Fixes EliW#17, Fixes EliW#4 - HTTP code handling changes

* Moves from header() to http_response_code() * Now requires PHP 5.4 * Fixed multiple header injection bluntly by replacing any \r\n with a space.
omerida · Sep 10, 2012 · b2475e5 · b2475e5
1 parent b518faf
commit b2475e5
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 11 deletions.
diff --git a/README.textile b/README.textile
@@ -26,7 +26,7 @@ h2. Technology
 
 Treb is not 'well architected' by modern definitions of this; it wasn't meant to be.  It was meant to be a simple, functional system.  It doesn't do dependency injection, it doesn't use namespaces, it uses the singleton & multiton patterns in specifically chosen places and it has zero tests.  It simply was made as a simple, useable, and extendable framework.
 
-It does however require PHP 5.3+, as it uses some advanced aspects of PHP, and will move to PHP 5.4 in the near future.
+It does however require PHP 5.4, as it uses some advanced features of later PHP versions.
 
 h2. Features
 

diff --git a/framework/application.php b/framework/application.php
@@ -74,29 +74,29 @@ public static function http($code, $extra = '')
         // Nominally normalize code, worst case default to a good-ole-500
         $code = (int)$code;
         if ($code < 100 || $code >= 600) { $code = 500; }
+
+        // Regardless of any custom effort later, set the error code now:
+        http_response_code($code);
 
+        // Now for specific codes, do some custom work w/ $extra
         switch ($code) {
             case 301:
-                $path = $extra ?: '/';
-                header('HTTP/1.0 301 Moved Permanently');
-                header("Location: {$path}");
-                exit;
             case 302:
-                $path = $extra ?: '/';
-                header('HTTP/1.0 302 Found');
+                // Redirect, $extra is the Location path:
+                $path = $extra ? strtr($extra, "\r\n", '  ') : '/';
                 header("Location: {$path}");
                 exit;
             case 401:
-                $realm = $extra ?: 'Treb Framework';
+                // Authorization request, $extra is the realm:
+                $realm = $extra ? strtr($extra, "\r\n\"", '   ') : 'Treb Framework';
                 header("WWW-Authenticate: Basic realm=\"{$realm}\"");
-                header('HTTP/1.0 401 Unauthorized');
                 die('Unauthorized access');
             case 403:
-                header('HTTP/1.0 403 Forbidden');
+                // 403, denied, just issue the text-error given, or a generic response.
                 die($extra ?: 'Request Denied');
             default:
                 // Set the header, attempt to include the appropriate file, then just die.
-                header("HTTP/1.0 {$code}");
+                // NOTE:  $extra will be available in the .php file
                 include ROOT . "/errors/{$code}.php";
                 die;
         }