ID: 49851
Updated by: [email protected]
Reported By: sjoerd-php at linuxonly dot nl
Status: Open
Bug Type: HTTP related
Operating System: Linux 2.6.28 Ubuntu 9.0.4
PHP Version: 5.3SVN-2009-10-12 (SVN)
New Comment:
See also bug #49847 "exec() confused by a specially crafted string",
which has a similar cause.
>From http_fopen_wrapper.c:
while (!body && !php_stream_eof(stream)) {
size_t http_header_line_length;
if (php_stream_get_line(stream, http_header_line,
HTTP_HEADER_BLOCK_SIZE, &http_header_line_length) && *http_header_line
!= '\n' && *http_header_line != '\r') {
...
} else {
break;
Previous Comments:
------------------------------------------------------------------------
[2009-10-12 20:20:08] sjoerd-php at linuxonly dot nl
Description:
------------
If a HTTP response contains an header of exactly 1024 characters, the
remaining headers are not parsed and are returned in the output.
Reproduce code:
---------------
<?php
echo file_get_contents('http://localhost/a.php');
?>
a.php:
<?php
header(str_pad('X-Padding: ', 1022, 'x'));
header('Location: http://www.google.nl/');
echo "Foo";
?>
Expected result:
----------------
The homepage of google.nl.
Actual result:
--------------
Location: http://www.google.nl
Vary: Accept-Encoding
Content-Length: 3
Connection: close
Content-Type: text/html
Foo
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=49851&edit=1
