ID: 49851 Updated by: sjo...@php.net Reported By: sjoerd-php at linuxonly dot nl Status: Open Bug Type: HTTP related Operating System: Linux 2.6.28 Ubuntu 9.0.4 PHP Version: 5.3SVN-2009-10-12 (SVN) New Comment:
See also bug #49847 "exec() confused by a specially crafted string", which has a similar cause. >From http_fopen_wrapper.c: while (!body && !php_stream_eof(stream)) { size_t http_header_line_length; if (php_stream_get_line(stream, http_header_line, HTTP_HEADER_BLOCK_SIZE, &http_header_line_length) && *http_header_line != '\n' && *http_header_line != '\r') { ... } else { break; Previous Comments: ------------------------------------------------------------------------ [2009-10-12 20:20:08] sjoerd-php at linuxonly dot nl Description: ------------ If a HTTP response contains an header of exactly 1024 characters, the remaining headers are not parsed and are returned in the output. Reproduce code: --------------- <?php echo file_get_contents('http://localhost/a.php'); ?> a.php: <?php header(str_pad('X-Padding: ', 1022, 'x')); header('Location: http://www.google.nl/'); echo "Foo"; ?> Expected result: ---------------- The homepage of google.nl. Actual result: -------------- Location: http://www.google.nl Vary: Accept-Encoding Content-Length: 3 Connection: close Content-Type: text/html Foo ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=49851&edit=1