[TYPO3-core] RFC #17471: Status "500 Internal Server Error" returned, if page is not found
Dmitry Dulepov
dmitry.dulepov at gmail.com
Tue Feb 22 11:09:12 CET 2011
Hi!
Steffen Gebert wrote:
> + // make sure that we do not overwrite a previously created status header
> + $headerList = headers_list();
> + if (count($headerList) == 0 || substr($headerList[0], 0, 7) === 'HTTP/1.') {
> + header("HTTP/1.1 500 Internal Server Error");
> + }
I can be very wrong but to me the change reads: "If there are zero headers
or the first header starts from "HTTP/1.", override it with 500 error". So
if somebody supplies the status as header('HTTP/1.1 404 Not found'), it
will be overriden. Am I wrong in reading this? Should there be "!=="
instead of "==="?
And yet another question: is it safe to assume that the status header is
always the first in the array returned by headers_list()? Isn't it possible
that headers_list() returns them in the order added?
I made the test:
-----------
<?php
header('Test: aaa');
header('HTTP/1.1 404 Not found');
print_r(headers_list());
-----------
Calling that gives the following:
-----------
HTTP/1.1 404 Not found
Date: Tue, 22 Feb 2011 10:06:00 GMT
Server: Apache/2.2.15 (Unix) mod_wsgi/3.2 Python/2.6.1 PHP/5.3.3
X-Powered-By: PHP/5.3.3
Test: aaa
Content-Type: text/html; charset=utf-8
Array
(
[0] => X-Powered-By: PHP/5.3.3
[1] => Test: aaa
)
-----------
If I swap calls to header(), I get a single element in the output and I
never get a header with "HTTP/1.". I can only conclude that in my case
there is no status header in the output of headers_list().
So -1 for now.
--
Dmitry Dulepov
TYPO3 core&security team member
E-mail: dmitry.dulepov at typo3.org
Web: http://dmitry-dulepov.com/
More information about the TYPO3-team-core
mailing list