Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:116707 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 66988 invoked from network); 21 Dec 2021 17:55:15 -0000 Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5) by pb1.pair.com with SMTP; 21 Dec 2021 17:55:15 -0000 Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id F2D211804AA; Tue, 21 Dec 2021 10:58:56 -0800 (PST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=-2.3 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.2 X-Spam-ASN: AS8560 212.227.0.0/16 X-Spam-Virus: No X-Envelope-From: Received: from mout.gmx.net (mout.gmx.net [212.227.15.19]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS; Tue, 21 Dec 2021 10:58:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=badeba3b8450; t=1640113134; bh=wHGW15R8bWo3hP+N6OElGhJEUvXc7ys7wk6RILqLdNs=; h=X-UI-Sender-Class:Date:To:Cc:From:Subject; b=OsD+XTKffXnGXpGqjTLT/kx6ceqbiftT40s2Ta82Hbkj3ezjGPmh5WJNvTNHGun4D 8YnwKt5Cro3IknWtZBL95zbE5dlxTe0DKwgLtjfZH1xw25NOqotYdb9+0PzQ6Pov+y ly2FBVHUbRefaIZwlPGW1e9DVBIlr7w8/SEI5D6E= X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c Received: from [192.168.2.130] ([79.222.44.194]) by mail.gmx.net (mrgmx005 [212.227.17.190]) with ESMTPSA (Nemesis) id 1MhlKs-1mV6Qo2b4K-00dmwU; Tue, 21 Dec 2021 19:58:54 +0100 Message-ID: <5d2b1d8f-9b7a-558f-8750-cc97b3ad0589@gmx.de> Date: Tue, 21 Dec 2021 19:58:54 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.4.0 To: PHP internals Content-Language: de-DE Cc: Jakub Zelenka Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Provags-ID: V03:K1:6s5XxoItVcd0MSYRWbOpSrsi2918RjEoaDOxRy44KfNsKP2SMZ+ ZUz93HfGMvzz+XPNND1GQLH4rHB43NrzuxeEWnzec9tcYnMxrS0MAn6pID2QIOI5U9hIRNj 4SodnlEt/jQ36IM6qGGk6MOp8/ehSl4ai5XWRrMQyfbfydmP8BqOv0wpI4Ow4KBRB7x6MLq +rY3fi9FSSddPOK3xQ9uA== X-UI-Out-Filterresults: notjunk:1;V03:K0:glYS2Ku/ejE=:/c5F0DpzpdrhGrUaeH0mnq AzbPf9sRC2rdfnmwSlknrnEVx9Es1eIgPliCqPh0Dnh3qhc4c5ovmYhFIVsUlmb6ojZC3KO3b o9xQWDw+8eT3gEmkuuSr9dWEF/yu8CJjL6WFdA1q/NHqZVsEWviv5rPlfnyg3BZcnZfMTcLr6 QwPWEWnTgeY9DmjzSsWaqTAi9azQGBAwWUU/UlKwNxEWpM2gPVtsI8cZsZK5uspMxKN65HC1X flIxrLmQ0+sRmV5es+S+zjpOfvoBxUcrSGn1G5QYrwnclGPYri9obY72DzNasaV+Q67ZiP3YV 5tLYWPJBSbTV2ySL3RouHu00fncsCvvgdHt+traBzrXHw826I6iYj00wp2SrvhJZdW8qUIxat IhS+dRDPUCDkPF1E0gmByFoGuaT6TNZ/Oa8Tv8+ZbeA6jgTCD4XyACjJaI9xzLosAB3hhsCrL 6h7IprTPTq+cBkS8nCcAssWeaVginvqiSpiqN3otp8HuuN8DXEzNg5UGAnfxavafz6QReLMLs 5GoBEpTLdbjU9Vdz0KqbmNhBnnWjJ4nZoBo0c9WplYHs5cXZttpdV5oGwa5+7jZUdW/TGEptA dZOBJz4j0FsBH17STHicj5O16taH9a+7DcgT7m7v55uK2lfrToF0Jh09ojv2fe0pp6HDBzJLd TRUtTpBzxoiGdIcnq2Clv5immoCuM8LoxBkV4qixaMXYvXBCgeguJVHnVauexppFuT4IWUg+x GPH/2/b1Mvr9XIXRpmkSDstq0fLGi4PgDH+aDjndYyR0KVcT/wPKCHXCt4DE5+MRHO5/u4aXv LE27YKiTd+5tGO0iBbRR2EH3r9XLoXhhVWfH2C7S1GNnRXxx/Vzd0+sB37Y74rFY09ypMMfBX 23qUf6HMpeQlLpMZpLOZoor6x65RtyOhk3XxklpvSkx90TzQ/259N38avDOZpHTz3m6bf8MOF labHEXFUp+KGXDG5ZJbZhEfClz1cWL1dSkDK2QSFF/WqokUm7MeKtJvQVnP6KtW8+b8B0F4v3 LaY1Pgg4AUFb9lhJXgVDAtDYSkaxb5cX0bh9M0SJ8xxjq5zZzQMUVOUj7pVbN0BzCKTwYUpL8 xsAyesU1nWCAWs= Subject: header() allows arbitrary status codes From: cmbecker69@gmx.de ("Christoph M. Becker") Hi all, a while ago it has been reported[1] that our header() function actually allows arbitrary status codes, which may even overflow. Of course, that makes no sense, since the status code is supposed to be a three digit code. So this ticket has been followed up by a pull request[2], and Jakub suggested to further restrict the status code to be in range 100 - 599. Since this could break some pathological cases, I wanted to ask whether anybody objects to this change for the master branch (i.e. PHP 8.2). [1] [2] Christoph