/src/php-src/ext/standard/head.c

Source
/*
   +----------------------------------------------------------------------+
   | Copyright © The PHP Group and Contributors.                          |
   +----------------------------------------------------------------------+
   | This source file is subject to the Modified BSD License that is      |
   | bundled with this package in the file LICENSE, and is available      |
   | through the World Wide Web at <https://www.php.net/license/>.        |
   |                                                                      |
   | SPDX-License-Identifier: BSD-3-Clause                                |
   +----------------------------------------------------------------------+
   | Author: Rasmus Lerdorf <rasmus@lerdorf.on.ca>                        |
   +----------------------------------------------------------------------+
 */

#include <stdio.h>
#include "php.h"
#include "ext/standard/php_standard.h"
#include "ext/date/php_date.h"
#include "SAPI.h"
#include "php_main.h"
#include "head.h"
#include <time.h>

#include "php_globals.h"
#include "zend_smart_str.h"


/* Implementation of the language Header() function */
/* {{{ Sends a raw HTTP header */
PHP_FUNCTION(header)
{
  bool rep = 1;
  sapi_header_line ctr = {0};
  char *line;
  size_t len;

  ZEND_PARSE_PARAMETERS_START(1, 3)
    Z_PARAM_STRING(line, len)
    Z_PARAM_OPTIONAL
    Z_PARAM_BOOL(rep)
    Z_PARAM_LONG(ctr.response_code)
  ZEND_PARSE_PARAMETERS_END();

  ctr.line = line;
  ctr.line_len = len;
  sapi_header_op(rep ? SAPI_HEADER_REPLACE:SAPI_HEADER_ADD, &ctr);
}
/* }}} */

/* {{{ Removes an HTTP header previously set using header() */
PHP_FUNCTION(header_remove)
{
  sapi_header_line ctr = {0};
  char *line = NULL;
  size_t len = 0;

  ZEND_PARSE_PARAMETERS_START(0, 1)
    Z_PARAM_OPTIONAL
    Z_PARAM_STRING_OR_NULL(line, len)
  ZEND_PARSE_PARAMETERS_END();

  ctr.line = line;
  ctr.line_len = len;
  sapi_header_op(line == NULL ? SAPI_HEADER_DELETE_ALL : SAPI_HEADER_DELETE, &ctr);
}
/* }}} */

PHPAPI bool php_header(void)
{
  if (sapi_send_headers()==FAILURE || SG(request_info).headers_only) {
    return false; /* don't allow output */
  } else {
    return true; /* allow output */
  }
}

PHPAPI bool php_is_valid_samesite_value(zend_string *value)
{
  return zend_string_equals_literal_ci(value, "Strict")
    || zend_string_equals_literal_ci(value, "Lax")
    || zend_string_equals_literal_ci(value, "None");
}

#define ILLEGAL_COOKIE_CHARACTER "\",\", \";\", \" \", \"\\t\", \"\\r\", \"\\n\", \"\\013\", or \"\\014\""
PHPAPI zend_result php_setcookie(zend_string *name, zend_string *value, time_t expires,
  zend_string *path, zend_string *domain, bool secure, bool httponly,
  zend_string *samesite, bool partitioned, bool url_encode)
{
  zend_string *dt;
  sapi_header_line ctr = {0};
  zend_result result;
  smart_str buf = {0};

  if (!ZSTR_LEN(name)) {
    zend_argument_must_not_be_empty_error(1);
    return FAILURE;
  }
  if (strpbrk(ZSTR_VAL(name), "=,; \t\r\n\013\014") != NULL) {   /* man isspace for \013 and \014 */
    zend_argument_value_error(1, "cannot contain \"=\", " ILLEGAL_COOKIE_CHARACTER);
    return FAILURE;
  }
  if (!url_encode && value &&
      strpbrk(ZSTR_VAL(value), ",; \t\r\n\013\014") != NULL) { /* man isspace for \013 and \014 */
    zend_argument_value_error(2, "cannot contain " ILLEGAL_COOKIE_CHARACTER);
    return FAILURE;
  }

  if (path && strpbrk(ZSTR_VAL(path), ",; \t\r\n\013\014") != NULL) { /* man isspace for \013 and \014 */
    zend_value_error("%s(): \"path\" option cannot contain " ILLEGAL_COOKIE_CHARACTER,
      get_active_function_name());
    return FAILURE;
  }
  if (domain && strpbrk(ZSTR_VAL(domain), ",; \t\r\n\013\014") != NULL) { /* man isspace for \013 and \014 */
    zend_value_error("%s(): \"domain\" option cannot contain " ILLEGAL_COOKIE_CHARACTER,
      get_active_function_name());
    return FAILURE;
  }
#ifdef ZEND_ENABLE_ZVAL_LONG64
  if (expires >= 253402300800) {
    zend_value_error("%s(): \"expires\" option cannot have a year greater than 9999",
      get_active_function_name());
    return FAILURE;
  }
#endif
  if (partitioned && !secure) {
    zend_value_error("%s(): \"partitioned\" option cannot be used without \"secure\" option",
      get_active_function_name());
    return FAILURE;
  }

  if (samesite && ZSTR_LEN(samesite) > 0 && !php_is_valid_samesite_value(samesite)) {
    zend_value_error("%s(): \"samesite\" option must be \"Strict\", \"Lax\", \"None\", or \"\"",
      get_active_function_name());
    return FAILURE;
  }

  if (value == NULL || ZSTR_LEN(value) == 0) {
    /*
     * MSIE doesn't delete a cookie when you set it to a null value
     * so in order to force cookies to be deleted, even on MSIE, we
     * pick an expiry date in the past
     */
    smart_str_appends(&buf, "Set-Cookie: ");
    smart_str_append(&buf, name);
    smart_str_appends(&buf, "=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0");
  } else {
    smart_str_appends(&buf, "Set-Cookie: ");
    smart_str_append(&buf, name);
    smart_str_appendc(&buf, '=');
    if (url_encode) {
      zend_string *encoded_value = php_raw_url_encode(ZSTR_VAL(value), ZSTR_LEN(value));
      smart_str_append(&buf, encoded_value);
      zend_string_release_ex(encoded_value, 0);
    } else {
      smart_str_append(&buf, value);
    }

    if (expires > 0) {
      double diff;

      smart_str_appends(&buf, COOKIE_EXPIRES);
      dt = php_format_date("D, d M Y H:i:s \\G\\M\\T", sizeof("D, d M Y H:i:s \\G\\M\\T")-1, expires, 0);

      smart_str_append(&buf, dt);
      zend_string_free(dt);

      diff = difftime(expires, php_time());
      if (diff < 0) {
        diff = 0;
      }

      smart_str_appends(&buf, COOKIE_MAX_AGE);
      smart_str_append_long(&buf, (zend_long) diff);
    }
  }

  if (path && ZSTR_LEN(path)) {
    smart_str_appends(&buf, COOKIE_PATH);
    smart_str_append(&buf, path);
  }
  if (domain && ZSTR_LEN(domain)) {
    smart_str_appends(&buf, COOKIE_DOMAIN);
    smart_str_append(&buf, domain);
  }
  if (secure) {
    smart_str_appends(&buf, COOKIE_SECURE);
  }
  if (httponly) {
    smart_str_appends(&buf, COOKIE_HTTPONLY);
  }
  if (samesite && ZSTR_LEN(samesite)) {
    smart_str_appends(&buf, COOKIE_SAMESITE);
    smart_str_append(&buf, samesite);
  }
  if (partitioned) {
    smart_str_appends(&buf, COOKIE_PARTITIONED);
  }

  ctr.line = ZSTR_VAL(buf.s);
  ctr.line_len = (uint32_t) ZSTR_LEN(buf.s);

  result = sapi_header_op(SAPI_HEADER_ADD, &ctr);
  zend_string_release(buf.s);
  return result;
}

static zend_result php_head_parse_cookie_options_array(HashTable *options, zend_long *expires, zend_string **path,
    zend_string **domain, bool *secure, bool *httponly, zend_string **samesite, bool *partitioned)
{
  zend_string *key;
  zval *value;

  ZEND_HASH_FOREACH_STR_KEY_VAL(options, key, value) {
    if (!key) {
      zend_value_error("%s(): option array cannot have numeric keys", get_active_function_name());
      return FAILURE;
    }
    if (zend_string_equals_literal_ci(key, "expires")) {
      *expires = zval_get_long(value);
    } else if (zend_string_equals_literal_ci(key, "path")) {
      *path = zval_get_string(value);
    } else if (zend_string_equals_literal_ci(key, "domain")) {
      *domain = zval_get_string(value);
    } else if (zend_string_equals_literal_ci(key, "secure")) {
      *secure = zend_is_true(value);
    } else if (zend_string_equals_literal_ci(key, "httponly")) {
      *httponly = zend_is_true(value);
    } else if (zend_string_equals_literal_ci(key, "samesite")) {
      *samesite = zval_get_string(value);
    } else if (zend_string_equals_literal_ci(key, "partitioned")) {
      *partitioned = zend_is_true(value);
    } else {
      zend_value_error("%s(): option \"%s\" is invalid", get_active_function_name(), ZSTR_VAL(key));
      return FAILURE;
    }
  } ZEND_HASH_FOREACH_END();
  return SUCCESS;
}

static void php_setcookie_common(INTERNAL_FUNCTION_PARAMETERS, bool is_raw)
{
  HashTable *options = NULL;
  zend_long expires = 0;
  zend_string *name, *value = NULL, *path = NULL, *domain = NULL, *samesite = NULL;
  bool secure = 0, httponly = 0, partitioned = false;

  ZEND_PARSE_PARAMETERS_START(1, 7)
    Z_PARAM_STR(name)
    Z_PARAM_OPTIONAL
    Z_PARAM_STR(value)
    Z_PARAM_ARRAY_HT_OR_LONG(options, expires)
    Z_PARAM_STR(path)
    Z_PARAM_STR(domain)
    Z_PARAM_BOOL(secure)
    Z_PARAM_BOOL(httponly)
  ZEND_PARSE_PARAMETERS_END();

  if (options) {
    if (UNEXPECTED(ZEND_NUM_ARGS() > 3)) {
      zend_argument_count_error("%s(): Expects exactly 3 arguments when argument #3 "
        "($expires_or_options) is an array", get_active_function_name());
      RETURN_THROWS();
    }

    if (FAILURE == php_head_parse_cookie_options_array(options, &expires, &path,
      &domain, &secure, &httponly, &samesite, &partitioned)
    ) {
      goto cleanup;
    }
  }

  RETVAL_BOOL(php_setcookie(name, value, expires, path, domain, secure, httponly, samesite, partitioned, !is_raw) == SUCCESS);

  if (options) {
cleanup:
    if (path) {
      zend_string_release(path);
    }
    if (domain) {
      zend_string_release(domain);
    }
    if (samesite) {
      zend_string_release(samesite);
    }
  }
}

/* {{{ setcookie(string name [, string value [, array options]])
   Send a cookie */
PHP_FUNCTION(setcookie)
{
  php_setcookie_common(INTERNAL_FUNCTION_PARAM_PASSTHRU, false);
}
/* }}} */

/* {{{ setrawcookie(string name [, string value [, array options]])
   Send a cookie with no url encoding of the value */
PHP_FUNCTION(setrawcookie)
{
  php_setcookie_common(INTERNAL_FUNCTION_PARAM_PASSTHRU, true);
}
/* }}} */


/* {{{ Returns true if headers have already been sent, false otherwise */
PHP_FUNCTION(headers_sent)
{
  zval *arg1 = NULL, *arg2 = NULL;
  const char *file="";
  int line=0;

  ZEND_PARSE_PARAMETERS_START(0, 2)
    Z_PARAM_OPTIONAL
    Z_PARAM_ZVAL(arg1)
    Z_PARAM_ZVAL(arg2)
  ZEND_PARSE_PARAMETERS_END();

  if (SG(headers_sent)) {
    line = php_output_get_start_lineno();
    file = php_output_get_start_filename();
  }

  switch(ZEND_NUM_ARGS()) {
  case 2:
    ZEND_TRY_ASSIGN_REF_LONG(arg2, line);
    ZEND_FALLTHROUGH;
  case 1:
    if (file) {
      ZEND_TRY_ASSIGN_REF_STRING(arg1, file);
    } else {
      ZEND_TRY_ASSIGN_REF_EMPTY_STRING(arg1);
    }
    break;
  }

  RETURN_BOOL(SG(headers_sent));
}
/* }}} */

/* {{{ php_head_apply_header_list_to_hash
   Turn an llist of sapi_header_struct headers into a numerically indexed zval hash */
static void php_head_apply_header_list_to_hash(void *data, void *arg)
{
  sapi_header_struct *sapi_header = (sapi_header_struct *)data;

  if (arg && sapi_header) {
    add_next_index_string((zval *)arg, (char *)(sapi_header->header));
  }
}

/* {{{ Return list of headers to be sent / already sent */
PHP_FUNCTION(headers_list)
{
  ZEND_PARSE_PARAMETERS_NONE();

  array_init(return_value);
  zend_llist_apply_with_argument(&SG(sapi_headers).headers, php_head_apply_header_list_to_hash, return_value);
}
/* }}} */

/* {{{ Sets a response code, or returns the current HTTP response code */
PHP_FUNCTION(http_response_code)
{
  zend_long response_code = 0;

  ZEND_PARSE_PARAMETERS_START(0, 1)
    Z_PARAM_OPTIONAL
    Z_PARAM_LONG(response_code)
  ZEND_PARSE_PARAMETERS_END();

  if (response_code)
  {
    if (SG(headers_sent) && !SG(request_info).no_headers) {
      const char *output_start_filename = php_output_get_start_filename();
      int output_start_lineno = php_output_get_start_lineno();

      if (output_start_filename) {
        php_error_docref(NULL, E_WARNING, "Cannot set response code - headers already sent "
          "(output started at %s:%d)", output_start_filename, output_start_lineno);
      } else {
        php_error_docref(NULL, E_WARNING, "Cannot set response code - headers already sent");
      }
      RETURN_FALSE;
    }

    if (SG(sapi_headers).http_status_line) {
      php_error_docref(NULL, E_WARNING, "Calling http_response_code() after header('HTTP/...') has no effect");
      // If it is decided that this should have effect in the future, replace warning with
      // efree(SG(sapi_headers).http_status_line);
      // SG(sapi_headers).http_status_line = NULL;
    }

    zend_long old_response_code;

    old_response_code = SG(sapi_headers).http_response_code;
    SG(sapi_headers).http_response_code = (int)response_code;

    if (old_response_code) {
      RETURN_LONG(old_response_code);
    }

    RETURN_TRUE;
  }

  if (!SG(sapi_headers).http_response_code) {
    RETURN_FALSE;
  }

  RETURN_LONG(SG(sapi_headers).http_response_code);
}
/* }}} */

Coverage Report

Created: 2026-06-02 06:37

Line	Count	Source
1		/*
2		+----------------------------------------------------------------------+
3		\| Copyright © The PHP Group and Contributors. \|
4		+----------------------------------------------------------------------+
5		\| This source file is subject to the Modified BSD License that is \|
6		\| bundled with this package in the file LICENSE, and is available \|
7		\| through the World Wide Web at <https://www.php.net/license/>. \|
8		\| \|
9		\| SPDX-License-Identifier: BSD-3-Clause \|
10		+----------------------------------------------------------------------+
11		\| Author: Rasmus Lerdorf <rasmus@lerdorf.on.ca> \|
12		+----------------------------------------------------------------------+
13		*/
14
15		#include <stdio.h>
16		#include "php.h"
17		#include "ext/standard/php_standard.h"
18		#include "ext/date/php_date.h"
19		#include "SAPI.h"
20		#include "php_main.h"
21		#include "head.h"
22		#include <time.h>
23
24		#include "php_globals.h"
25		#include "zend_smart_str.h"
26
27
28		/* Implementation of the language Header() function */
29		/* {{{ Sends a raw HTTP header */
30		PHP_FUNCTION(header)
31	0	{
32	0	bool rep = 1;
33	0	sapi_header_line ctr = {0};
34	0	char *line;
35	0	size_t len;
36
37	0	ZEND_PARSE_PARAMETERS_START(1, 3)
38	0	Z_PARAM_STRING(line, len)
39	0	Z_PARAM_OPTIONAL
40	0	Z_PARAM_BOOL(rep)
41	0	Z_PARAM_LONG(ctr.response_code)
42	0	ZEND_PARSE_PARAMETERS_END();
43
44	0	ctr.line = line;
45	0	ctr.line_len = len;
46	0	sapi_header_op(rep ? SAPI_HEADER_REPLACE:SAPI_HEADER_ADD, &ctr);
47	0	}
48		/* }}} */
49
50		/* {{{ Removes an HTTP header previously set using header() */
51		PHP_FUNCTION(header_remove)
52	0	{
53	0	sapi_header_line ctr = {0};
54	0	char *line = NULL;
55	0	size_t len = 0;
56
57	0	ZEND_PARSE_PARAMETERS_START(0, 1)
58	0	Z_PARAM_OPTIONAL
59	0	Z_PARAM_STRING_OR_NULL(line, len)
60	0	ZEND_PARSE_PARAMETERS_END();
61
62	0	ctr.line = line;
63	0	ctr.line_len = len;
64	0	sapi_header_op(line == NULL ? SAPI_HEADER_DELETE_ALL : SAPI_HEADER_DELETE, &ctr);
65	0	}
66		/* }}} */
67
68		PHPAPI bool php_header(void)
69	38.9k	{
70	38.9k	if (sapi_send_headers()==FAILURE \|\| SG(request_info).headers_only) {
71	0	return false; /* don't allow output */
72	38.9k	} else {
73	38.9k	return true; /* allow output */
74	38.9k	}
75	38.9k	}
76
77		PHPAPI bool php_is_valid_samesite_value(zend_string *value)
78	0	{
79	0	return zend_string_equals_literal_ci(value, "Strict")
80	0	\|\| zend_string_equals_literal_ci(value, "Lax")
81	0	\|\| zend_string_equals_literal_ci(value, "None");
82	0	}
83
84	0	#define ILLEGAL_COOKIE_CHARACTER "\",\", \";\", \" \", \"\\t\", \"\\r\", \"\\n\", \"\\013\", or \"\\014\""
85		PHPAPI zend_result php_setcookie(zend_string name, zend_string value, time_t expires,
86		zend_string path, zend_string domain, bool secure, bool httponly,
87		zend_string *samesite, bool partitioned, bool url_encode)
88	0	{
89	0	zend_string *dt;
90	0	sapi_header_line ctr = {0};
91	0	zend_result result;
92	0	smart_str buf = {0};
93
94	0	if (!ZSTR_LEN(name)) {
95	0	zend_argument_must_not_be_empty_error(1);
96	0	return FAILURE;
97	0	}
98	0	if (strpbrk(ZSTR_VAL(name), "=,; \t\r\n\013\014") != NULL) { /* man isspace for \013 and \014 */
99	0	zend_argument_value_error(1, "cannot contain \"=\", " ILLEGAL_COOKIE_CHARACTER);
100	0	return FAILURE;
101	0	}
102	0	if (!url_encode && value &&
103	0	strpbrk(ZSTR_VAL(value), ",; \t\r\n\013\014") != NULL) { /* man isspace for \013 and \014 */
104	0	zend_argument_value_error(2, "cannot contain " ILLEGAL_COOKIE_CHARACTER);
105	0	return FAILURE;
106	0	}
107
108	0	if (path && strpbrk(ZSTR_VAL(path), ",; \t\r\n\013\014") != NULL) { /* man isspace for \013 and \014 */
109	0	zend_value_error("%s(): \"path\" option cannot contain " ILLEGAL_COOKIE_CHARACTER,
110	0	get_active_function_name());
111	0	return FAILURE;
112	0	}
113	0	if (domain && strpbrk(ZSTR_VAL(domain), ",; \t\r\n\013\014") != NULL) { /* man isspace for \013 and \014 */
114	0	zend_value_error("%s(): \"domain\" option cannot contain " ILLEGAL_COOKIE_CHARACTER,
115	0	get_active_function_name());
116	0	return FAILURE;
117	0	}
118	0	#ifdef ZEND_ENABLE_ZVAL_LONG64
119	0	if (expires >= 253402300800) {
120	0	zend_value_error("%s(): \"expires\" option cannot have a year greater than 9999",
121	0	get_active_function_name());
122	0	return FAILURE;
123	0	}
124	0	#endif
125	0	if (partitioned && !secure) {
126	0	zend_value_error("%s(): \"partitioned\" option cannot be used without \"secure\" option",
127	0	get_active_function_name());
128	0	return FAILURE;
129	0	}
130
131	0	if (samesite && ZSTR_LEN(samesite) > 0 && !php_is_valid_samesite_value(samesite)) {
132	0	zend_value_error("%s(): \"samesite\" option must be \"Strict\", \"Lax\", \"None\", or \"\"",
133	0	get_active_function_name());
134	0	return FAILURE;
135	0	}
136
137	0	if (value == NULL \|\| ZSTR_LEN(value) == 0) {
138		/*
139		* MSIE doesn't delete a cookie when you set it to a null value
140		* so in order to force cookies to be deleted, even on MSIE, we
141		* pick an expiry date in the past
142		*/
143	0	smart_str_appends(&buf, "Set-Cookie: ");
144	0	smart_str_append(&buf, name);
145	0	smart_str_appends(&buf, "=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0");
146	0	} else {
147	0	smart_str_appends(&buf, "Set-Cookie: ");
148	0	smart_str_append(&buf, name);
149	0	smart_str_appendc(&buf, '=');
150	0	if (url_encode) {
151	0	zend_string *encoded_value = php_raw_url_encode(ZSTR_VAL(value), ZSTR_LEN(value));
152	0	smart_str_append(&buf, encoded_value);
153	0	zend_string_release_ex(encoded_value, 0);
154	0	} else {
155	0	smart_str_append(&buf, value);
156	0	}
157
158	0	if (expires > 0) {
159	0	double diff;
160
161	0	smart_str_appends(&buf, COOKIE_EXPIRES);
162	0	dt = php_format_date("D, d M Y H:i:s \\G\\M\\T", sizeof("D, d M Y H:i:s \\G\\M\\T")-1, expires, 0);
163
164	0	smart_str_append(&buf, dt);
165	0	zend_string_free(dt);
166
167	0	diff = difftime(expires, php_time());
168	0	if (diff < 0) {
169	0	diff = 0;
170	0	}
171
172	0	smart_str_appends(&buf, COOKIE_MAX_AGE);
173	0	smart_str_append_long(&buf, (zend_long) diff);
174	0	}
175	0	}
176
177	0	if (path && ZSTR_LEN(path)) {
178	0	smart_str_appends(&buf, COOKIE_PATH);
179	0	smart_str_append(&buf, path);
180	0	}
181	0	if (domain && ZSTR_LEN(domain)) {
182	0	smart_str_appends(&buf, COOKIE_DOMAIN);
183	0	smart_str_append(&buf, domain);
184	0	}
185	0	if (secure) {
186	0	smart_str_appends(&buf, COOKIE_SECURE);
187	0	}
188	0	if (httponly) {
189	0	smart_str_appends(&buf, COOKIE_HTTPONLY);
190	0	}
191	0	if (samesite && ZSTR_LEN(samesite)) {
192	0	smart_str_appends(&buf, COOKIE_SAMESITE);
193	0	smart_str_append(&buf, samesite);
194	0	}
195	0	if (partitioned) {
196	0	smart_str_appends(&buf, COOKIE_PARTITIONED);
197	0	}
198
199	0	ctr.line = ZSTR_VAL(buf.s);
200	0	ctr.line_len = (uint32_t) ZSTR_LEN(buf.s);
201
202	0	result = sapi_header_op(SAPI_HEADER_ADD, &ctr);
203	0	zend_string_release(buf.s);
204	0	return result;
205	0	}
206
207		static zend_result php_head_parse_cookie_options_array(HashTable options, zend_long expires, zend_string **path,
208		zend_string *domain, bool secure, bool httponly, zend_string samesite, bool partitioned)
209	0	{
210	0	zend_string *key;
211	0	zval *value;
212
213	0	ZEND_HASH_FOREACH_STR_KEY_VAL(options, key, value) {
214	0	if (!key) {
215	0	zend_value_error("%s(): option array cannot have numeric keys", get_active_function_name());
216	0	return FAILURE;
217	0	}
218	0	if (zend_string_equals_literal_ci(key, "expires")) {
219	0	*expires = zval_get_long(value);
220	0	} else if (zend_string_equals_literal_ci(key, "path")) {
221	0	*path = zval_get_string(value);
222	0	} else if (zend_string_equals_literal_ci(key, "domain")) {
223	0	*domain = zval_get_string(value);
224	0	} else if (zend_string_equals_literal_ci(key, "secure")) {
225	0	*secure = zend_is_true(value);
226	0	} else if (zend_string_equals_literal_ci(key, "httponly")) {
227	0	*httponly = zend_is_true(value);
228	0	} else if (zend_string_equals_literal_ci(key, "samesite")) {
229	0	*samesite = zval_get_string(value);
230	0	} else if (zend_string_equals_literal_ci(key, "partitioned")) {
231	0	*partitioned = zend_is_true(value);
232	0	} else {
233	0	zend_value_error("%s(): option \"%s\" is invalid", get_active_function_name(), ZSTR_VAL(key));
234	0	return FAILURE;
235	0	}
236	0	} ZEND_HASH_FOREACH_END();
237	0	return SUCCESS;
238	0	}
239
240		static void php_setcookie_common(INTERNAL_FUNCTION_PARAMETERS, bool is_raw)
241	0	{
242	0	HashTable *options = NULL;
243	0	zend_long expires = 0;
244	0	zend_string name, value = NULL, path = NULL, domain = NULL, *samesite = NULL;
245	0	bool secure = 0, httponly = 0, partitioned = false;
246
247	0	ZEND_PARSE_PARAMETERS_START(1, 7)
248	0	Z_PARAM_STR(name)
249	0	Z_PARAM_OPTIONAL
250	0	Z_PARAM_STR(value)
251	0	Z_PARAM_ARRAY_HT_OR_LONG(options, expires)
252	0	Z_PARAM_STR(path)
253	0	Z_PARAM_STR(domain)
254	0	Z_PARAM_BOOL(secure)
255	0	Z_PARAM_BOOL(httponly)
256	0	ZEND_PARSE_PARAMETERS_END();
257
258	0	if (options) {
259	0	if (UNEXPECTED(ZEND_NUM_ARGS() > 3)) {
260	0	zend_argument_count_error("%s(): Expects exactly 3 arguments when argument #3 "
261	0	"($expires_or_options) is an array", get_active_function_name());
262	0	RETURN_THROWS();
263	0	}
264
265	0	if (FAILURE == php_head_parse_cookie_options_array(options, &expires, &path,
266	0	&domain, &secure, &httponly, &samesite, &partitioned)
267	0	) {
268	0	goto cleanup;
269	0	}
270	0	}
271
272	0	RETVAL_BOOL(php_setcookie(name, value, expires, path, domain, secure, httponly, samesite, partitioned, !is_raw) == SUCCESS);
273
274	0	if (options) {
275	0	cleanup:
276	0	if (path) {
277	0	zend_string_release(path);
278	0	}
279	0	if (domain) {
280	0	zend_string_release(domain);
281	0	}
282	0	if (samesite) {
283	0	zend_string_release(samesite);
284	0	}
285	0	}
286	0	}
287
288		/* {{{ setcookie(string name [, string value [, array options]])
289		Send a cookie */
290		PHP_FUNCTION(setcookie)
291	0	{
292	0	php_setcookie_common(INTERNAL_FUNCTION_PARAM_PASSTHRU, false);
293	0	}
294		/* }}} */
295
296		/* {{{ setrawcookie(string name [, string value [, array options]])
297		Send a cookie with no url encoding of the value */
298		PHP_FUNCTION(setrawcookie)
299	0	{
300	0	php_setcookie_common(INTERNAL_FUNCTION_PARAM_PASSTHRU, true);
301	0	}
302		/* }}} */
303
304
305		/* {{{ Returns true if headers have already been sent, false otherwise */
306		PHP_FUNCTION(headers_sent)
307	0	{
308	0	zval arg1 = NULL, arg2 = NULL;
309	0	const char *file="";
310	0	int line=0;
311
312	0	ZEND_PARSE_PARAMETERS_START(0, 2)
313	0	Z_PARAM_OPTIONAL
314	0	Z_PARAM_ZVAL(arg1)
315	0	Z_PARAM_ZVAL(arg2)
316	0	ZEND_PARSE_PARAMETERS_END();
317
318	0	if (SG(headers_sent)) {
319	0	line = php_output_get_start_lineno();
320	0	file = php_output_get_start_filename();
321	0	}
322
323	0	switch(ZEND_NUM_ARGS()) {
324	0	case 2:
325	0	ZEND_TRY_ASSIGN_REF_LONG(arg2, line);
326	0	ZEND_FALLTHROUGH;
327	0	case 1:
328	0	if (file) {
329	0	ZEND_TRY_ASSIGN_REF_STRING(arg1, file);
330	0	} else {
331	0	ZEND_TRY_ASSIGN_REF_EMPTY_STRING(arg1);
332	0	}
333	0	break;
334	0	}
335
336	0	RETURN_BOOL(SG(headers_sent));
337	0	}
338		/* }}} */
339
340		/* {{{ php_head_apply_header_list_to_hash
341		Turn an llist of sapi_header_struct headers into a numerically indexed zval hash */
342		static void php_head_apply_header_list_to_hash(void data, void arg)
343	0	{
344	0	sapi_header_struct sapi_header = (sapi_header_struct )data;
345
346	0	if (arg && sapi_header) {
347	0	add_next_index_string((zval )arg, (char )(sapi_header->header));
348	0	}
349	0	}
350
351		/* {{{ Return list of headers to be sent / already sent */
352		PHP_FUNCTION(headers_list)
353	0	{
354	0	ZEND_PARSE_PARAMETERS_NONE();
355
356	0	array_init(return_value);
357	0	zend_llist_apply_with_argument(&SG(sapi_headers).headers, php_head_apply_header_list_to_hash, return_value);
358	0	}
359		/* }}} */
360
361		/* {{{ Sets a response code, or returns the current HTTP response code */
362		PHP_FUNCTION(http_response_code)
363	0	{
364	0	zend_long response_code = 0;
365
366	0	ZEND_PARSE_PARAMETERS_START(0, 1)
367	0	Z_PARAM_OPTIONAL
368	0	Z_PARAM_LONG(response_code)
369	0	ZEND_PARSE_PARAMETERS_END();
370
371	0	if (response_code)
372	0	{
373	0	if (SG(headers_sent) && !SG(request_info).no_headers) {
374	0	const char *output_start_filename = php_output_get_start_filename();
375	0	int output_start_lineno = php_output_get_start_lineno();
376
377	0	if (output_start_filename) {
378	0	php_error_docref(NULL, E_WARNING, "Cannot set response code - headers already sent "
379	0	"(output started at %s:%d)", output_start_filename, output_start_lineno);
380	0	} else {
381	0	php_error_docref(NULL, E_WARNING, "Cannot set response code - headers already sent");
382	0	}
383	0	RETURN_FALSE;
384	0	}
385
386	0	if (SG(sapi_headers).http_status_line) {
387	0	php_error_docref(NULL, E_WARNING, "Calling http_response_code() after header('HTTP/...') has no effect");
388		// If it is decided that this should have effect in the future, replace warning with
389		// efree(SG(sapi_headers).http_status_line);
390		// SG(sapi_headers).http_status_line = NULL;
391	0	}
392
393	0	zend_long old_response_code;
394
395	0	old_response_code = SG(sapi_headers).http_response_code;
396	0	SG(sapi_headers).http_response_code = (int)response_code;
397
398	0	if (old_response_code) {
399	0	RETURN_LONG(old_response_code);
400	0	}
401
402	0	RETURN_TRUE;
403	0	}
404
405	0	if (!SG(sapi_headers).http_response_code) {
406	0	RETURN_FALSE;
407	0	}
408
409	0	RETURN_LONG(SG(sapi_headers).http_response_code);
410	0	}
411		/* }}} */