Hi all
While documenting header_remove() I was experimenting a little bit..
If an "empty" argument is passed to the function (empty string, null,
false,..) the function doesn't do anything, as it checks for
ZEND_NUM_ARGS() rather then the length of string.. thats a doc issue
or bug?
Second, it removes even the X-Powered-By header, is that expected?
Third, it removes session and even cookie headers..
bjori@jessica:/usr/src/php/5.3$ sapi/cgi/php-cgi
<?php
session_start();
session_write_close();
X-Powered-By: PHP/5.3.0RC5-dev
Set-Cookie: PHPSESSID=b8g31to001mdfoqq6gg1c90ru2; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-type: text/html
bjori@jessica:/usr/src/php/5.3$ sapi/cgi/php-cgi
<?php
session_start();
session_write_close();
header_remove();
Content-type: text/html
Is that really expected? Just add a big fat warning on the doc page?
-Hannes
Hi,
While documenting
header_remove()I was experimenting a little bit..If an "empty" argument is passed to the function (empty string, null,
false,..) the function doesn't do anything, as it checks for
ZEND_NUM_ARGS() rather then the length of string.. thats a doc issue
or bug?
I'd say it's ok, "remove the header with the name ''." That's what it
does.
Second, it removes even the X-Powered-By header, is that expected?
Third, it removes session and even cookie headers..
Is that really expected? Just add a big fat warning on the doc page?
It removes all. Should be ok, too, removing the session cookie might
even be considered a "good" feature by some.
Jut my personal opinion though.
johannes
While documenting
header_remove()I was experimenting a little bit..If an "empty" argument is passed to the function (empty string, null,
false,..) the function doesn't do anything, as it checks for
ZEND_NUM_ARGS() rather then the length of string.. thats a doc issue
or bug?
I'd say it's ok, "remove the header with the name ''." That's what it
does.
A header named '' isn't valid in HTTP 1.0 or 1.1 anyway; this is an
error case IMO.
Second, it removes even the X-Powered-By header, is that expected?
Useful for people who don't have control over their expose_php
setting...
Third, it removes session and even cookie headers..
Is that really expected? Just add a big fat warning on the doc page?
It removes all. Should be ok, too, removing the session cookie might
even be considered a "good" feature by some.
Including me! ;)
-- Gwynne
2009/6/23 Gwynne Raskind gwynne@darkrainfall.org:
While documenting
header_remove()I was experimenting a little bit..If an "empty" argument is passed to the function (empty string, null,
false,..) the function doesn't do anything, as it checks for
ZEND_NUM_ARGS() rather then the length of string.. thats a doc issue
or bug?I'd say it's ok, "remove the header with the name ''." That's what it
does.A header named '' isn't valid in HTTP 1.0 or 1.1 anyway; this is an error
case IMO.
Also, shouldn't we return false/true when we [can't] remove the named
header? Or a int, with the number of removed items?
Second, it removes even the X-Powered-By header, is that expected?
Useful for people who don't have control over their expose_php setting...
Third, it removes session and even cookie headers..
Is that really expected? Just add a big fat warning on the doc page?
It removes all. Should be ok, too, removing the session cookie might
even be considered a "good" feature by some.Including me! ;)
Documented as a 'caution'.
-Hannes