php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #53444 get_headers and $http_response_header returns unusable formatting
Submitted: 2010-12-01 23:38 UTC Modified: 2010-12-13 15:35 UTC
From: hm2k@php.net Assigned:
Status: Not a bug Package: Streams related
PHP Version: 5.3.3 OS:
Private report: No CVE-ID: None
View Developer Edit
 [2010-12-01 23:38 UTC] hm2k@php.net 
Description:
------------
The get_headers() function and the $http_response_header variable often returns multiple headers combined into a completely unusable format.

Test script:
---------------
<pre>
<?php
/*

The get_headers() function and the $http_response_header variable often returns
  multiple headers combined into a completely unusable format.

*/

echo "Testing the \$http_response_header format\n";
file_get_contents('http://google.com/');
print_r($http_response_header);

echo "Testing the normal get_headers format\n";
$headers=get_headers('http://google.com/');
print_r($headers);

echo "Testing the get_headers format with keys\n";
$headers=get_headers('http://google.com/',1);
print_r($headers);

?>

Expected result:
----------------
Each set of headers from each request should be separated into another array, rather than simply appended to the existing ones.

There is currently no safe way to separate the returned values into a usable format. The get_headers format with keys is the worst offender of this.

Actual result:
--------------
Testing the $http_response_header format
Array
(
    [0] => HTTP/1.0 301 Moved Permanently
    [1] => Location: http://www.google.com/
    [2] => Content-Type: text/html; charset=UTF-8
    [3] => Date: Wed, 01 Dec 2010 22:36:17 GMT
    [4] => Expires: Fri, 31 Dec 2010 22:36:17 GMT
    [5] => Cache-Control: public, max-age=2592000
    [6] => Server: gws
    [7] => Content-Length: 219
    [8] => X-XSS-Protection: 1; mode=block
    [9] => HTTP/1.0 302 Found
    [10] => Location: http://www.google.co.uk/
    [11] => Cache-Control: private
    [12] => Content-Type: text/html; charset=UTF-8
    [13] => Set-Cookie: PREF=ID=4a205a8a49c12cc1:FF=0:TM=1291242977:LM=1291242977:S=nhA-vebjo6ayX0bQ; expires=Fri, 30-Nov-2012 22:36:17 GMT; path=/; domain=.google.com
    [14] => Set-Cookie: NID=41=LcFt9zVP6L3dEVMKDUeNblPFQVRlOJaak9BjEUnZErgDkDh9yjljWhydKUteQdcqGh4PM0gaVJlyLT6CEu6K_LpFYJhRJRMkgy7-u45iMOa4xvItP26T_03rqUm-Lrrv; expires=Thu, 02-Jun-2011 22:36:17 GMT; path=/; domain=.google.com; HttpOnly
    [15] => Date: Wed, 01 Dec 2010 22:36:17 GMT
    [16] => Server: gws
    [17] => Content-Length: 221
    [18] => X-XSS-Protection: 1; mode=block
    [19] => HTTP/1.0 200 OK
    [20] => Date: Wed, 01 Dec 2010 22:36:17 GMT
    [21] => Expires: -1
    [22] => Cache-Control: private, max-age=0
    [23] => Content-Type: text/html; charset=ISO-8859-1
    [24] => Set-Cookie: PREF=ID=16ffcfbf48f03139:FF=0:TM=1291242977:LM=1291242977:S=Niy-I-NoOBYJK2Tl; expires=Fri, 30-Nov-2012 22:36:17 GMT; path=/; domain=.google.co.uk
    [25] => Set-Cookie: NID=41=eXX6NtkDo7xtT_Y7l3MVRtVznVjPE0fUUwfcmcSTXOX_80oJhSDTi_NJvidjgq_fwl3xOTvMTXatxlUqJPZsSPk2b8jIZ-oG4_tO9Eyf_beK0jqoJ20u72Ukhsydzxih; expires=Thu, 02-Jun-2011 22:36:17 GMT; path=/; domain=.google.co.uk; HttpOnly
    [26] => Server: gws
    [27] => X-XSS-Protection: 1; mode=block
)
Testing the normal get_headers format
Array
(
    [0] => HTTP/1.0 301 Moved Permanently
    [1] => Location: http://www.google.com/
    [2] => Content-Type: text/html; charset=UTF-8
    [3] => Date: Wed, 01 Dec 2010 22:36:17 GMT
    [4] => Expires: Fri, 31 Dec 2010 22:36:17 GMT
    [5] => Cache-Control: public, max-age=2592000
    [6] => Server: gws
    [7] => Content-Length: 219
    [8] => X-XSS-Protection: 1; mode=block
    [9] => HTTP/1.0 302 Found
    [10] => Location: http://www.google.co.uk/
    [11] => Cache-Control: private
    [12] => Content-Type: text/html; charset=UTF-8
    [13] => Set-Cookie: PREF=ID=1c5409426fc05ac7:FF=0:TM=1291242978:LM=1291242978:S=Gq5q1jDdprguyJVX; expires=Fri, 30-Nov-2012 22:36:18 GMT; path=/; domain=.google.com
    [14] => Set-Cookie: NID=41=YVFzP9yX2jgAGZzNfMYIIjZ2BE3FBZGe35hvkcZnv_vXG_Y6-3WWfeY3X5_B7ggaA7-bLOR2WihGFyFTo_9etxMb-o5KbD6wxs3chDweWERpzOaRzSwRdKZZ0r469lOq; expires=Thu, 02-Jun-2011 22:36:18 GMT; path=/; domain=.google.com; HttpOnly
    [15] => Date: Wed, 01 Dec 2010 22:36:18 GMT
    [16] => Server: gws
    [17] => Content-Length: 221
    [18] => X-XSS-Protection: 1; mode=block
    [19] => HTTP/1.0 200 OK
    [20] => Date: Wed, 01 Dec 2010 22:36:18 GMT
    [21] => Expires: -1
    [22] => Cache-Control: private, max-age=0
    [23] => Content-Type: text/html; charset=ISO-8859-1
    [24] => Set-Cookie: PREF=ID=72fb7f7330dc6dda:FF=0:TM=1291242978:LM=1291242978:S=8hdaRNIKWI_17QQW; expires=Fri, 30-Nov-2012 22:36:18 GMT; path=/; domain=.google.co.uk
    [25] => Set-Cookie: NID=41=emzDdkZVlIzPUExRMV6yXykCd0Jqrc665mzd5smnyV-MCBqEeC7wEndKmpsRqgb5M3_2dfdEK1Fbjwq0OPd87oz9UFjVYXqPqKABcPHtp_FWZw4rUluDtHeBI04rCyHH; expires=Thu, 02-Jun-2011 22:36:18 GMT; path=/; domain=.google.co.uk; HttpOnly
    [26] => Server: gws
    [27] => X-XSS-Protection: 1; mode=block
)
Testing the get_headers format with keys
Array
(
    [0] => HTTP/1.0 301 Moved Permanently
    [Location] => Array
        (
            [0] => http://www.google.com/
            [1] => http://www.google.co.uk/
        )

    [Content-Type] => Array
        (
            [0] => text/html; charset=UTF-8
            [1] => text/html; charset=UTF-8
            [2] => text/html; charset=ISO-8859-1
        )

    [Date] => Array
        (
            [0] => Wed, 01 Dec 2010 22:36:18 GMT
            [1] => Wed, 01 Dec 2010 22:36:18 GMT
            [2] => Wed, 01 Dec 2010 22:36:18 GMT
        )

    [Expires] => Array
        (
            [0] => Fri, 31 Dec 2010 22:36:18 GMT
            [1] => -1
        )

    [Cache-Control] => Array
        (
            [0] => public, max-age=2592000
            [1] => private
            [2] => private, max-age=0
        )

    [Server] => Array
        (
            [0] => gws
            [1] => gws
            [2] => gws
        )

    [Content-Length] => Array
        (
            [0] => 219
            [1] => 221
        )

    [X-XSS-Protection] => Array
        (
            [0] => 1; mode=block
            [1] => 1; mode=block
            [2] => 1; mode=block
        )

    [1] => HTTP/1.0 302 Found
    [Set-Cookie] => Array
        (
            [0] => PREF=ID=2325ca533177d4ef:FF=0:TM=1291242978:LM=1291242978:S=nOg-8n0YOwaShUAK; expires=Fri, 30-Nov-2012 22:36:18 GMT; path=/; domain=.google.com
            [1] => NID=41=R4dJOFuh4Jh_rqx2gNOgUJAjgn9ooyONvaut5VUv18l7G58_9NIMP4WWLWdY4_8hgsVQPdpzljkjZHwxmvKjROrM1-52DndexrKzVs52oyysf93A_HlBpc2B8sRb5s1-; expires=Thu, 02-Jun-2011 22:36:18 GMT; path=/; domain=.google.com; HttpOnly
            [2] => PREF=ID=5375620b1f946c18:FF=0:TM=1291242978:LM=1291242978:S=HpY6OMdBxJ5saTyh; expires=Fri, 30-Nov-2012 22:36:18 GMT; path=/; domain=.google.co.uk
            [3] => NID=41=Hif27kRrMTf26VBtWJg8uOojHHEUZGp1w-a-IJVRQIGZJb3RwR9qPSK8hPtPni9pTcljP9WuLfFUgkReiTQJLpJTLuzG4Ymlo_dinxubk2XHC9sXFzvkIxWtZ0lEnLAZ; expires=Thu, 02-Jun-2011 22:36:18 GMT; path=/; domain=.google.co.uk; HttpOnly
        )

    [2] => HTTP/1.0 200 OK
)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-12-11 16:16 UTC] iliaa@php.net
-Status: Open +Status: Bogus
 [2010-12-11 16:16 UTC] iliaa@php.net 
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

The reason you get multiple headers is because the website you are trying to 
access is redirecting the URL and by default the headers from all requests are 
being returned. If you don't want redirects to be followed, set the stream context 
parameter max_redirects to 0.
 [2010-12-11 19:40 UTC] hm2k@php.net
-Status: Bogus +Status: Open
 [2010-12-11 19:40 UTC] hm2k@php.net 
I am aware of the reason I am seeing multiple headers. Multiple headers are what I 
am expecting.

I am aware that the URL is redirecting (as per bug #50719), following redirects is 
what I am expecting.

The issue here is the formatting which is unusable. You should address this issue.
 [2010-12-12 19:40 UTC] iliaa@php.net
-Status: Open +Status: Bogus
 [2010-12-12 19:40 UTC] iliaa@php.net 
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

What about the formatting is unusable? In the event of multiple headers the 
returned values are arrays representing elements of duplicate headers...

This is the intended functionality.
 [2010-12-13 12:17 UTC] hm2k@php.net
-Status: Bogus +Status: Feedback
 [2010-12-13 12:17 UTC] hm2k@php.net 
Firstly, iliaa you need to learn how to correctly manage bugs.

You don't just set them to bogus if you're expecting feedback.

I can see that you're expecting feedback as you have asked a question.

To answer your question: if you have tried to use these headers for anything 
useful, you will see that it's impossible to properly distinguish which header 
is from which request.

For example, in the "get_headers format with keys" test, there is absolutely no 
way to be sure which request returned the values in [Set-Cookie], you can only 
assume or guess.

Another example, with the $http_response_header format, there is no finite way 
to distinguish one set of responses from another, you can only guess by 
separating by the status line, however if the headers were poisoned it would 
render this technique useless.

In summary, the formats in which the headers are returned is unusable.

The ideal solution would be to separate the headers as they are gathered, giving 
clear boundaries where one ends and another starts. This should be done 
natively.
 [2010-12-13 12:43 UTC] aharvey@php.net
-Status: Feedback +Status: Bogus
 [2010-12-13 12:43 UTC] aharvey@php.net 
I'm pretty sure Ilia intended that as a rhetorical question.

hm2k, please don't reopen bugs that have been closed by a core
developer just because you disagree with the resolution. It's not
the first time you've done it, and to be honest, combined with the
constant questioning of whether the triager/assignee is doing the
right thing, it's pretty unfriendly.
 [2010-12-13 15:03 UTC] hm2k@php.net
-Status: Bogus +Status: Re-Opened
 [2010-12-13 15:03 UTC] hm2k@php.net 
The standard bug resolution protocol is to close a bug once both parties agree the 
issue is resolved, if not, the bug may be reopened until it is resolved.

Again, you should address this issue.

Re-opened.
 [2010-12-13 15:35 UTC] iliaa@php.net
-Status: Re-Opened +Status: Bogus
 [2010-12-13 15:35 UTC] iliaa@php.net 
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

Just so that there is no confusion. The current behaviour is expect and will not 
be subject to change. The reason the bug is being closed is for that specific 
reason.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Sun Nov 02 08:00:02 2025 UTC