|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #27687 Bug Adding Default Charset to "text/*" Content-Type Header
Submitted: 2004-03-24 23:13 UTC Modified: 2004-03-26 20:47 UTC
From: msisolak at yahoo dot com Assigned:
Status: Closed Package: Unknown/Other Function
PHP Version: 4.3.5, 5.0.0RC1 OS: *
Private report: No CVE-ID:
 [2004-03-24 23:13 UTC] msisolak at yahoo dot com
There is a bug in the sapi_header_op() function in main/sapi.c (referencing the 5.0.0RC1 line numbers).  In the special case for the Content-Type header starting on line 560 is this code:

size_t len = header_line_len - (ptr - header_line), newlen;
while (*ptr == ' ' && *ptr != '\0') {

The mistake is in calculating the len based on the location of ptr, but then adjusting ptr up to shorten the string to remove leading spaces without also adjusting len down.  The len variable ends up being one character too long for each space removed from between the colon and the content type.  This extra space propagates through and ends up causing random extra characters on the end of the Content-Type line in the output headers (one for each space skipped).

Suggested patch:

--- sapi.c.orig	Wed Mar 24 23:07:58 2004
+++ sapi.c	Wed Mar 24 23:08:04 2004
@@ -562,6 +562,7 @@
 				size_t len = header_line_len - (ptr - header_line), newlen;
 				while (*ptr == ' ' && *ptr != '\0') {
+					len--;
 				if(!strncmp(ptr, "image/", sizeof("image/")-1)) {

Reproduce code:
	header("Content-Type: text/plain");

Expected result:
The Content-Type header delivered with my default character set attached ("utf-8"):

Content-Type: text/plain;charset=utf-8

Actual result:
Becuase the length is overstated by one, there is an extra character attached to the end of the Content-Type header.  Running IIS CGI this character is an ascii-Z and IIS reports "not all headers returned."


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2004-03-25 03:33 UTC]
Please try using this CVS snapshot:
For Windows:
 [2004-03-25 03:38 UTC]
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
Thank you for the report, and for helping us make PHP better.
PHP Copyright © 2001-2015 The PHP Group
All rights reserved.
Last updated: Sat Nov 28 05:01:34 2015 UTC