On Sat, 04 Feb 2012 16:35:04 +0100, Ángel González wrote:
Gustavo Lopes wrote:
On Sat, 04 Feb 2012 00:06:45 +0100, Ángel González wrote:
I've gone ahead and written code for that feature. Comments
welcome.
The comparison has a problem: if char is signed (the most common
scenario), you'll be making a signed comparison, so any character
over
0x7f will match (if it's an unsigned char, though, it will work,
because of the integer promotions and usual arithmetic conversions).
It suffices to replace ' ' with 0x20U.
Yes. I woke up this morning thinking on it. That the line should have
been
if ((unsigned char)header_line[i] < 32) {
I wouldn't have thought on using 0x20U instead of 32, but it seems
that
it would work, too.
Other than that, I am a little uncertain about the impact of this
strictness could have on current applications, even if if correct.
In my humble opinion, there won't be applications using header
continuation. PHP could even define that header() would only
accept a single header with no line continuation with very little
impact.
There's another problem. HTs are allowed in headers, but your patch
forbids them. And I think forbidding other C0 characters may be a good
idea, but not for the stable releases.
--
Gustavo Lopes
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
