Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:116723 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 58028 invoked from network); 22 Dec 2021 22:23:36 -0000 Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5) by pb1.pair.com with SMTP; 22 Dec 2021 22:23:36 -0000 Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id 96D2A1804B5; Wed, 22 Dec 2021 15:27:36 -0800 (PST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=-1.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,NICE_REPLY_A, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.2 X-Spam-ASN: AS8560 212.227.0.0/16 X-Spam-Virus: No X-Envelope-From: Received: from mout.gmx.net (mout.gmx.net [212.227.17.21]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS; Wed, 22 Dec 2021 15:27:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=badeba3b8450; t=1640215653; bh=PIstjVyVivYAvdZ9zitF9LIE/XB9sMXLByAwZ4wSUXc=; h=X-UI-Sender-Class:Date:Subject:To:Cc:References:From:In-Reply-To; b=XbtN0L8Sd4wu1G77yKRqZx0pIoPHTCqMUO1HE0YgythAg7J+thyT2iP1aMWfjY4hO hjlbY4i/vCmtGDBTai6IFUea3+aVNdH8qeTrwEEWaEOAxTyqbCdH+cPTDqAINOphAW AqK/oVzekb6PInx4I2yQC8eakqSRFOPLnTzd0PNk= X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c Received: from [192.168.2.130] ([79.222.44.194]) by mail.gmx.net (mrgmx105 [212.227.17.168]) with ESMTPSA (Nemesis) id 1N0XD2-1mEn2102aK-00wSKo; Thu, 23 Dec 2021 00:27:33 +0100 Message-ID: <9ad619f9-2c2f-00b3-ce2c-87e141af801d@gmx.de> Date: Thu, 23 Dec 2021 00:27:32 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.4.0 Content-Language: de-DE To: Ayesh Karunaratne Cc: PHP internals , Jakub Zelenka References: <5d2b1d8f-9b7a-558f-8750-cc97b3ad0589@gmx.de> In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Provags-ID: V03:K1:93ihaq6G11FAo1sjm3jZAV1pCUG58WwmXoGUmlLPSymE/Ufww2k Fw0qChuigXVaSfnaFy9XOMJFbWfPdCakSzE4f74R4qlXYv+6flGt3xDvn7JvbLtVWo8Pc+e AhtSwJfHxTuwg1/9Lb4U4KUNduf5yQM6RF9POKzyXYja2LESSKs7OP4ZzdcN3x0e/MLg3G8 Pyo3oUBjGA2mOXKgYbgfA== X-UI-Out-Filterresults: notjunk:1;V03:K0:q6Elx5NCnU0=:JKc1+2Vf8jVu52jZyXaBNH drOx0obDBKwqf5rkO3GYKk2slrl43+FXjhMd8tWbUsyvKc6VuTr1nCaVSLfCUE4Dinr9b2Q1a 5woIBK6IxCOPpQiqWUQkLxO8gG0hH/VNs8TiTIxDiFj8fCsHgN/71ftjkxR/wkejc7wurQOz0 ILkO1laXRLbRED614z413w8keXAZox+SoeIEvPRw2UtanzTrpjGF1wvcknuMYyBMLVgqRsID3 eN8W39dHFgnw5cEdqCm+khA1CvMNPeEo5QVCobcn5+4k909jTP5lpSeMkl7xdQsschho3mgtk 4XhU/MX5g4BWl59+KVSY/+/XRanPQgqz/reVvrB58RXBUHjkm5dfS9WV3jkgbVfWyCkMYPM20 x8DlW8Ls57OGRWz62ob2p+XBSHUxk0nHAZWGaRtVh6eKpZpttz1eMO+DX361BNo1Ns9F3xCsk +Xzj4rpemKsmkSSa9mjHiY4AjzscPv3747lLVcuicRb7aFR6JxzxIwLvVPLV74eOQT2G6OtcH 46ivAludNzvNpY2t7WwJaFNXhRIrwZ+3voMkJ73cTbscek2Zl6V41dGAz81qWgdcT39dKAkji 87I6PumQgC0bVxaU3H2gs10QO0MdNnwF//5ge/LzVcytGJi7ytIlxMsjMtyfyZdSKvFb1FCA1 Rgiese+J3hTFBrKJtaFyH4l/VHnE9e9fQTg/xRFflv42HrxZI/MVH2z06IA3wzrnqYPgdCii8 DAaemiIPse25RSBtcTw17/11skLhllUzwzOhOPInawLAs4R4obkabUBy1BfLk5sky4l5HkSxb zCqEHNgb1LFY3wHFAzcY+RHfE4jEkHgrutbey18IAJHU9PNKLjo9UTNJBMJGFCv3RS+HwL5rV kzKPJk7ftRm0+ytmAEAU7YyXqBmMTZZMuDm0BHe8nNMh8QDbCC4hLTH1MUGQ/gllRoIqYqpun S+Pp2oxwy1B0AE1fsOOjuEyuWApLcfzbygubQ0Ay933PPY3lxjohyWkv1sIrHrIApUvou6wx7 moafJmfeAwjy3Qs3LwkObWmwby41stIUe+JJkqzOjjDRPkcrZ0o7zzJGK6SF127fSTtOQOVWg Ud7ih4CLoo2Zsc= Subject: Re: [PHP-DEV] header() allows arbitrary status codes From: cmbecker69@gmx.de ("Christoph M. Becker") On 21.12.2021 at 20:09, Ayesh Karunaratne wrote: >> a while ago it has been reported[1] that our header() function actually >> allows arbitrary status codes, which may even overflow. Of course, tha= t >> makes no sense, since the status code is supposed to be a three digit >> code. So this ticket has been followed up by a pull request[2], and >> Jakub suggested to further restrict the status code to be in range 100 = - >> 599. >> >> Since this could break some pathological cases, I wanted to ask whether >> anybody objects to this change for the master branch (i.e. PHP 8.2). >> >> [1] >> [2] > > I think it is a useful improvement. Should we adjust to > http_response_code to match this behavior? Oh, good catch! I think we should. Christoph