php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #73841 ob_gzhandler() doesn't fully implement HTTP spec
Submitted: 2016-12-29 23:58 UTC Modified: 2021-03-16 12:30 UTC
Votes:2
Avg. Score:3.5 ± 1.5
Reproduced:2 of 2 (100.0%)
Same Version:1 (50.0%)
Same OS:1 (50.0%)
From: giovanni at giacobbi dot net Assigned: cmb (profile)
Status: Duplicate Package: Output Control
PHP Version: Irrelevant OS: Any
Private report: No CVE-ID: None
View Add Comment Developer Edit
 [2016-12-29 23:58 UTC] giovanni at giacobbi dot net 
Description:
------------
HTTP spec describes Accept-Encoding as a list with "quality values", i.e. it can be something like:

Accept-Encoding: gzip;q=1.0, deflate;q=0.7

There is a special case when q equals zero which means the client does NOT accept that particular value

Because the ob_gzhandler() is implemented with a strstr(Z_STRVAL_P(enc), "gzip"), the check fails to exclude "gzip;q=0"


Test script:
---------------
<?php
ob_start("ob_gzhandler");
echo "Hello";

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2018-02-14 16:36 UTC] cmb@php.net
-Status: Open +Status: Verified -Package: *Compression related +Package: Output Control
 [2018-02-14 16:36 UTC] cmb@php.net 
See <https://tools.ietf.org/html/rfc7231#section-5.3.4>.
 [2021-03-16 12:30 UTC] cmb@php.net
-Status: Verified +Status: Duplicate -Assigned To: +Assigned To: cmb
 [2021-03-16 12:30 UTC] cmb@php.net 
This is actually a duplicate of bug #68778.
 
PHP Copyright © 2001-2023 The PHP Group
All rights reserved. 		Last updated: Wed Sep 27 18:01:24 2023 UTC