ID: 40761 Updated by: [EMAIL PROTECTED] Reported By: c dot kirschnick at gmx dot net -Status: Assigned +Status: Feedback Bug Type: CGI related Operating System: * PHP Version: 4.4.5 Assigned To: mike New Comment:
Please tell me your server software and your configure line. Cannot reproduce with 4.4.3 and 4.4-CVS: [EMAIL PROTECTED]:~/build/php-4.4-cgi-http$ cgi <<<'<?php header("HTTP/1.1 403 Forbidden");' Status: 403 X-Powered-By: PHP/4.4.7-dev Content-type: text/html As you write HTTP/1.1 200 OK HTTP/1.1 403 Forbidden as seen result, I think your server software exhibits this bug. Previous Comments: ------------------------------------------------------------------------ [2007-03-08 20:43:33] c dot kirschnick at gmx dot net Description: ------------ This bug was sent in before, but marked wrong "bogus"/"won't fix". (See Bug #38369). PHP does not correctly handle calls such as header("Status: ..."). In CGI mode it should process such a call as a changing the HTTP response code (consistent with its handling of, e.g., header("Location: ...")). However, at present there is no special handling of the Status: header. That's why sending Status: and then Location: causes a duplicate header: the Location: header is handled as a special case and causes sapi_update_response_code(302) to be called, whereas the Status: header is just added to the list of headers to be sent back to the web server (see bug #33225 incorrectly marked "bogus", I think because the reviewer doesn't understand CGI). Note that sending two different Status: headers explicitly with header("Status: ...") doesn't give this error, because the default operation is to *replace* the header, not add a new one. Since PHP should conform to the CGI-norm, this bug should be fixed. Although the IE does not fully stick to this norm, the FF does - which ignores duplicated headers, resulting in different behaviour of both. Reproduce code: --------------- <? header("HTTP/1.1 403 Forbidden"); ?> Expected result: ---------------- An error message created by the browser Actual result: -------------- IE: correct 403 FF: blank page (no output) The headers: HTTP/1.1 200 OK HTTP/1.1 403 Forbidden ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=40761&edit=1