Hi.
It seems that Zend Http Client is broken after security update from zendframework-1.10.6-1squeeze2 to zendframework-1.10.6-1squeeze3
How to reproduce:
<?php
// zf-test.php
require_once('Zend/Http/Client.php');
$httpClient = new \Zend_Http_Client();
$httpClient->setUri('https://www.debian.org/Bugs/');
$response = $httpClient->request('POST');
var_dump($response);
php zf-test.php will output:
PHP Fatal error: Uncaught exception 'Zend_Http_Exception' with message 'Invalid header line detected' in /usr/share/php/Zend/Http/Response.php:558
Stack trace:
#0 /usr/share/php/Zend/Http/Client/Adapter/Socket.php(338): Zend_Http_Response::extractHeaders('HTTP/1.1 200 OK...')
#1 /usr/share/php/Zend/Http/Client.php(1000): Zend_Http_Client_Adapter_Socket->read()
#2 /home/eug/www/drafts/zend/debian-test.php(6): Zend_Http_Client->request('POST')
#3 {main}
thrown in /usr/share/php/Zend/Http/Response.php on line 558
My version of patch:
--- /usr/share/php/Zend/Http/Response.php.orig 2015-06-20 14:53:50.000000000 +0300
+++ /usr/share/php/Zend/Http/Response.php 2015-06-22 17:38:39.181180176 +0300
@@ -508,10 +508,14 @@
unset($parts);
$last_header = null;
- foreach($lines as $line) {
+ foreach($lines as $index => $line) {
$line = trim($line, "\r\n");
if ($line == "") break;
+ if (($index == 0) && (preg_match("|^HTTP/[\d\.x]+ \d+ ([^\r\n]+)|", $response_str, $m))) {
+ continue;
+ }
+
if (preg_match("|^([\w-]+):\s+(.+)|", $line, $m)) {
unset($last_header);
$h_name = strtolower($m[1]);
Best regargs,
Evgeny Smolin