php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #71653 sometimes wrong/old values appear in $_SERVER['HTTP_ACCEPT']
Submitted: 2016-02-23 17:43 UTC Modified: 2016-02-23 20:35 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: karim dot scheik at prisma-solutions dot at Assigned:
Status: Not a bug Package: Apache2 related
PHP Version: 7.0.3 OS: Linux
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: karim dot scheik at prisma-solutions dot at
New email:
PHP Version: OS:

 

 [2016-02-23 17:43 UTC] karim dot scheik at prisma-solutions dot at 
Description:
------------
apache-2.2.31 and PHP 7.0.3 and 5.6.18, pecl-apcu 5.1.3 on Gentoo Linux 4.1.15 x86-64 tested

A thumbnail script is called 36 times from a gallery web page generating and storing a thumbnail using imagick/gd and pecl-apcu and serving it either as webp or jpeg depending on HTTP_ACCEPT.
Sometimes (~1 in 200 thumbnails) the script will serve webp to a non-webp browser if it has been loaded/cached in a webp browser before (e.g. go to gallery with Opera/WebKit and then using Firefox).
After investigating (echoing back the HTTP_ACCEPT) it appears that the script receives the HTTP_ACCEPT from an older Opera/WebKit (webp) request, even though Firefox console shows it never sent that header.

Firefox console shows it sent "Accept: image/png,image/*;q=0.8,*/*;q=0.5" and PHP echos back "X-Accept: image/webp,image/*,*/*;q=0.8" which was sent by Opera/WebKit seconds before that.

Maybe OpCache/APCu related? Or some threading/sharing problem?

Test script:
---------------
<?php

$format = isset($_SERVER['HTTP_ACCEPT']) && stripos($_SERVER['HTTP_ACCEPT'], 'image/webp') !== false ? 'webp' : 'jpeg';

// sometimes this is data from an old request of a different browser!!!
header('X-Accept: ' . $_SERVER['HTTP_ACCEPT']);

// create, output and store (APCu) thumb in $format

?>

Expected result:
----------------
$_SERVER['HTTP_ACCEPT'] should contain what the browser actually sent and thus

Actual result:
--------------
$_SERVER['HTTP_ACCEPT'] sometimes contains a foreign request made by a different browser sometime ago

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-02-23 17:50 UTC] karim dot scheik at prisma-solutions dot at 
it seems the whole request is bogus/stale, even user-agent is from the old request:

Firefox makes a request and this is what (sometimes) comes back from header('X-User-Agent: "' . $_SERVER['HTTP_USER_AGENT'] . '"'), which is clearly not correct:
"Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.109 Safari/537.36 OPR/35.0.2066.68 (Edition Campaign 21)"
 [2016-02-23 18:33 UTC] karim dot scheik at prisma-solutions dot at
-Status: Open +Status: Closed
 [2016-02-23 18:33 UTC] karim dot scheik at prisma-solutions dot at 
the problem appears to be Apache's mod_cache storing/caching headers as well
 [2016-02-23 20:35 UTC] requinix@php.net
-Status: Closed +Status: Not a bug
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri Dec 27 01:01:28 2024 UTC