mirror of
https://github.com/kamilwylegala/cakephp2-php8.git
synced 2024-11-15 03:18:26 +00:00
Updated the handling of response status codes
Improved API integrity by blocking the ability to set invalid status codes according to the HTTP spec. This includes any non-numeric codes, or any code that is greater or less than 3 digits in length (100-999 being the accepted range).
This commit is contained in:
parent
4b2117501e
commit
2ce2a2aaa9
1 changed files with 25 additions and 9 deletions
|
@ -618,7 +618,7 @@ class CakeResponse {
|
|||
* Sets the HTTP status code to be sent
|
||||
* if $code is null the current code is returned
|
||||
*
|
||||
* @param integer $code
|
||||
* @param integer $code the HTTP status code
|
||||
* @return integer current status code
|
||||
* @throws CakeException When an unknown status code is reached.
|
||||
*/
|
||||
|
@ -636,30 +636,46 @@ class CakeResponse {
|
|||
* Queries & sets valid HTTP response codes & messages.
|
||||
*
|
||||
* @param integer|array $code If $code is an integer, then the corresponding code/message is
|
||||
* returned if it exists, null if it does not exist. If $code is an array,
|
||||
* then the 'code' and 'message' keys of each nested array are added to the default
|
||||
* HTTP codes. Example:
|
||||
* returned if it exists, null if it does not exist. If $code is an array, then the
|
||||
* keys are used as codes and the values as messages to add to the default HTTP
|
||||
* codes. The codes must be integers greater than 99 and less than 1000. Keep in
|
||||
* mind that the HTTP specification outlines that status codes begin with a digit
|
||||
* between 1 and 5, which defines the class of response the client is to expect.
|
||||
* Example:
|
||||
*
|
||||
* httpCodes(404); // returns array(404 => 'Not Found')
|
||||
*
|
||||
* httpCodes(array(
|
||||
* 701 => 'Unicorn Moved',
|
||||
* 800 => 'Unexpected Minotaur'
|
||||
* 381 => 'Unicorn Moved',
|
||||
* 555 => 'Unexpected Minotaur'
|
||||
* )); // sets these new values, and returns true
|
||||
*
|
||||
* httpCodes(array(
|
||||
* 0 => 'Nothing Here',
|
||||
* -1 => 'Reverse Infinity',
|
||||
* 12345 => 'Universal Password',
|
||||
* 'Hello' => 'World'
|
||||
* )); // throws an error due to invalid codes
|
||||
*
|
||||
* For more on HTTP status codes see: http://www.w3.org/Protocols/rfc2616/rfc2616-sec6.html#sec6.1
|
||||
*
|
||||
* @return mixed associative array of the HTTP codes as keys, and the message
|
||||
* strings as values, or null of the given $code does not exist.
|
||||
* @throws CakeException If an attempt is made to add an invalid status code
|
||||
*/
|
||||
public function httpCodes($code = null) {
|
||||
if (empty($code)) {
|
||||
return $this->_statusCodes;
|
||||
}
|
||||
|
||||
if (is_array($code)) {
|
||||
$codes = array_keys($code);
|
||||
$min = min($codes);
|
||||
if (!is_int($min) || $min < 100 || max($codes) > 999) {
|
||||
throw new CakeException(__d('cake_dev', 'Invalid status code'));
|
||||
}
|
||||
$this->_statusCodes = $code + $this->_statusCodes;
|
||||
return true;
|
||||
}
|
||||
|
||||
if (!isset($this->_statusCodes[$code])) {
|
||||
return null;
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue