Issues

ZF-11237: Zend_Controller_Response_Abstract::clearRawHeader() behaves incorrect when the header to remove is not present

Description

Zend_Controller_Response_Abstract::clearRawHeader() uses array_search() to find the index of the header to unset in the raw headers array. When this function is called with the name of a header that does not exist, array_search() returns false. No check is done on this, unset is called directly on the raw headers array with this value. PHP auto-converts false to 0, so the first raw header gets unset. Here is a patch that fixes the code and provides a unit test that exposes the behavior:


Index: tests/Zend/Controller/Response/HttpTest.php
===================================================================
--- tests/Zend/Controller/Response/HttpTest.php (revision 23822)
+++ tests/Zend/Controller/Response/HttpTest.php (working copy)
@@ -165,6 +165,21 @@
         $this->assertFalse($originalHeadersRaw == $updatedHeadersRaw);
     }
 
+       /**
+        * @group ZF-6038
+        */
+    public function testClearRawHeaderThatDoesNotExist()
+    {
+        $this->_response->setRawHeader('HTTP/1.0 404 Not Found');
+        $this->_response->setRawHeader('HTTP/1.0 401 Unauthorized');
+        $originalHeadersRaw = $this->_response->getRawHeaders();
+
+        $this->_response->clearRawHeader('HTTP/1.0 403 Forbidden');
+        $updatedHeadersRaw  = $this->_response->getRawHeaders();
+
+        $this->assertTrue($originalHeadersRaw == $updatedHeadersRaw);
+    }
+
     public function testClearAllHeaders()
     {
         $this->_response->setRawHeader('HTTP/1.0 404 Not Found');
Index: library/Zend/Controller/Response/Abstract.php
===================================================================
--- library/Zend/Controller/Response/Abstract.php       (revision 23822)
+++ library/Zend/Controller/Response/Abstract.php       (working copy)
@@ -257,7 +257,9 @@
         }
 
         $key = array_search($headerRaw, $this->_headersRaw);
-        unset($this->_headersRaw[$key]);
+        if ($key !== false) {
+            unset($this->_headersRaw[$key]);
+        }
 
         return $this;
     }

Comments

Attached components for issue

Fixed in trunk r23898

Merged to release branch 1.11 r23967