summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--NEWS2
-rw-r--r--main/SAPI.c8
-rw-r--r--tests/basic/req44164.phpt17
3 files changed, 27 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index e6a7a446b5..ab38c6db4d 100644
--- a/NEWS
+++ b/NEWS
@@ -17,6 +17,8 @@
for empty uploads and, in debug mode, 0-length uploads. (Gustavo)
- Added a 3rd parameter to get_html_translation_table. It now takes a charset
hint, like htmlentities et al. (Gustavo)
+- Implemented FR #44164, setting the header "Content-length" implicitly
+ disables zlib.output_compression.
- Fixed NULL pointer dereference in ZipArchive::getArchiveComment.
(CVE-2010-3709). (Maksymilian Arciemowicz)
diff --git a/main/SAPI.c b/main/SAPI.c
index 3e8abb2706..8593cd7d27 100644
--- a/main/SAPI.c
+++ b/main/SAPI.c
@@ -657,6 +657,14 @@ SAPI_API int sapi_header_op(sapi_header_op_enum op, void *arg TSRMLS_DC)
}
efree(mimetype);
SG(sapi_headers).send_default_content_type = 0;
+ } else if (!STRCASECMP(header_line, "Content-Length")) {
+ /* Script is setting Content-length. The script cannot reasonably
+ * know the size of the message body after compression, so it's best
+ * do disable compression altogether. This contributes to making scripts
+ * portable between setups that have and don't have zlib compression
+ * enabled globally. See req #44164 */
+ zend_alter_ini_entry("zlib.output_compression", sizeof("zlib.output_compression"),
+ "0", sizeof("0") - 1, PHP_INI_USER, PHP_INI_STAGE_RUNTIME);
} else if (!STRCASECMP(header_line, "Location")) {
if ((SG(sapi_headers).http_response_code < 300 ||
SG(sapi_headers).http_response_code > 307) &&
diff --git a/tests/basic/req44164.phpt b/tests/basic/req44164.phpt
new file mode 100644
index 0000000000..d0082861f2
--- /dev/null
+++ b/tests/basic/req44164.phpt
@@ -0,0 +1,17 @@
+--TEST--
+Req #44164 (Handle "Content-Length" HTTP header when zlib.output_compression active)
+--SKIPIF--
+<?php
+if (!function_exists('gzdeflate'))
+ die("skip zlib extension required");
+?>
+--INI--
+zlib.output_compression=On
+--ENV--
+HTTP_ACCEPT_ENCODING=gzip
+--FILE--
+<?php
+header("Content-length: 200");
+echo str_repeat("a", 200);
+--EXPECT--
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
View Lorry Controller Status