Edit report at https://bugs.php.net/bug.php?id=62524&edit=1
ID: 62524 Comment by: stormbyte at gmail dot com Reported by: mike dot hall at twistdigital dot co dot uk Summary: fopen follows redirects for non-3xx statuses Status: Closed Type: Bug Package: Streams related Operating System: Ubuntu 12.04 PHP Version: 5.4.4 Block user comment: N Private report: N New Comment: I saw git diff, and 308 permanent redirect is missing in the code: /* we only care about Location for 300, 301, 302, 303 and 307 */ Since 308 is Permanent Redirect in http 1.1, it should be included also to be followed and not ignored, otherwise, this bug might happen again on some servers. Previous Comments: ------------------------------------------------------------------------ [2013-01-29 08:29:32] s...@php.net Automatic comment on behalf of stas Revision: http://git.php.net/?p=php-src.git;a=commit;h=5382e156f925603ef0f65b9cc4fed29cbe2dce9b Log: Fix bug #62524, only follow redirects in file streams for 3xx HTTP statuses ------------------------------------------------------------------------ [2012-11-25 02:15:33] wes at serverdensity dot com I've submitted a patch for this via Github pull request: https://github.com/php/php-src/pull/236 ------------------------------------------------------------------------ [2012-07-12 14:34:17] Sjon at hortensius dot net A more complete example confirms this behavior: I also fixed some syntax errors <?php header('Location: http://php.net', true, 201); if (isset($_GET['waa'])) return; $context = stream_context_create(array( "http" => array( "method" => "POST", "header" => "Content-Length: 13", "content" => "{\"foo\":\"bar\"}", ), )); $fp = fopen('http://'.$_SERVER['SERVER_NAME']. $_SERVER['PHP_SELF'] .'?waa=1', 'r', null, $context); print(stream_get_contents($fp)); ------------------------------------------------------------------------ [2012-07-10 16:00:52] mike dot hall at twistdigital dot co dot uk Description: ------------ The HTTP location header can either be used to direct the user to another resource (when accompanied by a 3xx status code) or to inform the user of the location of the document they just created (with a 2xx) status code. It doesn't make sense to treat the location header as a redirect in the second context - the location header indicates a redirect only when accompanied by a 3xx status code. Currently, PHP follows Location headers as if they are redirects regardless of the returned status code. Test script: --------------- $context = stream_context_create([ "http" => [ "method" => "POST" "header" => "Content-Length: 13" "content" => "{\"foo\":\"bar\"}", ], ]); // Returns HTTP/1.1 201 Created // Location: http://example.com/mydb/documentid // // {"status":"ok"} $fp = fopen('http://example.com/mydb', 'r', null, $context); $data = stream_get_contents($fp); list($headers, $body) = explode("\r\n\r\n", $data, 2); echo $body; Expected result: ---------------- {"status":"ok"} Actual result: -------------- {"foo":"bar"} ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=62524&edit=1
