Fixed bug #45860 (header() function fails to correctly replace all Status lines)

diff --git a/NEWS b/NEWS
index 63ddd6670659f879962435e8ac7370ac739aeee8..49dba5e0bbf18f3d75977981d1c87bfb2df1e7cb 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -23,6 +23,8 @@ PHP                                                                        NEWS
   in parsed file). (Jani)
 - Fixed bug #45862 (get_class_vars is inconsistent with 'protected' and 
   'private' variables). (ilewis at uk dot ibm dot com, Felipe)
+- Fixed bug #45860 (header() function fails to correctly replace all Status
+  lines). (Dmitry)
 - Fixed bug #45805 (Crash on throwing exception from error handler). (Dmitry)
 - Fixed bug #45765 (ReflectionObject with default parameters of self::xxx cause
   an error). (Felipe)

diff --git a/sapi/cgi/cgi_main.c b/sapi/cgi/cgi_main.c
index 67978b195632302fb8841fafa0f713ac1aa6dd1d..857993acb72e901e4b0029652abffb66cee20707 100644 (file)
--- a/sapi/cgi/cgi_main.c
+++ b/sapi/cgi/cgi_main.c
@@ -369,6 +369,7 @@ static int sapi_cgi_send_headers(sapi_headers_struct *sapi_headers TSRMLS_DC)
        char buf[SAPI_CGI_MAX_HEADER_LENGTH];
        sapi_header_struct *h;
        zend_llist_position pos;
+       zend_bool ignore_status = 0;
 
        if (SG(request_info).no_headers == 1) {
                return  SAPI_HEADER_SENT_SUCCESSFULLY;
@@ -424,6 +425,7 @@ static int sapi_cgi_send_headers(sapi_headers_struct *sapi_headers TSRMLS_DC)
                }
                if (!has_status) {
                        PHPWRITE_H(buf, len);
+                       ignore_status = 1;
                }
        }
 
@@ -431,8 +433,17 @@ static int sapi_cgi_send_headers(sapi_headers_struct *sapi_headers TSRMLS_DC)
        while (h) {
                /* prevent CRLFCRLF */
                if (h->header_len) {
-                       PHPWRITE_H(h->header, h->header_len);
-                       PHPWRITE_H("\r\n", 2);
+                       if (h->header_len > sizeof("Status:")-1 &&
+                           strncasecmp(h->header, "Status:", sizeof("Status:")-1) == 0) {
+                           if (!ignore_status) {
+                                   ignore_status = 1;
+                                       PHPWRITE_H(h->header, h->header_len);
+                                       PHPWRITE_H("\r\n", 2);
+                               }
+                       } else {
+                               PHPWRITE_H(h->header, h->header_len);
+                               PHPWRITE_H("\r\n", 2);
+                       }
                }
                h = (sapi_header_struct*)zend_llist_get_next_ex(&sapi_headers->headers, &pos);
        }

diff --git a/sapi/cgi/tests/010.phpt b/sapi/cgi/tests/010.phpt
new file mode 100644 (file)
index 0000000..e633ad2
--- /dev/null
+++ b/sapi/cgi/tests/010.phpt
@@ -0,0 +1,53 @@
+--TEST--
+Bug #45860 (header() function fails to correctly replace all Status lines)
+--SKIPIF--
+<?php include "skipif.inc"; ?>
+--FILE--
+<?php
+
+include "include.inc";
+
+$php = get_cgi_path();
+reset_env_vars();
+
+$f = tempnam(sys_get_temp_dir(), 'cgitest');
+
+putenv("TRANSLATED_PATH=".$f."/x");
+putenv("SCRIPT_FILENAME=".$f."/x");
+file_put_contents($f, '<?php
+header("HTTP/1.1 403 Forbidden");
+header("Status: 403 Also Forbidden");
+?>');
+
+echo (`$php -n $f`);
+
+file_put_contents($f, '<?php
+header("HTTP/1.1 403 Forbidden");
+?>');
+
+echo (`$php -n $f`);
+
+file_put_contents($f, '<?php
+header("Status: 403 Also Forbidden");
+?>');
+
+echo (`$php -n $f`);
+
+echo "Done\n";
+
+@unlink($f);
+?>
+--EXPECTF--
+Status: 403 Forbidden
+X-Powered-By: PHP/%s
+Content-type: text/html
+
+Status: 403 Forbidden
+X-Powered-By: PHP/%s
+Content-type: text/html
+
+X-Powered-By: PHP/%s
+Status: 403 Also Forbidden
+Content-type: text/html
+
+Done