Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:83309 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 20430 invoked from network); 20 Feb 2015 15:17:40 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 20 Feb 2015 15:17:40 -0000 Authentication-Results: pb1.pair.com smtp.mail=tyra3l@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=tyra3l@gmail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 74.125.82.177 as permitted sender) X-PHP-List-Original-Sender: tyra3l@gmail.com X-Host-Fingerprint: 74.125.82.177 mail-we0-f177.google.com Received: from [74.125.82.177] ([74.125.82.177:36927] helo=mail-we0-f177.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 43/D0-14173-01057E45 for ; Fri, 20 Feb 2015 10:17:38 -0500 Received: by wesw55 with SMTP id w55so6215573wes.4 for ; Fri, 20 Feb 2015 07:17:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=HrP4o2/SwfMxRWZz7CEufzS9uFvOCCcb4+YmQ42OY5U=; b=eX7T9d1KR3WQUtrrMMY+mo/natRP1W2dKHqkpKDIi0G2L5aCVVPmwcVatAO8qpp3u3 xhDO6oTE7wzus2kyS33rs8ki11dU+AoY++bFmbZmmTXmPSoRba83aAK4Kg7JCq9cYVaA kVEI2rpEiq+NPSpiqNySz2TreEF9waaL6Ic8n048R4j1eUHnUTlHKbTBGXosbspOZlmt xCMzoI7NpsISzD8CSFFhTHfRx0YXNpDZy8BSvWBwJrml2UWyeYNsgITrQk2J6x6eOGXH L5YUn5Nl0XJEc5mPPn3DINXIMbxmCAiCjTqZOnBBQD3GOEAISlfH3te9riOHd3419YV6 FixA== MIME-Version: 1.0 X-Received: by 10.194.220.7 with SMTP id ps7mr20494137wjc.84.1424445451683; Fri, 20 Feb 2015 07:17:31 -0800 (PST) Sender: tyra3l@gmail.com Received: by 10.180.44.163 with HTTP; Fri, 20 Feb 2015 07:17:31 -0800 (PST) In-Reply-To: <54E748A7.9080107@gmail.com> References: <871tllhvad.fsf@margaine.com> <54E748A7.9080107@gmail.com> Date: Fri, 20 Feb 2015 16:17:31 +0100 X-Google-Sender-Auth: 4M9G5vmIjBTYs2XqkvSQidHpQO0 Message-ID: To: Stanislav Malyshev Cc: Florian Margaine , Stanislav Malyshev , PHP Internals Content-Type: multipart/alternative; boundary=001a11c1b424264fb5050f868de4 Subject: Re: [PHP-DEV] PHP 5.6.6 is available From: tyrael@php.net (Ferenc Kovacs) --001a11c1b424264fb5050f868de4 Content-Type: text/plain; charset=UTF-8 On Fri, Feb 20, 2015 at 3:45 PM, Stanislav Malyshev wrote: > Hi! > > > cc'ing Stas as he was the author for this change. > > but from my understanding this isn't a problem as we disallow setting > > multiple headers in a single header() call for years (even though we had > > a regression at one point). > > Well, we allowed multiline headers but it is an extremely exotic feature > which is now dropped from the HTTP/1.1 standard, and also it causes > security issues with IE users since IE never supported that feature > properly. So given that I've decided to remove it even though strictly > speaking it is a BC break (same goes for the HTTP standard). > duh, should have checked the commit first. so since php 5.1.2 we were disallowing multiple headers to be set in the same header() call (as in header("Foo: bar\r\nBaz: foo");) but we still kept the ability to have multiline headers (as in header("Foo: bar\r\n baz");) which still caused some problem for some browser, so we had a discussion about removing multiline header support altogether: http://comments.gmane.org/gmane.comp.php.devel/88039 so Florian is correct that this is a BC break (albeit in a less known/discouraged feature which was causing security problems over the years). --001a11c1b424264fb5050f868de4--