ID: 49851
Updated by: sjo...@php.net
Reported By: sjoerd-php at linuxonly dot nl
-Status: Feedback
+Status: Open
Bug Type: HTTP related
Operating System: *
PHP Version: 5.*, 6
New Comment:
Apache module.
The important thing is that a.php gives a header which is exactly 1024
bytes long, including \r\n. The file_get_contents than gives a wrong
result, and you can run that on the CLI or any other SAPI.
Previous Comments:
------------------------------------------------------------------------
[2009-11-30 19:48:27] j...@php.net
What SAPI are you using? I can not reproduce this with fastcgi +
lighttpd..
------------------------------------------------------------------------
[2009-10-24 08:08:10] sjo...@php.net
Thank you for your input. However, I disagree with your post.
> php internally does not have any hard coded limit
http_fopen_wrapper.c:75
#define HTTP_HEADER_BLOCK_SIZE 1024
> the header does not end with \r\n
This is not needed with header().
> $string = str_pad('X-Padding: ', 1022, 'x').'\r\n';
This appends \r\n instead of CRLF, because you use single quotes
instead of double quotes.
------------------------------------------------------------------------
[2009-10-24 02:16:58] srina...@php.net
php internally does not have any hard coded limit to parse the header
value. the only time, you will see http header in your output is when
the header does not end with \r\n (to mark it as new line).
as per HTTP spec, every HTTP headers need to end with \r\n (CR LF) to
mark the end of the line. php internally checks for this line to
determine if the header is done before proceeding to parse the body of
the request.
if you modify this below test case to reflect that there needs to be
\r\n to mark it as end of line, then you will see the expected output.
<?php
$string = str_pad('X-Padding: ', 1022, 'x').'\r\n';
header($string);
header('Location: http://www.google.nl/');
echo "Foo";
?>
i suggest marking this bug as bogus (or not an issue).
------------------------------------------------------------------------
[2009-10-12 21:16:11] lbarn...@php.net
Verified, since 5.1.0 at least.
------------------------------------------------------------------------
[2009-10-12 20:24:53] sjo...@php.net
See also bug #49847 "exec() confused by a specially crafted string",
which has a similar cause.
>From http_fopen_wrapper.c:
while (!body && !php_stream_eof(stream)) {
size_t http_header_line_length;
if (php_stream_get_line(stream, http_header_line,
HTTP_HEADER_BLOCK_SIZE, &http_header_line_length) && *http_header_line
!= '\n' && *http_header_line != '\r') {
...
} else {
break;
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/49851
--
Edit this bug report at http://bugs.php.net/?id=49851&edit=1
