Merge branch 'master' of https://git.php.net/repository/php-src

cjbj · cjbj · commit 97f9a677b8fc · 2013-09-10T05:41:01.000-07:00
* 'master' of https://git.php.net/repository/php-src: Tinker with the wording of the short_open_tag description. Fix NEWS: these commits were after 5.5.4 was branched and will be in 5.5.5. Handle CLI server request headers case insensitively. 5.4.21 now
diff --git a/php.ini-development b/php.ini-development
@@ -199,13 +199,12 @@
 engine = On
 
 ; This directive determines whether or not PHP will recognize code between
-; <? and ?> tags as PHP source which should be processed as such. For several
-; years we recommended that you not use the short tag shortcut and
-; instead to use the full <?php and ?> tag combination. With the widespread use
-; of XML and use of these tags by other languages, the server can become easily
-; confused and end up parsing the wrong code in the wrong context.
-; This shortcut is still supported for backwards compatibility, but we
-; recommend against its use.
+; <? and ?> tags as PHP source which should be processed as such. It is
+; generally recommended that <?php and ?> should be used and that this feature
+; should be disabled, as enabling it may result in issues when generating XML
+; documents, however this remains supported for backward compatibility reasons.
+; Note that this directive does not control the <?= shorthand tag, which can be
+; used regardless of this directive.
 ; Default Value: On
 ; Development Value: Off
 ; Production Value: Off
diff --git a/php.ini-production b/php.ini-production
@@ -199,14 +199,12 @@
 engine = On
 
 ; This directive determines whether or not PHP will recognize code between
-; <? and ?> tags as PHP source which should be processed as such. For several
-; years we recommended that you not use the short tag shortcut and
-; instead to use the full <?php and ?> tag combination. With the widespread use
-; of XML and use of these tags by other languages, the server can become easily
-; confused and end up parsing the wrong code in the wrong context.
-; This shortcut is still supported for backwards compatibility, but we
-; recommend against its use.
-; Default Value: On
+; <? and ?> tags as PHP source which should be processed as such. It is
+; generally recommended that <?php and ?> should be used and that this feature
+; should be disabled, as enabling it may result in issues when generating XML
+; documents, however this remains supported for backward compatibility reasons.
+; Note that this directive does not control the <?= shorthand tag, which can be
+; used regardless of this directive.
 ; Default Value: On
 ; Development Value: Off
 ; Production Value: Off
diff --git a/sapi/cli/php_cli_server.c b/sapi/cli/php_cli_server.c
@@ -412,7 +412,7 @@ static void append_essential_headers(smart_str* buffer, php_cli_server_client *c
 {
 	{
 		char **val;
-		if (SUCCESS == zend_hash_find(&client->request.headers, "Host", sizeof("Host"), (void**)&val)) {
+		if (SUCCESS == zend_hash_find(&client->request.headers, "host", sizeof("host"), (void**)&val)) {
 			smart_str_appendl_ex(buffer, "Host", sizeof("Host") - 1, persistent);
 			smart_str_appendl_ex(buffer, ": ", sizeof(": ") - 1, persistent);
 			smart_str_appends_ex(buffer, *val, persistent);
@@ -568,7 +568,7 @@ static char *sapi_cli_server_read_cookies(TSRMLS_D) /* {{{ */
 {
 	php_cli_server_client *client = SG(server_context);
 	char **val;
-	if (FAILURE == zend_hash_find(&client->request.headers, "Cookie", sizeof("Cookie"), (void**)&val)) {
+	if (FAILURE == zend_hash_find(&client->request.headers, "cookie", sizeof("cookie"), (void**)&val)) {
 		return NULL;
 	}
 	return *val;
@@ -1566,12 +1566,9 @@ static int php_cli_server_client_read_request_on_header_value(php_http_parser *p
 		return 1;
 	}
 	{
-		char *header_name = client->current_header_name;
-		size_t header_name_len = client->current_header_name_len;
-		char c = header_name[header_name_len];
-		header_name[header_name_len] = '\0';
-		zend_hash_add(&client->request.headers, header_name, header_name_len + 1, &value, sizeof(char *), NULL);
-		header_name[header_name_len] = c;
+		char *header_name = zend_str_tolower_dup(client->current_header_name, client->current_header_name_len);
+		zend_hash_add(&client->request.headers, header_name, client->current_header_name_len + 1, &value, sizeof(char *), NULL);
+		efree(header_name);
 	}
 
 	if (client->current_header_name_allocated) {
@@ -1729,7 +1726,7 @@ static void php_cli_server_client_populate_request_info(const php_cli_server_cli
 	request_info->post_data = client->request.content;
 	request_info->content_length = request_info->post_data_length = client->request.content_len;
 	request_info->auth_user = request_info->auth_password = request_info->auth_digest = NULL;
-	if (SUCCESS == zend_hash_find(&client->request.headers, "Content-Type", sizeof("Content-Type"), (void**)&val)) {
+	if (SUCCESS == zend_hash_find(&client->request.headers, "content-type", sizeof("content-type"), (void**)&val)) {
 		request_info->content_type = *val;
 	}
 } /* }}} */
@@ -1967,7 +1964,7 @@ static int php_cli_server_begin_send_static(php_cli_server *server, php_cli_serv
 static int php_cli_server_request_startup(php_cli_server *server, php_cli_server_client *client TSRMLS_DC) { /* {{{ */
 	char **auth;
 	php_cli_server_client_populate_request_info(client, &SG(request_info));
-	if (SUCCESS == zend_hash_find(&client->request.headers, "Authorization", sizeof("Authorization"), (void**)&auth)) {
+	if (SUCCESS == zend_hash_find(&client->request.headers, "authorization", sizeof("authorization"), (void**)&auth)) {
 		php_handle_auth_data(*auth TSRMLS_CC);
 	}
 	SG(sapi_headers).http_response_code = 200;
diff --git a/sapi/cli/tests/bug65633.phpt b/sapi/cli/tests/bug65633.phpt
@@ -0,0 +1,48 @@
+--TEST--
+Bug #65633 (built-in server treat some http headers as case-sensitive)
+--SKIPIF--
+<?php
+include "skipif.inc";
+?>
+--FILE--
+<?php
+include "php_cli_server.inc";
+php_cli_server_start(<<<'PHP'
+var_dump($_COOKIE, $_SERVER['HTTP_FOO']);
+PHP
+);
+
+list($host, $port) = explode(':', PHP_CLI_SERVER_ADDRESS);
+$port = intval($port)?:80;
+
+$fp = fsockopen($host, $port, $errno, $errstr, 0.5);
+if (!$fp) {
+  die("connect failed");
+}
+
+if(fwrite($fp, <<<HEADER
+GET / HTTP/1.1
+cookie: foo=bar
+foo: bar
+
+
+HEADER
+)) {
+    while (!feof($fp)) {
+        echo fgets($fp);
+    }
+}
+
+fclose($fp);
+?>
+--EXPECTF--
+HTTP/1.1 200 OK
+Connection: close
+X-Powered-By: %s
+Content-type: text/html
+
+array(1) {
+  ["foo"]=>
+  string(3) "bar"
+}
+string(3) "bar"

Original file line number	Diff line number	Diff line change
`@@ -412,7 +412,7 @@ static void append_essential_headers(smart_str* buffer, php_cli_server_client *c`
`412`	`412`	`{`
`413`	`413`	`{`
`414`	`414`	`char **val;`
`415`		`- if (SUCCESS == zend_hash_find(&client->request.headers, "Host", sizeof("Host"), (void**)&val)) {`
	`415`	`+ if (SUCCESS == zend_hash_find(&client->request.headers, "host", sizeof("host"), (void**)&val)) {`
`416`	`416`	`smart_str_appendl_ex(buffer, "Host", sizeof("Host") - 1, persistent);`
`417`	`417`	`smart_str_appendl_ex(buffer, ": ", sizeof(": ") - 1, persistent);`
`418`	`418`	`smart_str_appends_ex(buffer, *val, persistent);`
`@@ -568,7 +568,7 @@ static char sapi_cli_server_read_cookies(TSRMLS_D) / {{{ */`
`568`	`568`	`{`
`569`	`569`	`php_cli_server_client *client = SG(server_context);`
`570`	`570`	`char **val;`
`571`		`- if (FAILURE == zend_hash_find(&client->request.headers, "Cookie", sizeof("Cookie"), (void**)&val)) {`
	`571`	`+ if (FAILURE == zend_hash_find(&client->request.headers, "cookie", sizeof("cookie"), (void**)&val)) {`
`572`	`572`	`return NULL;`
`573`	`573`	`}`
`574`	`574`	`return *val;`
`@@ -1566,12 +1566,9 @@ static int php_cli_server_client_read_request_on_header_value(php_http_parser *p`
`1566`	`1566`	`return 1;`
`1567`	`1567`	`}`
`1568`	`1568`	`{`
`1569`		`- char *header_name = client->current_header_name;`
`1570`		`- size_t header_name_len = client->current_header_name_len;`
`1571`		`- char c = header_name[header_name_len];`
`1572`		`- header_name[header_name_len] = '\0';`
`1573`		`- zend_hash_add(&client->request.headers, header_name, header_name_len + 1, &value, sizeof(char *), NULL);`
`1574`		`- header_name[header_name_len] = c;`
	`1569`	`+ char *header_name = zend_str_tolower_dup(client->current_header_name, client->current_header_name_len);`
	`1570`	`+ zend_hash_add(&client->request.headers, header_name, client->current_header_name_len + 1, &value, sizeof(char *), NULL);`
	`1571`	`+ efree(header_name);`
`1575`	`1572`	`}`
`1576`	`1573`
`1577`	`1574`	`if (client->current_header_name_allocated) {`
`@@ -1729,7 +1726,7 @@ static void php_cli_server_client_populate_request_info(const php_cli_server_cli`
`1729`	`1726`	`request_info->post_data = client->request.content;`
`1730`	`1727`	`request_info->content_length = request_info->post_data_length = client->request.content_len;`
`1731`	`1728`	`request_info->auth_user = request_info->auth_password = request_info->auth_digest = NULL;`
`1732`		`- if (SUCCESS == zend_hash_find(&client->request.headers, "Content-Type", sizeof("Content-Type"), (void**)&val)) {`
	`1729`	`+ if (SUCCESS == zend_hash_find(&client->request.headers, "content-type", sizeof("content-type"), (void**)&val)) {`
`1733`	`1730`	`request_info->content_type = *val;`
`1734`	`1731`	`}`
`1735`	`1732`	`} /* }}} */`
`@@ -1967,7 +1964,7 @@ static int php_cli_server_begin_send_static(php_cli_server *server, php_cli_serv`
`1967`	`1964`	`static int php_cli_server_request_startup(php_cli_server server, php_cli_server_client client TSRMLS_DC) { /* {{{ */`
`1968`	`1965`	`char **auth;`
`1969`	`1966`	`php_cli_server_client_populate_request_info(client, &SG(request_info));`
`1970`		`- if (SUCCESS == zend_hash_find(&client->request.headers, "Authorization", sizeof("Authorization"), (void**)&auth)) {`
	`1967`	`+ if (SUCCESS == zend_hash_find(&client->request.headers, "authorization", sizeof("authorization"), (void**)&auth)) {`
`1971`	`1968`	`php_handle_auth_data(*auth TSRMLS_CC);`
`1972`	`1969`	`}`
`1973`	`1970`	`SG(sapi_headers).http_response_code = 200;`