI.c b/main/SAPI.c
index f02bca6d1df93cfafbe3b56a4625e4d748d27515..994aff38bf7269d256b2f4c215a3e19efdd74f4f 100644 (file)
--- a/main/SAPI.c
+++ b/main/SAPI.c
@@ -821,7 +821,7 @@ SAPI_API int sapi_header_op(sapi_header_op_enum op, void *arg TSRMLS_DC)
                                        "0", sizeof("0") - 1, PHP_INI_USER, PHP_INI_STAGE_RUNTIME);
                        } else if (!STRCASECMP(header_line, "Location")) {
                                if ((SG(sapi_headers).http_response_code < 300 ||
-                                       SG(sapi_headers).http_response_code > 307) &&
+                                       SG(sapi_headers).http_response_code > 399) &&
                                        SG(sapi_headers).http_response_code != 201) {
                                        /* Return a Found Redirect if one is not already specified */
                                        if (http_response_code) { /* user specified redirect code */