From 1b9cbab9a770d084ed35ff9ae101fff2770c8f51 Mon Sep 17 00:00:00 2001 From: Adam Harvey Date: Thu, 12 Jun 2014 17:35:05 -0700 Subject: [PATCH] Keep 308-399 HTTP response codes when header('Location:') is called. Fixes bug #67428 (header('Location: foo') will override a 308-399 response code). --- NEWS | 4 ++++ .../general_functions/header_redirection_001.phpt | 11 +++++++++++ .../general_functions/header_redirection_002.phpt | 12 ++++++++++++ .../general_functions/header_redirection_003.phpt | 11 +++++++++++ .../general_functions/header_redirection_004.phpt | 11 +++++++++++ .../general_functions/header_redirection_005.phpt | 12 ++++++++++++ .../general_functions/header_redirection_006.phpt | 12 ++++++++++++ .../general_functions/header_redirection_007.phpt | 12 ++++++++++++ .../general_functions/header_redirection_008.phpt | 12 ++++++++++++ .../general_functions/header_redirection_009.phpt | 12 ++++++++++++ .../general_functions/header_redirection_010.phpt | 12 ++++++++++++ .../general_functions/header_redirection_011.phpt | 12 ++++++++++++ .../general_functions/header_redirection_012.phpt | 12 ++++++++++++ .../general_functions/header_redirection_013.phpt | 12 ++++++++++++ .../general_functions/header_redirection_014.phpt | 12 ++++++++++++ main/SAPI.c | 2 +- 16 files changed, 170 insertions(+), 1 deletion(-) create mode 100644 ext/standard/tests/general_functions/header_redirection_001.phpt create mode 100644 ext/standard/tests/general_functions/header_redirection_002.phpt create mode 100644 ext/standard/tests/general_functions/header_redirection_003.phpt create mode 100644 ext/standard/tests/general_functions/header_redirection_004.phpt create mode 100644 ext/standard/tests/general_functions/header_redirection_005.phpt create mode 100644 ext/standard/tests/general_functions/header_redirection_006.phpt create mode 100644 ext/standard/tests/general_functions/header_redirection_007.phpt create mode 100644 ext/standard/tests/general_functions/header_redirection_008.phpt create mode 100644 ext/standard/tests/general_functions/header_redirection_009.phpt create mode 100644 ext/standard/tests/general_functions/header_redirection_010.phpt create mode 100644 ext/standard/tests/general_functions/header_redirection_011.phpt create mode 100644 ext/standard/tests/general_functions/header_redirection_012.phpt create mode 100644 ext/standard/tests/general_functions/header_redirection_013.phpt create mode 100644 ext/standard/tests/general_functions/header_redirection_014.phpt diff --git a/NEWS b/NEWS index 424dcf01bf..6d6c461bc9 100644 --- a/NEWS +++ b/NEWS @@ -2,6 +2,10 @@ PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| ?? ??? 2014, PHP 5.4.31 +- Core: + . Fixed bug #67428 (header('Location: foo') will override a 308-399 response + code). (Adam) + ?? ??? 2014, PHP 5.4.30 - Core: diff --git a/ext/standard/tests/general_functions/header_redirection_001.phpt b/ext/standard/tests/general_functions/header_redirection_001.phpt new file mode 100644 index 0000000000..ecf57ec54a --- /dev/null +++ b/ext/standard/tests/general_functions/header_redirection_001.phpt @@ -0,0 +1,11 @@ +--TEST-- +Location: headers change the status code +--CGI-- +--FILE-- + +--EXPECTHEADERS-- +Status: 302 Moved Temporarily +Location: http://example.com/ +--EXPECT-- diff --git a/ext/standard/tests/general_functions/header_redirection_002.phpt b/ext/standard/tests/general_functions/header_redirection_002.phpt new file mode 100644 index 0000000000..2bf6dec510 --- /dev/null +++ b/ext/standard/tests/general_functions/header_redirection_002.phpt @@ -0,0 +1,12 @@ +--TEST-- +Location: headers override non-201 and 3xx response codes +--CGI-- +--FILE-- + +--EXPECTHEADERS-- +Status: 302 Moved Temporarily +Location: http://example.com/ +--EXPECT-- diff --git a/ext/standard/tests/general_functions/header_redirection_003.phpt b/ext/standard/tests/general_functions/header_redirection_003.phpt new file mode 100644 index 0000000000..678e3143ac --- /dev/null +++ b/ext/standard/tests/general_functions/header_redirection_003.phpt @@ -0,0 +1,11 @@ +--TEST-- +Location: headers respect the header() response code parameter +--CGI-- +--FILE-- + +--EXPECTHEADERS-- +Status: 404 Not Found +Location: http://example.com/ +--EXPECT-- diff --git a/ext/standard/tests/general_functions/header_redirection_004.phpt b/ext/standard/tests/general_functions/header_redirection_004.phpt new file mode 100644 index 0000000000..678e3143ac --- /dev/null +++ b/ext/standard/tests/general_functions/header_redirection_004.phpt @@ -0,0 +1,11 @@ +--TEST-- +Location: headers respect the header() response code parameter +--CGI-- +--FILE-- + +--EXPECTHEADERS-- +Status: 404 Not Found +Location: http://example.com/ +--EXPECT-- diff --git a/ext/standard/tests/general_functions/header_redirection_005.phpt b/ext/standard/tests/general_functions/header_redirection_005.phpt new file mode 100644 index 0000000000..fc3e0f7af8 --- /dev/null +++ b/ext/standard/tests/general_functions/header_redirection_005.phpt @@ -0,0 +1,12 @@ +--TEST-- +Location: headers do not override the 201 response code +--CGI-- +--FILE-- + +--EXPECTHEADERS-- +Status: 201 Created +Location: http://example.com/ +--EXPECT-- diff --git a/ext/standard/tests/general_functions/header_redirection_006.phpt b/ext/standard/tests/general_functions/header_redirection_006.phpt new file mode 100644 index 0000000000..5fb52096ce --- /dev/null +++ b/ext/standard/tests/general_functions/header_redirection_006.phpt @@ -0,0 +1,12 @@ +--TEST-- +Location: headers do not override the 300 Multiple Choices response code +--CGI-- +--FILE-- + +--EXPECTHEADERS-- +Status: 300 Multiple Choices +Location: http://example.com/ +--EXPECT-- diff --git a/ext/standard/tests/general_functions/header_redirection_007.phpt b/ext/standard/tests/general_functions/header_redirection_007.phpt new file mode 100644 index 0000000000..6769b080fb --- /dev/null +++ b/ext/standard/tests/general_functions/header_redirection_007.phpt @@ -0,0 +1,12 @@ +--TEST-- +Location: headers do not override the 301 Moved Permanently response code +--CGI-- +--FILE-- + +--EXPECTHEADERS-- +Status: 301 Moved Permanently +Location: http://example.com/ +--EXPECT-- diff --git a/ext/standard/tests/general_functions/header_redirection_008.phpt b/ext/standard/tests/general_functions/header_redirection_008.phpt new file mode 100644 index 0000000000..50993707c1 --- /dev/null +++ b/ext/standard/tests/general_functions/header_redirection_008.phpt @@ -0,0 +1,12 @@ +--TEST-- +Location: headers do not override the 302 Found response code +--CGI-- +--FILE-- + +--EXPECTHEADERS-- +Status: 302 Found +Location: http://example.com/ +--EXPECT-- diff --git a/ext/standard/tests/general_functions/header_redirection_009.phpt b/ext/standard/tests/general_functions/header_redirection_009.phpt new file mode 100644 index 0000000000..f8d27f9bfd --- /dev/null +++ b/ext/standard/tests/general_functions/header_redirection_009.phpt @@ -0,0 +1,12 @@ +--TEST-- +Location: headers do not override the 303 See Other response code +--CGI-- +--FILE-- + +--EXPECTHEADERS-- +Status: 303 See Other +Location: http://example.com/ +--EXPECT-- diff --git a/ext/standard/tests/general_functions/header_redirection_010.phpt b/ext/standard/tests/general_functions/header_redirection_010.phpt new file mode 100644 index 0000000000..316112dde7 --- /dev/null +++ b/ext/standard/tests/general_functions/header_redirection_010.phpt @@ -0,0 +1,12 @@ +--TEST-- +Location: headers do not override the 304 Not Modified response code +--CGI-- +--FILE-- + +--EXPECTHEADERS-- +Status: 304 Not Modified +Location: http://example.com/ +--EXPECT-- diff --git a/ext/standard/tests/general_functions/header_redirection_011.phpt b/ext/standard/tests/general_functions/header_redirection_011.phpt new file mode 100644 index 0000000000..bfd8789639 --- /dev/null +++ b/ext/standard/tests/general_functions/header_redirection_011.phpt @@ -0,0 +1,12 @@ +--TEST-- +Location: headers do not override the 305 Use Proxy response code +--CGI-- +--FILE-- + +--EXPECTHEADERS-- +Status: 305 Use Proxy +Location: http://example.com/ +--EXPECT-- diff --git a/ext/standard/tests/general_functions/header_redirection_012.phpt b/ext/standard/tests/general_functions/header_redirection_012.phpt new file mode 100644 index 0000000000..657028b09c --- /dev/null +++ b/ext/standard/tests/general_functions/header_redirection_012.phpt @@ -0,0 +1,12 @@ +--TEST-- +Location: headers do not override the 307 Temporary Redirect response code +--CGI-- +--FILE-- + +--EXPECTHEADERS-- +Status: 307 Temporary Redirect +Location: http://example.com/ +--EXPECT-- diff --git a/ext/standard/tests/general_functions/header_redirection_013.phpt b/ext/standard/tests/general_functions/header_redirection_013.phpt new file mode 100644 index 0000000000..4dce0d00fa --- /dev/null +++ b/ext/standard/tests/general_functions/header_redirection_013.phpt @@ -0,0 +1,12 @@ +--TEST-- +Location: headers do not override the 308 Permanent Redirect response code +--CGI-- +--FILE-- + +--EXPECTHEADERS-- +Status: 308 Permanent Redirect +Location: http://example.com/ +--EXPECT-- diff --git a/ext/standard/tests/general_functions/header_redirection_014.phpt b/ext/standard/tests/general_functions/header_redirection_014.phpt new file mode 100644 index 0000000000..a5fb6e8fec --- /dev/null +++ b/ext/standard/tests/general_functions/header_redirection_014.phpt @@ -0,0 +1,12 @@ +--TEST-- +Location: headers do not override the 399 Choose Your Own Adventure response code +--CGI-- +--FILE-- + +--EXPECTHEADERS-- +Status: 399 Choose Your Own Adventure +Location: http://example.com/ +--EXPECT-- diff --git a/main/SAPI.c b/main/SAPI.c index f02bca6d1d..994aff38bf 100644 --- a/main/SAPI.c +++ b/main/SAPI.c @@ -821,7 +821,7 @@ SAPI_API int sapi_header_op(sapi_header_op_enum op, void *arg TSRMLS_DC) "0", sizeof("0") - 1, PHP_INI_USER, PHP_INI_STAGE_RUNTIME); } else if (!STRCASECMP(header_line, "Location")) { if ((SG(sapi_headers).http_response_code < 300 || - SG(sapi_headers).http_response_code > 307) && + SG(sapi_headers).http_response_code > 399) && SG(sapi_headers).http_response_code != 201) { /* Return a Found Redirect if one is not already specified */ if (http_response_code) { /* user specified redirect code */ -- 2.49.0