adulau/cakephp2-php8
1
0
Fork 0
mirror of https://github.com/kamilwylegala/cakephp2-php8.git synced 2024-11-15 03:18:26 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Updated the handling of response status codes

Browse source 
Improved API integrity by blocking the ability to set invalid status codes according to the HTTP spec. This includes any non-numeric codes, or any code that is greater or less than 3 digits in length (100-999 being the accepted range).
This commit is contained in:
James Watts 2013-08-10 13:30:02 +02:00
parent 4b2117501e
commit 2ce2a2aaa9
1 changed files with 25 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

34
lib/Cake/Network/CakeResponse.php
View file

@ -618,7 +618,7 @@ class CakeResponse {
* Sets the HTTP status code to be sent * Sets the HTTP status code to be sent
* if $code is null the current code is returned * if $code is null the current code is returned
* *
* @param integer $code * @param integer $code the HTTP status code
* @return integer current status code * @return integer current status code
* @throws CakeException When an unknown status code is reached. * @throws CakeException When an unknown status code is reached.
*/ */
@ -635,31 +635,47 @@ class CakeResponse {
/** /**
* Queries & sets valid HTTP response codes & messages. * Queries & sets valid HTTP response codes & messages.
* *
* @param integer|array $code If $code is an integer, then the corresponding code/message is * @param integer|array $code If $code is an integer, then the corresponding code/message is
* returned if it exists, null if it does not exist. If $code is an array, * returned if it exists, null if it does not exist. If $code is an array, then the
* then the 'code' and 'message' keys of each nested array are added to the default * keys are used as codes and the values as messages to add to the default HTTP
* HTTP codes. Example: * codes. The codes must be integers greater than 99 and less than 1000. Keep in
* mind that the HTTP specification outlines that status codes begin with a digit
* between 1 and 5, which defines the class of response the client is to expect.
* Example:
* *
* httpCodes(404); // returns array(404 => 'Not Found') * httpCodes(404); // returns array(404 => 'Not Found')
* *
* httpCodes(array( * httpCodes(array(
* 701 => 'Unicorn Moved', * 381 => 'Unicorn Moved',
* 800 => 'Unexpected Minotaur' * 555 => 'Unexpected Minotaur'
* )); // sets these new values, and returns true * )); // sets these new values, and returns true
* *
* httpCodes(array(
* 0 => 'Nothing Here',
* -1 => 'Reverse Infinity',
* 12345 => 'Universal Password',
* 'Hello' => 'World'
* )); // throws an error due to invalid codes
*
* For more on HTTP status codes see: http://www.w3.org/Protocols/rfc2616/rfc2616-sec6.html#sec6.1
*
* @return mixed associative array of the HTTP codes as keys, and the message * @return mixed associative array of the HTTP codes as keys, and the message
* strings as values, or null of the given $code does not exist. * strings as values, or null of the given $code does not exist.
* @throws CakeException If an attempt is made to add an invalid status code
*/ */
public function httpCodes($code = null) { public function httpCodes($code = null) {
if (empty($code)) { if (empty($code)) {
return $this->_statusCodes; return $this->_statusCodes;
} }
if (is_array($code)) { if (is_array($code)) {
$codes = array_keys($code);
$min = min($codes);
if (!is_int($min) || $min < 100 || max($codes) > 999) {
throw new CakeException(__d('cake_dev', 'Invalid status code'));
}
$this->_statusCodes = $code + $this->_statusCodes; $this->_statusCodes = $code + $this->_statusCodes;
return true; return true;
} }
if (!isset($this->_statusCodes[$code])) { if (!isset($this->_statusCodes[$code])) {
return null; return null;
} }