Home Original page

PHP returns Content-Type header for 304 responses

Bug #33057 PHP returns Content-Type header for 304 responses
Submitted: 2005-05-18 16:12 UTC Modified: 2005-05-20 09:13 UTC
From: cboitel at lfdj dot com Assigned: rasmus (profile)
Status: Closed Package: Apache related
PHP Version: 5.0.4, 4.3.11 OS: Solaris/Linux
Private report: No CVE-ID: None

 [2005-05-18 16:12 UTC] cboitel at lfdj dot com

Description:
------------
When setting response code to 304 from within PHP code, a "Content-Type:" header is always added when PHP is compiled within Apache 1.3x whereas it is not for Apache 2.x

This makes Apache 1.3x/PHP non compliant with RFC HTTP/1.1 for 304 responses in the case where a weak validator is used (Content-Type MUST not be returned).

Reproduce code:
---------------
mytest1.php
<?
header( "HTTP/1.1 304 Not Modified" );
?>

Expected result:
----------------
telnet localhost 80
GET /mytest1.php HTTP/1.0

HTTP/1.1 304 Not Modified
Date: Wed, 18 May 2005 14:10:06 GMT
Server: Apache
Connection: close




Actual result:
--------------
telnet localhost 80
GET /mytest1.php HTTP/1.0

HTTP/1.1 304 Not Modified
Date: Wed, 18 May 2005 14:10:06 GMT
Server: Apache
Content-Type: text/html
Connection: close

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

 [2005-05-18 16:23 UTC] cboitel at lfdj dot com

I have patched the mod_php4.c file to use send_error_response apache function instead of send_http_headers for 304 responses. You should also check if send_error_response shall also be used for non-200 responses and if its second param (recursive call) shall be set to 0 or 1.

static int sapi_apache_send_headers(sapi_headers_struct *sapi_headers TSRMLS_DC)
{
        request_rec *r;

        if(SG(server_context) == NULL) { /* server_context is not here anymore */
                return SAPI_HEADER_SEND_FAILED;
        }
        r = (request_rec *) SG(server_context);
        r->status = SG(sapi_headers).http_response_code;
        if( r-> status==304 )
        {
         send_error_response( r, 0 );
        }
        else
        {
         send_http_header((request_rec *) SG(server_context));
        }
        return SAPI_HEADER_SENT_SUCCESSFULLY;
}

 [2005-05-18 17:04 UTC] tony2001@php.net

Please generate unified diff (`diff -u`), put it somewhere and give us it's URL.

 [2005-05-19 09:04 UTC] cboitel at lfdj dot com

Unified diff below:

--- mod_php4.c  2005-05-18 15:33:58.000000000 +0200
+++ mod_php4.c.original 2003-06-03 07:41:49.000000000 +0200
@@ -209,21 +209,12 @@
  */
 static int sapi_apache_send_headers(sapi_headers_struct *sapi_headers TSRMLS_DC)
 {
-       request_rec *r;
-
        if(SG(server_context) == NULL) { /* server_context is not here anymore */
                return SAPI_HEADER_SEND_FAILED;
        }
-       r = (request_rec *) SG(server_context);
-       r->status = SG(sapi_headers).http_response_code;
-       if( r-> status==304 )
-       {
-        send_error_response( r, 0 );
-       }
-       else
-       {
-        send_http_header((request_rec *) SG(server_context));
-        }
+
+       ((request_rec *) SG(server_context))->status = SG(sapi_headers).http_response_code;
+       send_http_header((request_rec *) SG(server_context));
        return SAPI_HEADER_SENT_SUCCESSFULLY;
 }
 /* }}} */

 [2005-05-19 17:18 UTC] rasmus@php.net

Your patch is upside down, but the idea is sound.  I'll have a look.

 [2010-08-20 12:12 UTC] petr at mail dot ru

This patch do not allow to send any extra headers now. 
The solution is bad.
It need remove Content-Type header only.