From: Adam Harvey <aharvey@php.net>
Date: Fri, 13 Jun 2014 00:35:05 +0000 (-0700)
Subject: Keep 308-399 HTTP response codes when header('Location:') is called.
X-Git-Tag: php-5.5.15RC1~65^2
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=1b9cbab9a770d084ed35ff9ae101fff2770c8f51;p=php

Keep 308-399 HTTP response codes when header('Location:') is called.

Fixes bug #67428 (header('Location: foo') will override a 308-399 response
code).
---

diff --git a/NEWS b/NEWS
index 424dcf01bf..6d6c461bc9 100644
--- a/NEWS
+++ b/NEWS
@@ -2,6 +2,10 @@ PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? ??? 2014, PHP 5.4.31
 
+- Core:
+  . Fixed bug #67428 (header('Location: foo') will override a 308-399 response
+    code). (Adam)
+
 ?? ??? 2014, PHP 5.4.30
 
 - Core:
diff --git a/ext/standard/tests/general_functions/header_redirection_001.phpt b/ext/standard/tests/general_functions/header_redirection_001.phpt
new file mode 100644
index 0000000000..ecf57ec54a
--- /dev/null
+++ b/ext/standard/tests/general_functions/header_redirection_001.phpt
@@ -0,0 +1,11 @@
+--TEST--
+Location: headers change the status code
+--CGI--
+--FILE--
+<?php
+header('Location: http://example.com/');
+?>
+--EXPECTHEADERS--
+Status: 302 Moved Temporarily
+Location: http://example.com/
+--EXPECT--
diff --git a/ext/standard/tests/general_functions/header_redirection_002.phpt b/ext/standard/tests/general_functions/header_redirection_002.phpt
new file mode 100644
index 0000000000..2bf6dec510
--- /dev/null
+++ b/ext/standard/tests/general_functions/header_redirection_002.phpt
@@ -0,0 +1,12 @@
+--TEST--
+Location: headers override non-201 and 3xx response codes
+--CGI--
+--FILE--
+<?php
+header("HTTP/1.1 418 I'm a Teapot");
+header('Location: http://example.com/');
+?>
+--EXPECTHEADERS--
+Status: 302 Moved Temporarily
+Location: http://example.com/
+--EXPECT--
diff --git a/ext/standard/tests/general_functions/header_redirection_003.phpt b/ext/standard/tests/general_functions/header_redirection_003.phpt
new file mode 100644
index 0000000000..678e3143ac
--- /dev/null
+++ b/ext/standard/tests/general_functions/header_redirection_003.phpt
@@ -0,0 +1,11 @@
+--TEST--
+Location: headers respect the header() response code parameter
+--CGI--
+--FILE--
+<?php
+header('Location: http://example.com/', true, 404);
+?>
+--EXPECTHEADERS--
+Status: 404 Not Found
+Location: http://example.com/
+--EXPECT--
diff --git a/ext/standard/tests/general_functions/header_redirection_004.phpt b/ext/standard/tests/general_functions/header_redirection_004.phpt
new file mode 100644
index 0000000000..678e3143ac
--- /dev/null
+++ b/ext/standard/tests/general_functions/header_redirection_004.phpt
@@ -0,0 +1,11 @@
+--TEST--
+Location: headers respect the header() response code parameter
+--CGI--
+--FILE--
+<?php
+header('Location: http://example.com/', true, 404);
+?>
+--EXPECTHEADERS--
+Status: 404 Not Found
+Location: http://example.com/
+--EXPECT--
diff --git a/ext/standard/tests/general_functions/header_redirection_005.phpt b/ext/standard/tests/general_functions/header_redirection_005.phpt
new file mode 100644
index 0000000000..fc3e0f7af8
--- /dev/null
+++ b/ext/standard/tests/general_functions/header_redirection_005.phpt
@@ -0,0 +1,12 @@
+--TEST--
+Location: headers do not override the 201 response code
+--CGI--
+--FILE--
+<?php
+header('HTTP/1.1 201 Created');
+header('Location: http://example.com/');
+?>
+--EXPECTHEADERS--
+Status: 201 Created
+Location: http://example.com/
+--EXPECT--
diff --git a/ext/standard/tests/general_functions/header_redirection_006.phpt b/ext/standard/tests/general_functions/header_redirection_006.phpt
new file mode 100644
index 0000000000..5fb52096ce
--- /dev/null
+++ b/ext/standard/tests/general_functions/header_redirection_006.phpt
@@ -0,0 +1,12 @@
+--TEST--
+Location: headers do not override the 300 Multiple Choices response code
+--CGI--
+--FILE--
+<?php
+header('HTTP/1.1 300 Multiple Choices');
+header('Location: http://example.com/');
+?>
+--EXPECTHEADERS--
+Status: 300 Multiple Choices
+Location: http://example.com/
+--EXPECT--
diff --git a/ext/standard/tests/general_functions/header_redirection_007.phpt b/ext/standard/tests/general_functions/header_redirection_007.phpt
new file mode 100644
index 0000000000..6769b080fb
--- /dev/null
+++ b/ext/standard/tests/general_functions/header_redirection_007.phpt
@@ -0,0 +1,12 @@
+--TEST--
+Location: headers do not override the 301 Moved Permanently response code
+--CGI--
+--FILE--
+<?php
+header('HTTP/1.1 301 Moved Permanently');
+header('Location: http://example.com/');
+?>
+--EXPECTHEADERS--
+Status: 301 Moved Permanently
+Location: http://example.com/
+--EXPECT--
diff --git a/ext/standard/tests/general_functions/header_redirection_008.phpt b/ext/standard/tests/general_functions/header_redirection_008.phpt
new file mode 100644
index 0000000000..50993707c1
--- /dev/null
+++ b/ext/standard/tests/general_functions/header_redirection_008.phpt
@@ -0,0 +1,12 @@
+--TEST--
+Location: headers do not override the 302 Found response code
+--CGI--
+--FILE--
+<?php
+header('HTTP/1.1 302 Found');
+header('Location: http://example.com/');
+?>
+--EXPECTHEADERS--
+Status: 302 Found
+Location: http://example.com/
+--EXPECT--
diff --git a/ext/standard/tests/general_functions/header_redirection_009.phpt b/ext/standard/tests/general_functions/header_redirection_009.phpt
new file mode 100644
index 0000000000..f8d27f9bfd
--- /dev/null
+++ b/ext/standard/tests/general_functions/header_redirection_009.phpt
@@ -0,0 +1,12 @@
+--TEST--
+Location: headers do not override the 303 See Other response code
+--CGI--
+--FILE--
+<?php
+header('HTTP/1.1 303 See Other');
+header('Location: http://example.com/');
+?>
+--EXPECTHEADERS--
+Status: 303 See Other
+Location: http://example.com/
+--EXPECT--
diff --git a/ext/standard/tests/general_functions/header_redirection_010.phpt b/ext/standard/tests/general_functions/header_redirection_010.phpt
new file mode 100644
index 0000000000..316112dde7
--- /dev/null
+++ b/ext/standard/tests/general_functions/header_redirection_010.phpt
@@ -0,0 +1,12 @@
+--TEST--
+Location: headers do not override the 304 Not Modified response code
+--CGI--
+--FILE--
+<?php
+header('HTTP/1.1 304 Not Modified');
+header('Location: http://example.com/');
+?>
+--EXPECTHEADERS--
+Status: 304 Not Modified
+Location: http://example.com/
+--EXPECT--
diff --git a/ext/standard/tests/general_functions/header_redirection_011.phpt b/ext/standard/tests/general_functions/header_redirection_011.phpt
new file mode 100644
index 0000000000..bfd8789639
--- /dev/null
+++ b/ext/standard/tests/general_functions/header_redirection_011.phpt
@@ -0,0 +1,12 @@
+--TEST--
+Location: headers do not override the 305 Use Proxy response code
+--CGI--
+--FILE--
+<?php
+header('HTTP/1.1 305 Use Proxy');
+header('Location: http://example.com/');
+?>
+--EXPECTHEADERS--
+Status: 305 Use Proxy
+Location: http://example.com/
+--EXPECT--
diff --git a/ext/standard/tests/general_functions/header_redirection_012.phpt b/ext/standard/tests/general_functions/header_redirection_012.phpt
new file mode 100644
index 0000000000..657028b09c
--- /dev/null
+++ b/ext/standard/tests/general_functions/header_redirection_012.phpt
@@ -0,0 +1,12 @@
+--TEST--
+Location: headers do not override the 307 Temporary Redirect response code
+--CGI--
+--FILE--
+<?php
+header('HTTP/1.1 307 Temporary Redirect');
+header('Location: http://example.com/');
+?>
+--EXPECTHEADERS--
+Status: 307 Temporary Redirect
+Location: http://example.com/
+--EXPECT--
diff --git a/ext/standard/tests/general_functions/header_redirection_013.phpt b/ext/standard/tests/general_functions/header_redirection_013.phpt
new file mode 100644
index 0000000000..4dce0d00fa
--- /dev/null
+++ b/ext/standard/tests/general_functions/header_redirection_013.phpt
@@ -0,0 +1,12 @@
+--TEST--
+Location: headers do not override the 308 Permanent Redirect response code
+--CGI--
+--FILE--
+<?php
+header('HTTP/1.1 308 Permanent Redirect');
+header('Location: http://example.com/');
+?>
+--EXPECTHEADERS--
+Status: 308 Permanent Redirect
+Location: http://example.com/
+--EXPECT--
diff --git a/ext/standard/tests/general_functions/header_redirection_014.phpt b/ext/standard/tests/general_functions/header_redirection_014.phpt
new file mode 100644
index 0000000000..a5fb6e8fec
--- /dev/null
+++ b/ext/standard/tests/general_functions/header_redirection_014.phpt
@@ -0,0 +1,12 @@
+--TEST--
+Location: headers do not override the 399 Choose Your Own Adventure response code
+--CGI--
+--FILE--
+<?php
+header('HTTP/1.1 399 Choose Your Own Adventure');
+header('Location: http://example.com/');
+?>
+--EXPECTHEADERS--
+Status: 399 Choose Your Own Adventure
+Location: http://example.com/
+--EXPECT--
diff --git a/main/SAPI.c b/main/SAPI.c
index f02bca6d1d..994aff38bf 100644
--- a/main/SAPI.c
+++ b/main/SAPI.c
@@ -821,7 +821,7 @@ SAPI_API int sapi_header_op(sapi_header_op_enum op, void *arg TSRMLS_DC)
 					"0", sizeof("0") - 1, PHP_INI_USER, PHP_INI_STAGE_RUNTIME);
 			} else if (!STRCASECMP(header_line, "Location")) {
 				if ((SG(sapi_headers).http_response_code < 300 ||
-					SG(sapi_headers).http_response_code > 307) &&
+					SG(sapi_headers).http_response_code > 399) &&
 					SG(sapi_headers).http_response_code != 201) {
 					/* Return a Found Redirect if one is not already specified */
 					if (http_response_code) { /* user specified redirect code */