/src/php-src/ext/standard/head.c

Source (jump to first uncovered line)
/*
   +----------------------------------------------------------------------+
   | Copyright (c) The PHP Group                                          |
   +----------------------------------------------------------------------+
   | This source file is subject to version 3.01 of the PHP license,      |
   | that is bundled with this package in the file LICENSE, and is        |
   | available through the world-wide-web at the following url:           |
   | https://www.php.net/license/3_01.txt                                 |
   | If you did not receive a copy of the PHP license and are unable to   |
   | obtain it through the world-wide-web, please send a note to          |
   | license@php.net so we can mail you a copy immediately.               |
   +----------------------------------------------------------------------+
   | Author: Rasmus Lerdorf <rasmus@lerdorf.on.ca>                        |
   +----------------------------------------------------------------------+
 */

#include <stdio.h>
#include "php.h"
#include "ext/standard/php_standard.h"
#include "ext/date/php_date.h"
#include "SAPI.h"
#include "php_main.h"
#include "head.h"
#include <time.h>

#include "php_globals.h"
#include "zend_smart_str.h"


/* Implementation of the language Header() function */
/* {{{ Sends a raw HTTP header */
PHP_FUNCTION(header)
{
  bool rep = 1;
  sapi_header_line ctr = {0};
  char *line;
  size_t len;

  ZEND_PARSE_PARAMETERS_START(1, 3)
    Z_PARAM_STRING(line, len)
    Z_PARAM_OPTIONAL
    Z_PARAM_BOOL(rep)
    Z_PARAM_LONG(ctr.response_code)
  ZEND_PARSE_PARAMETERS_END();

  ctr.line = line;
  ctr.line_len = len;
  sapi_header_op(rep ? SAPI_HEADER_REPLACE:SAPI_HEADER_ADD, &ctr);
}
/* }}} */

/* {{{ Removes an HTTP header previously set using header() */
PHP_FUNCTION(header_remove)
{
  sapi_header_line ctr = {0};
  char *line = NULL;
  size_t len = 0;

  ZEND_PARSE_PARAMETERS_START(0, 1)
    Z_PARAM_OPTIONAL
    Z_PARAM_STRING_OR_NULL(line, len)
  ZEND_PARSE_PARAMETERS_END();

  ctr.line = line;
  ctr.line_len = len;
  sapi_header_op(line == NULL ? SAPI_HEADER_DELETE_ALL : SAPI_HEADER_DELETE, &ctr);
}
/* }}} */

PHPAPI bool php_header(void)
{
  if (sapi_send_headers()==FAILURE || SG(request_info).headers_only) {
    return false; /* don't allow output */
  } else {
    return true; /* allow output */
  }
}

#define ILLEGAL_COOKIE_CHARACTER "\",\", \";\", \" \", \"\\t\", \"\\r\", \"\\n\", \"\\013\", or \"\\014\""
PHPAPI zend_result php_setcookie(zend_string *name, zend_string *value, time_t expires,
  zend_string *path, zend_string *domain, bool secure, bool httponly,
  zend_string *samesite, bool url_encode)
{
  zend_string *dt;
  sapi_header_line ctr = {0};
  zend_result result;
  smart_str buf = {0};

  if (!ZSTR_LEN(name)) {
    zend_argument_must_not_be_empty_error(1);
    return FAILURE;
  }
  if (strpbrk(ZSTR_VAL(name), "=,; \t\r\n\013\014") != NULL) {   /* man isspace for \013 and \014 */
    zend_argument_value_error(1, "cannot contain \"=\", " ILLEGAL_COOKIE_CHARACTER);
    return FAILURE;
  }
  if (!url_encode && value &&
      strpbrk(ZSTR_VAL(value), ",; \t\r\n\013\014") != NULL) { /* man isspace for \013 and \014 */
    zend_argument_value_error(2, "cannot contain " ILLEGAL_COOKIE_CHARACTER);
    return FAILURE;
  }

  if (path && strpbrk(ZSTR_VAL(path), ",; \t\r\n\013\014") != NULL) { /* man isspace for \013 and \014 */
    zend_value_error("%s(): \"path\" option cannot contain " ILLEGAL_COOKIE_CHARACTER,
      get_active_function_name());
    return FAILURE;
  }
  if (domain && strpbrk(ZSTR_VAL(domain), ",; \t\r\n\013\014") != NULL) { /* man isspace for \013 and \014 */
    zend_value_error("%s(): \"domain\" option cannot contain " ILLEGAL_COOKIE_CHARACTER,
      get_active_function_name());
    return FAILURE;
  }
#ifdef ZEND_ENABLE_ZVAL_LONG64
  if (expires >= 253402300800) {
    zend_value_error("%s(): \"expires\" option cannot have a year greater than 9999",
      get_active_function_name());
    return FAILURE;
  }
#endif

  /* Should check value of SameSite? */

  if (value == NULL || ZSTR_LEN(value) == 0) {
    /*
     * MSIE doesn't delete a cookie when you set it to a null value
     * so in order to force cookies to be deleted, even on MSIE, we
     * pick an expiry date in the past
     */
    dt = php_format_date("D, d M Y H:i:s \\G\\M\\T", sizeof("D, d M Y H:i:s \\G\\M\\T")-1, 1, 0);
    smart_str_appends(&buf, "Set-Cookie: ");
    smart_str_append(&buf, name);
    smart_str_appends(&buf, "=deleted; expires=");
    smart_str_append(&buf, dt);
    smart_str_appends(&buf, "; Max-Age=0");
    zend_string_free(dt);
  } else {
    smart_str_appends(&buf, "Set-Cookie: ");
    smart_str_append(&buf, name);
    smart_str_appendc(&buf, '=');
    if (url_encode) {
      zend_string *encoded_value = php_raw_url_encode(ZSTR_VAL(value), ZSTR_LEN(value));
      smart_str_append(&buf, encoded_value);
      zend_string_release_ex(encoded_value, 0);
    } else {
      smart_str_append(&buf, value);
    }

    if (expires > 0) {
      double diff;

      smart_str_appends(&buf, COOKIE_EXPIRES);
      dt = php_format_date("D, d M Y H:i:s \\G\\M\\T", sizeof("D, d M Y H:i:s \\G\\M\\T")-1, expires, 0);

      smart_str_append(&buf, dt);
      zend_string_free(dt);

      diff = difftime(expires, php_time());
      if (diff < 0) {
        diff = 0;
      }

      smart_str_appends(&buf, COOKIE_MAX_AGE);
      smart_str_append_long(&buf, (zend_long) diff);
    }
  }

  if (path && ZSTR_LEN(path)) {
    smart_str_appends(&buf, COOKIE_PATH);
    smart_str_append(&buf, path);
  }
  if (domain && ZSTR_LEN(domain)) {
    smart_str_appends(&buf, COOKIE_DOMAIN);
    smart_str_append(&buf, domain);
  }
  if (secure) {
    smart_str_appends(&buf, COOKIE_SECURE);
  }
  if (httponly) {
    smart_str_appends(&buf, COOKIE_HTTPONLY);
  }
  if (samesite && ZSTR_LEN(samesite)) {
    smart_str_appends(&buf, COOKIE_SAMESITE);
    smart_str_append(&buf, samesite);
  }

  ctr.line = ZSTR_VAL(buf.s);
  ctr.line_len = (uint32_t) ZSTR_LEN(buf.s);

  result = sapi_header_op(SAPI_HEADER_ADD, &ctr);
  zend_string_release(buf.s);
  return result;
}

static zend_result php_head_parse_cookie_options_array(HashTable *options, zend_long *expires, zend_string **path,
    zend_string **domain, bool *secure, bool *httponly, zend_string **samesite)
{
  zend_string *key;
  zval *value;

  ZEND_HASH_FOREACH_STR_KEY_VAL(options, key, value) {
    if (!key) {
      zend_value_error("%s(): option array cannot have numeric keys", get_active_function_name());
      return FAILURE;
    }
    if (zend_string_equals_literal_ci(key, "expires")) {
      *expires = zval_get_long(value);
    } else if (zend_string_equals_literal_ci(key, "path")) {
      *path = zval_get_string(value);
    } else if (zend_string_equals_literal_ci(key, "domain")) {
      *domain = zval_get_string(value);
    } else if (zend_string_equals_literal_ci(key, "secure")) {
      *secure = zval_is_true(value);
    } else if (zend_string_equals_literal_ci(key, "httponly")) {
      *httponly = zval_is_true(value);
    } else if (zend_string_equals_literal_ci(key, "samesite")) {
      *samesite = zval_get_string(value);
    } else {
      zend_value_error("%s(): option \"%s\" is invalid", get_active_function_name(), ZSTR_VAL(key));
      return FAILURE;
    }
  } ZEND_HASH_FOREACH_END();
  return SUCCESS;
}

static void php_setcookie_common(INTERNAL_FUNCTION_PARAMETERS, bool is_raw)
{
  HashTable *options = NULL;
  zend_long expires = 0;
  zend_string *name, *value = NULL, *path = NULL, *domain = NULL, *samesite = NULL;
  bool secure = 0, httponly = 0;

  ZEND_PARSE_PARAMETERS_START(1, 7)
    Z_PARAM_STR(name)
    Z_PARAM_OPTIONAL
    Z_PARAM_STR(value)
    Z_PARAM_ARRAY_HT_OR_LONG(options, expires)
    Z_PARAM_STR(path)
    Z_PARAM_STR(domain)
    Z_PARAM_BOOL(secure)
    Z_PARAM_BOOL(httponly)
  ZEND_PARSE_PARAMETERS_END();

  if (options) {
    if (UNEXPECTED(ZEND_NUM_ARGS() > 3)) {
      zend_argument_count_error("%s(): Expects exactly 3 arguments when argument #3 "
        "($expires_or_options) is an array", get_active_function_name());
      RETURN_THROWS();
    }

    if (FAILURE == php_head_parse_cookie_options_array(options, &expires, &path,
      &domain, &secure, &httponly, &samesite)
    ) {
      goto cleanup;
    }
  }

  if (php_setcookie(name, value, expires, path, domain, secure, httponly, samesite, !is_raw) == SUCCESS) {
    RETVAL_TRUE;
  } else {
    RETVAL_FALSE;
  }

  if (options) {
cleanup:
    if (path) {
      zend_string_release(path);
    }
    if (domain) {
      zend_string_release(domain);
    }
    if (samesite) {
      zend_string_release(samesite);
    }
  }
}

/* {{{ setcookie(string name [, string value [, array options]])
   Send a cookie */
PHP_FUNCTION(setcookie)
{
  php_setcookie_common(INTERNAL_FUNCTION_PARAM_PASSTHRU, false);
}
/* }}} */

/* {{{ setrawcookie(string name [, string value [, array options]])
   Send a cookie with no url encoding of the value */
PHP_FUNCTION(setrawcookie)
{
  php_setcookie_common(INTERNAL_FUNCTION_PARAM_PASSTHRU, true);
}
/* }}} */


/* {{{ Returns true if headers have already been sent, false otherwise */
PHP_FUNCTION(headers_sent)
{
  zval *arg1 = NULL, *arg2 = NULL;
  const char *file="";
  int line=0;

  ZEND_PARSE_PARAMETERS_START(0, 2)
    Z_PARAM_OPTIONAL
    Z_PARAM_ZVAL(arg1)
    Z_PARAM_ZVAL(arg2)
  ZEND_PARSE_PARAMETERS_END();

  if (SG(headers_sent)) {
    line = php_output_get_start_lineno();
    file = php_output_get_start_filename();
  }

  switch(ZEND_NUM_ARGS()) {
  case 2:
    ZEND_TRY_ASSIGN_REF_LONG(arg2, line);
    ZEND_FALLTHROUGH;
  case 1:
    if (file) {
      ZEND_TRY_ASSIGN_REF_STRING(arg1, file);
    } else {
      ZEND_TRY_ASSIGN_REF_EMPTY_STRING(arg1);
    }
    break;
  }

  if (SG(headers_sent)) {
    RETURN_TRUE;
  } else {
    RETURN_FALSE;
  }
}
/* }}} */

/* {{{ php_head_apply_header_list_to_hash
   Turn an llist of sapi_header_struct headers into a numerically indexed zval hash */
static void php_head_apply_header_list_to_hash(void *data, void *arg)
{
  sapi_header_struct *sapi_header = (sapi_header_struct *)data;

  if (arg && sapi_header) {
    add_next_index_string((zval *)arg, (char *)(sapi_header->header));
  }
}

/* {{{ Return list of headers to be sent / already sent */
PHP_FUNCTION(headers_list)
{
  ZEND_PARSE_PARAMETERS_NONE();

  array_init(return_value);
  zend_llist_apply_with_argument(&SG(sapi_headers).headers, php_head_apply_header_list_to_hash, return_value);
}
/* }}} */

/* {{{ Sets a response code, or returns the current HTTP response code */
PHP_FUNCTION(http_response_code)
{
  zend_long response_code = 0;

  ZEND_PARSE_PARAMETERS_START(0, 1)
    Z_PARAM_OPTIONAL
    Z_PARAM_LONG(response_code)
  ZEND_PARSE_PARAMETERS_END();

  if (response_code)
  {
    if (SG(headers_sent) && !SG(request_info).no_headers) {
      const char *output_start_filename = php_output_get_start_filename();
      int output_start_lineno = php_output_get_start_lineno();

      if (output_start_filename) {
        php_error_docref(NULL, E_WARNING, "Cannot set response code - headers already sent "
          "(output started at %s:%d)", output_start_filename, output_start_lineno);
      } else {
        php_error_docref(NULL, E_WARNING, "Cannot set response code - headers already sent");
      }
      RETURN_FALSE;
    }
    zend_long old_response_code;

    old_response_code = SG(sapi_headers).http_response_code;
    SG(sapi_headers).http_response_code = (int)response_code;

    if (old_response_code) {
      RETURN_LONG(old_response_code);
    }

    RETURN_TRUE;
  }

  if (!SG(sapi_headers).http_response_code) {
    RETURN_FALSE;
  }

  RETURN_LONG(SG(sapi_headers).http_response_code);
}
/* }}} */

Coverage Report

Created: 2025-06-13 06:43

Line	Count	Source (jump to first uncovered line)
1		/*
2		+----------------------------------------------------------------------+
3		\| Copyright (c) The PHP Group \|
4		+----------------------------------------------------------------------+
5		\| This source file is subject to version 3.01 of the PHP license, \|
6		\| that is bundled with this package in the file LICENSE, and is \|
7		\| available through the world-wide-web at the following url: \|
8		\| https://www.php.net/license/3_01.txt \|
9		\| If you did not receive a copy of the PHP license and are unable to \|
10		\| obtain it through the world-wide-web, please send a note to \|
11		\| license@php.net so we can mail you a copy immediately. \|
12		+----------------------------------------------------------------------+
13		\| Author: Rasmus Lerdorf <rasmus@lerdorf.on.ca> \|
14		+----------------------------------------------------------------------+
15		*/
16
17		#include <stdio.h>
18		#include "php.h"
19		#include "ext/standard/php_standard.h"
20		#include "ext/date/php_date.h"
21		#include "SAPI.h"
22		#include "php_main.h"
23		#include "head.h"
24		#include <time.h>
25
26		#include "php_globals.h"
27		#include "zend_smart_str.h"
28
29
30		/* Implementation of the language Header() function */
31		/* {{{ Sends a raw HTTP header */
32		PHP_FUNCTION(header)
33	138	{
34	138	bool rep = 1;
35	138	sapi_header_line ctr = {0};
36	138	char *line;
37	138	size_t len;
38
39	414	ZEND_PARSE_PARAMETERS_START(1, 3)
40	552	Z_PARAM_STRING(line, len)
41	138	Z_PARAM_OPTIONAL
42	410	Z_PARAM_BOOL(rep)
43	217	Z_PARAM_LONG(ctr.response_code)
44	138	ZEND_PARSE_PARAMETERS_END();
45
46	138	ctr.line = line;
47	138	ctr.line_len = len;
48	138	sapi_header_op(rep ? SAPI_HEADER_REPLACE:SAPI_HEADER_ADD, &ctr);
49	138	}
50		/* }}} */
51
52		/* {{{ Removes an HTTP header previously set using header() */
53		PHP_FUNCTION(header_remove)
54	0	{
55	0	sapi_header_line ctr = {0};
56	0	char *line = NULL;
57	0	size_t len = 0;
58
59	0	ZEND_PARSE_PARAMETERS_START(0, 1)
60	0	Z_PARAM_OPTIONAL
61	0	Z_PARAM_STRING_OR_NULL(line, len)
62	0	ZEND_PARSE_PARAMETERS_END();
63
64	0	ctr.line = line;
65	0	ctr.line_len = len;
66	0	sapi_header_op(line == NULL ? SAPI_HEADER_DELETE_ALL : SAPI_HEADER_DELETE, &ctr);
67	0	}
68		/* }}} */
69
70		PHPAPI bool php_header(void)
71	300k	{
72	300k	if (sapi_send_headers()==FAILURE \|\| SG(request_info).headers_only) {
73	0	return false; /* don't allow output */
74	300k	} else {
75	300k	return true; /* allow output */
76	300k	}
77	300k	}
78
79	0	#define ILLEGAL_COOKIE_CHARACTER "\",\", \";\", \" \", \"\\t\", \"\\r\", \"\\n\", \"\\013\", or \"\\014\""
80		PHPAPI zend_result php_setcookie(zend_string name, zend_string value, time_t expires,
81		zend_string path, zend_string domain, bool secure, bool httponly,
82		zend_string *samesite, bool url_encode)
83	0	{
84	0	zend_string *dt;
85	0	sapi_header_line ctr = {0};
86	0	zend_result result;
87	0	smart_str buf = {0};
88
89	0	if (!ZSTR_LEN(name)) {
90	0	zend_argument_must_not_be_empty_error(1);
91	0	return FAILURE;
92	0	}
93	0	if (strpbrk(ZSTR_VAL(name), "=,; \t\r\n\013\014") != NULL) { /* man isspace for \013 and \014 */
94	0	zend_argument_value_error(1, "cannot contain \"=\", " ILLEGAL_COOKIE_CHARACTER);
95	0	return FAILURE;
96	0	}
97	0	if (!url_encode && value &&
98	0	strpbrk(ZSTR_VAL(value), ",; \t\r\n\013\014") != NULL) { /* man isspace for \013 and \014 */
99	0	zend_argument_value_error(2, "cannot contain " ILLEGAL_COOKIE_CHARACTER);
100	0	return FAILURE;
101	0	}
102
103	0	if (path && strpbrk(ZSTR_VAL(path), ",; \t\r\n\013\014") != NULL) { /* man isspace for \013 and \014 */
104	0	zend_value_error("%s(): \"path\" option cannot contain " ILLEGAL_COOKIE_CHARACTER,
105	0	get_active_function_name());
106	0	return FAILURE;
107	0	}
108	0	if (domain && strpbrk(ZSTR_VAL(domain), ",; \t\r\n\013\014") != NULL) { /* man isspace for \013 and \014 */
109	0	zend_value_error("%s(): \"domain\" option cannot contain " ILLEGAL_COOKIE_CHARACTER,
110	0	get_active_function_name());
111	0	return FAILURE;
112	0	}
113	0	#ifdef ZEND_ENABLE_ZVAL_LONG64
114	0	if (expires >= 253402300800) {
115	0	zend_value_error("%s(): \"expires\" option cannot have a year greater than 9999",
116	0	get_active_function_name());
117	0	return FAILURE;
118	0	}
119	0	#endif
120
121		/* Should check value of SameSite? */
122
123	0	if (value == NULL \|\| ZSTR_LEN(value) == 0) {
124		/*
125		* MSIE doesn't delete a cookie when you set it to a null value
126		* so in order to force cookies to be deleted, even on MSIE, we
127		* pick an expiry date in the past
128		*/
129	0	dt = php_format_date("D, d M Y H:i:s \\G\\M\\T", sizeof("D, d M Y H:i:s \\G\\M\\T")-1, 1, 0);
130	0	smart_str_appends(&buf, "Set-Cookie: ");
131	0	smart_str_append(&buf, name);
132	0	smart_str_appends(&buf, "=deleted; expires=");
133	0	smart_str_append(&buf, dt);
134	0	smart_str_appends(&buf, "; Max-Age=0");
135	0	zend_string_free(dt);
136	0	} else {
137	0	smart_str_appends(&buf, "Set-Cookie: ");
138	0	smart_str_append(&buf, name);
139	0	smart_str_appendc(&buf, '=');
140	0	if (url_encode) {
141	0	zend_string *encoded_value = php_raw_url_encode(ZSTR_VAL(value), ZSTR_LEN(value));
142	0	smart_str_append(&buf, encoded_value);
143	0	zend_string_release_ex(encoded_value, 0);
144	0	} else {
145	0	smart_str_append(&buf, value);
146	0	}
147
148	0	if (expires > 0) {
149	0	double diff;
150
151	0	smart_str_appends(&buf, COOKIE_EXPIRES);
152	0	dt = php_format_date("D, d M Y H:i:s \\G\\M\\T", sizeof("D, d M Y H:i:s \\G\\M\\T")-1, expires, 0);
153
154	0	smart_str_append(&buf, dt);
155	0	zend_string_free(dt);
156
157	0	diff = difftime(expires, php_time());
158	0	if (diff < 0) {
159	0	diff = 0;
160	0	}
161
162	0	smart_str_appends(&buf, COOKIE_MAX_AGE);
163	0	smart_str_append_long(&buf, (zend_long) diff);
164	0	}
165	0	}
166
167	0	if (path && ZSTR_LEN(path)) {
168	0	smart_str_appends(&buf, COOKIE_PATH);
169	0	smart_str_append(&buf, path);
170	0	}
171	0	if (domain && ZSTR_LEN(domain)) {
172	0	smart_str_appends(&buf, COOKIE_DOMAIN);
173	0	smart_str_append(&buf, domain);
174	0	}
175	0	if (secure) {
176	0	smart_str_appends(&buf, COOKIE_SECURE);
177	0	}
178	0	if (httponly) {
179	0	smart_str_appends(&buf, COOKIE_HTTPONLY);
180	0	}
181	0	if (samesite && ZSTR_LEN(samesite)) {
182	0	smart_str_appends(&buf, COOKIE_SAMESITE);
183	0	smart_str_append(&buf, samesite);
184	0	}
185
186	0	ctr.line = ZSTR_VAL(buf.s);
187	0	ctr.line_len = (uint32_t) ZSTR_LEN(buf.s);
188
189	0	result = sapi_header_op(SAPI_HEADER_ADD, &ctr);
190	0	zend_string_release(buf.s);
191	0	return result;
192	0	}
193
194		static zend_result php_head_parse_cookie_options_array(HashTable options, zend_long expires, zend_string **path,
195		zend_string *domain, bool secure, bool httponly, zend_string *samesite)
196	0	{
197	0	zend_string *key;
198	0	zval *value;
199
200	0	ZEND_HASH_FOREACH_STR_KEY_VAL(options, key, value) {
201	0	if (!key) {
202	0	zend_value_error("%s(): option array cannot have numeric keys", get_active_function_name());
203	0	return FAILURE;
204	0	}
205	0	if (zend_string_equals_literal_ci(key, "expires")) {
206	0	*expires = zval_get_long(value);
207	0	} else if (zend_string_equals_literal_ci(key, "path")) {
208	0	*path = zval_get_string(value);
209	0	} else if (zend_string_equals_literal_ci(key, "domain")) {
210	0	*domain = zval_get_string(value);
211	0	} else if (zend_string_equals_literal_ci(key, "secure")) {
212	0	*secure = zval_is_true(value);
213	0	} else if (zend_string_equals_literal_ci(key, "httponly")) {
214	0	*httponly = zval_is_true(value);
215	0	} else if (zend_string_equals_literal_ci(key, "samesite")) {
216	0	*samesite = zval_get_string(value);
217	0	} else {
218	0	zend_value_error("%s(): option \"%s\" is invalid", get_active_function_name(), ZSTR_VAL(key));
219	0	return FAILURE;
220	0	}
221	0	} ZEND_HASH_FOREACH_END();
222	0	return SUCCESS;
223	0	}
224
225		static void php_setcookie_common(INTERNAL_FUNCTION_PARAMETERS, bool is_raw)
226	0	{
227	0	HashTable *options = NULL;
228	0	zend_long expires = 0;
229	0	zend_string name, value = NULL, path = NULL, domain = NULL, *samesite = NULL;
230	0	bool secure = 0, httponly = 0;
231
232	0	ZEND_PARSE_PARAMETERS_START(1, 7)
233	0	Z_PARAM_STR(name)
234	0	Z_PARAM_OPTIONAL
235	0	Z_PARAM_STR(value)
236	0	Z_PARAM_ARRAY_HT_OR_LONG(options, expires)
237	0	Z_PARAM_STR(path)
238	0	Z_PARAM_STR(domain)
239	0	Z_PARAM_BOOL(secure)
240	0	Z_PARAM_BOOL(httponly)
241	0	ZEND_PARSE_PARAMETERS_END();
242
243	0	if (options) {
244	0	if (UNEXPECTED(ZEND_NUM_ARGS() > 3)) {
245	0	zend_argument_count_error("%s(): Expects exactly 3 arguments when argument #3 "
246	0	"($expires_or_options) is an array", get_active_function_name());
247	0	RETURN_THROWS();
248	0	}
249
250	0	if (FAILURE == php_head_parse_cookie_options_array(options, &expires, &path,
251	0	&domain, &secure, &httponly, &samesite)
252	0	) {
253	0	goto cleanup;
254	0	}
255	0	}
256
257	0	if (php_setcookie(name, value, expires, path, domain, secure, httponly, samesite, !is_raw) == SUCCESS) {
258	0	RETVAL_TRUE;
259	0	} else {
260	0	RETVAL_FALSE;
261	0	}
262
263	0	if (options) {
264	0	cleanup:
265	0	if (path) {
266	0	zend_string_release(path);
267	0	}
268	0	if (domain) {
269	0	zend_string_release(domain);
270	0	}
271	0	if (samesite) {
272	0	zend_string_release(samesite);
273	0	}
274	0	}
275	0	}
276
277		/* {{{ setcookie(string name [, string value [, array options]])
278		Send a cookie */
279		PHP_FUNCTION(setcookie)
280	0	{
281	0	php_setcookie_common(INTERNAL_FUNCTION_PARAM_PASSTHRU, false);
282	0	}
283		/* }}} */
284
285		/* {{{ setrawcookie(string name [, string value [, array options]])
286		Send a cookie with no url encoding of the value */
287		PHP_FUNCTION(setrawcookie)
288	0	{
289	0	php_setcookie_common(INTERNAL_FUNCTION_PARAM_PASSTHRU, true);
290	0	}
291		/* }}} */
292
293
294		/* {{{ Returns true if headers have already been sent, false otherwise */
295		PHP_FUNCTION(headers_sent)
296	12	{
297	12	zval arg1 = NULL, arg2 = NULL;
298	12	const char *file="";
299	12	int line=0;
300
301	36	ZEND_PARSE_PARAMETERS_START(0, 2)
302	36	Z_PARAM_OPTIONAL
303	48	Z_PARAM_ZVAL(arg1)
304	48	Z_PARAM_ZVAL(arg2)
305	34	ZEND_PARSE_PARAMETERS_END();
306
307	12	if (SG(headers_sent)) {
308	0	line = php_output_get_start_lineno();
309	0	file = php_output_get_start_filename();
310	0	}
311
312	12	switch(ZEND_NUM_ARGS()) {
313	5	case 2:
314	5	ZEND_TRY_ASSIGN_REF_LONG(arg2, line);
315	5	ZEND_FALLTHROUGH;
316	12	case 1:
317	12	if (file) {
318	12	ZEND_TRY_ASSIGN_REF_STRING(arg1, file);
319	12	} else {
320	0	ZEND_TRY_ASSIGN_REF_EMPTY_STRING(arg1);
321	0	}
322	12	break;
323	12	}
324
325	12	if (SG(headers_sent)) {
326	5	RETURN_TRUE;
327	7	} else {
328	7	RETURN_FALSE;
329	7	}
330	12	}
331		/* }}} */
332
333		/* {{{ php_head_apply_header_list_to_hash
334		Turn an llist of sapi_header_struct headers into a numerically indexed zval hash */
335		static void php_head_apply_header_list_to_hash(void data, void arg)
336	0	{
337	0	sapi_header_struct sapi_header = (sapi_header_struct )data;
338
339	0	if (arg && sapi_header) {
340	0	add_next_index_string((zval )arg, (char )(sapi_header->header));
341	0	}
342	0	}
343
344		/* {{{ Return list of headers to be sent / already sent */
345		PHP_FUNCTION(headers_list)
346	0	{
347	0	ZEND_PARSE_PARAMETERS_NONE();
348
349	0	array_init(return_value);
350	0	zend_llist_apply_with_argument(&SG(sapi_headers).headers, php_head_apply_header_list_to_hash, return_value);
351	0	}
352		/* }}} */
353
354		/* {{{ Sets a response code, or returns the current HTTP response code */
355		PHP_FUNCTION(http_response_code)
356	0	{
357	0	zend_long response_code = 0;
358
359	0	ZEND_PARSE_PARAMETERS_START(0, 1)
360	0	Z_PARAM_OPTIONAL
361	0	Z_PARAM_LONG(response_code)
362	0	ZEND_PARSE_PARAMETERS_END();
363
364	0	if (response_code)
365	0	{
366	0	if (SG(headers_sent) && !SG(request_info).no_headers) {
367	0	const char *output_start_filename = php_output_get_start_filename();
368	0	int output_start_lineno = php_output_get_start_lineno();
369
370	0	if (output_start_filename) {
371	0	php_error_docref(NULL, E_WARNING, "Cannot set response code - headers already sent "
372	0	"(output started at %s:%d)", output_start_filename, output_start_lineno);
373	0	} else {
374	0	php_error_docref(NULL, E_WARNING, "Cannot set response code - headers already sent");
375	0	}
376	0	RETURN_FALSE;
377	0	}
378	0	zend_long old_response_code;
379
380	0	old_response_code = SG(sapi_headers).http_response_code;
381	0	SG(sapi_headers).http_response_code = (int)response_code;
382
383	0	if (old_response_code) {
384	0	RETURN_LONG(old_response_code);
385	0	}
386
387	0	RETURN_TRUE;
388	0	}
389
390	0	if (!SG(sapi_headers).http_response_code) {
391	0	RETURN_FALSE;
392	0	}
393
394	0	RETURN_LONG(SG(sapi_headers).http_response_code);
395	0	}
396		/* }}} */