php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #53198 "From:" header sent on http request when using stream_context.
Submitted: 2010-10-29 09:52 UTC Modified: 2010-11-24 12:02 UTC
From: RQuadling at GMail dot com Assigned: cataphract
Status: Closed Package: Streams related
PHP Version: 5.3SVN-2010-10-29 (SVN) OS: Windows XP SP3
Private report: No CVE-ID:
 [2010-10-29 09:52 UTC] RQuadling at GMail dot com
Description:
------------
When using a stream_context, the "From:" header is added to the request, even 
though the "From:" header is documented to be used for anonymous FTP requests.

I don't know how to read the headers being SENT when using a stream_context, so I 
had to use WireShark. The results below relate to the output of WireShark.



Test script:
---------------
<?php
file_get_contents(
	'http://www.php.net',
	False,
	stream_context_create(
		array(
			'http' => array(
				'method' => 'GET',
				'header' => "User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.18 Safari/534.10\r\n",
			)
		)
	)
);


Expected result:
----------------
GET / HTTP/1.0
Host: www.php.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.10 
(KHTML, like Gecko) Chrome/8.0.552.18 Safari/534.10


Actual result:
--------------
GET / HTTP/1.0
From: AutomatecTasks@[EDITED]
Host: www.php.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.10 
(KHTML, like Gecko) Chrome/8.0.552.18 Safari/534.10


Patches

Remove-from-header-for-http-streams (last revision 2010-10-29 08:16 UTC) by RQuadling at GMail dot com)

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-10-29 10:16 UTC] RQuadling at GMail dot com
This feature was introduced in http://svn.php.net/viewvc/php/php-
src/trunk/ext/standard/http_fopen_wrapper.c?annotate=73428&pathrev=73428#l159, 
which is over 8 years ago.

This may not be a code bug but a documentation issue.

Personally, a 'From:' header for a normal HTTP request seems inappropriate. For 
anonymouse FTP, then maybe/probably.

Attached is a patch to remove the setting from 5.3 and trunk.
 [2010-10-29 10:24 UTC] RQuadling at GMail dot com
Using ini_set('from', 'junk@junk.com'); has no effect on the output in 
WireShark.

Using ...


<?php
ini_set('from', 'noone@home.com');
file_get_contents(
	'http://www.php.net/Test1',
	False,
	...

shows 


GET /Test1 HTTP/1.0
From: AutomatecTasks@Bandvulc.co.uk
Host: www.php.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.10 
(KHTML, like Gecko) Chrome/8.0.552.18 Safari/534.10

and the response includes ...

Location: http://uk3.php.net/Test1

and that request also includes the From: header.

So, if 'from' is kept as an option, the documentation is out as it is not a 
PHP_INI_ALL entry.
 [2010-10-29 15:48 UTC] cataphract@php.net
-Assigned To: +Assigned To: cataphract
 [2010-10-29 17:29 UTC] cataphract@php.net
Automatic comment from SVN on behalf of cataphract
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=304985
Log: - Fixed bug #53198 (changing INI setting &quot;from&quot; with ini_set did not have any
  effect)
#Made &quot;from&quot; a proper INI setting and bound it to a global variable.
#Previously, it was simply read from the hash table with the parsed ini file
#by using cfg_get_string (I wonder why this mechanism still exists...)
 [2010-10-29 17:37 UTC] cataphract@php.net
Automatic comment from SVN on behalf of cataphract
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=304986
Log: - Documented that the INI setting &quot;from&quot; is used to populate the From
  header in connections with the http wrapper.
- Addresses bug #53198.
 [2010-10-29 17:38 UTC] cataphract@php.net
-Status: Assigned +Status: Closed
 [2010-10-29 17:38 UTC] cataphract@php.net
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 [2010-10-30 14:02 UTC] pajoye@php.net
-Status: Closed +Status: Assigned
 [2010-10-30 14:02 UTC] pajoye@php.net
Re open it, see my comment here: http://news.php.net/php.internals/50008
 [2010-11-24 12:02 UTC] cataphract@php.net
-Status: Assigned +Status: Closed
 [2010-11-24 12:02 UTC] cataphract@php.net
Implementation for 5.3 changed so it doesn't break binary backwards compatibility.
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Sat Apr 19 04:01:55 2014 UTC