PHP :: Bug #73841 :: ob_gzhandler() doesn't fully implement HTTP spec

Bug #73841

ob_gzhandler() doesn't fully implement HTTP spec

Submitted:

2016-12-29 23:58 UTC

Modified:

2021-03-16 12:30 UTC

Votes:	2
Avg. Score:	3.5 ± 1.5
Reproduced:	2 of 2 (100.0%)
Same Version:	1 (50.0%)
Same OS:	1 (50.0%)

From:

giovanni at giacobbi dot net

Assigned:

cmb (profile)

Status:

Duplicate

Package:

Output Control

PHP Version:

Irrelevant

OS:

Any

Private report:

CVE-ID:

None

View Add Comment Developer Edit

[2016-12-29 23:58 UTC] giovanni at giacobbi dot net

Description:
------------
HTTP spec describes Accept-Encoding as a list with "quality values", i.e. it can be something like:

Accept-Encoding: gzip;q=1.0, deflate;q=0.7

There is a special case when q equals zero which means the client does NOT accept that particular value

Because the ob_gzhandler() is implemented with a strstr(Z_STRVAL_P(enc), "gzip"), the check fails to exclude "gzip;q=0"


Test script:
---------------
<?php
ob_start("ob_gzhandler");
echo "Hello";

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2018-02-14 16:36 UTC] cmb@php.net

-Status: Open +Status: Verified -Package: *Compression related +Package: Output Control

[2018-02-14 16:36 UTC] cmb@php.net

See <https://tools.ietf.org/html/rfc7231#section-5.3.4>.

[2021-03-16 12:30 UTC] cmb@php.net

-Status: Verified +Status: Duplicate -Assigned To: +Assigned To: cmb

[2021-03-16 12:30 UTC] cmb@php.net

This is actually a duplicate of bug #68778.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2021 The PHP Group All rights reserved.	Last updated: Sun Apr 18 00:01:24 2021 UTC