Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ErrorException: Undefined array key 1 with header('x-test:header'); #401

Closed
RafaelKr opened this issue Sep 11, 2024 · 2 comments · Fixed by #402
Closed

ErrorException: Undefined array key 1 with header('x-test:header'); #401

RafaelKr opened this issue Sep 11, 2024 · 2 comments · Fixed by #402
Labels
bug Something isn't working

Comments

@RafaelKr
Copy link
Contributor

RafaelKr commented Sep 11, 2024
edited
Loading

Version

4.3.0

What did you expect to happen?

I expected a response with status code 200.

What actually happens?

I got an ErrorException: Undefined array key 1.

The exception happens on this line:

acorn/src/Roots/Acorn/Application/Concerns/Bootable.php

Line 146 in dce6d72

[$header, $value] = explode(': ', $header, 2);

It's triggered by the wp-seopress plugin because it adds the header x-robots-tag:noindex, follow (note the missing whitespace after the colon).
Here's the source line from the plugin: https://github.com/wp-seopress/wp-seopress-public/blob/d0d5c0cebc4cf238a96e7a3163fa7260aec43c32/src/Services/Sitemap/Headers.php#L23

MDN specifies

HTTP headers let the client and the server pass additional information with an HTTP request or response. An HTTP header consists of its case-insensitive name followed by a colon (:), then by its value. Whitespace before the value is ignored.
See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers

Here's the related RFC section: https://datatracker.ietf.org/doc/html/rfc7230#section-3.2

Each header field consists of a case-insensitive field name followed by a colon (":"), optional leading whitespace, the field value, and optional trailing whitespace.

A previous RFC included more whitespace characters than the current RFC: https://datatracker.ietf.org/doc/html/rfc2616#section-4.2
So I think using PHPs ltrim function should be fine.

I suggest to update the Acorn code from

- [$header, $value] = explode(': ', $header, 2);
+ [$header, $value] = explode(':', $header, 2);
+ // HTTP/1.1 Header specification: https://datatracker.ietf.org/doc/html/rfc7230#section-3.2
+ // remove the optional leading whitespace
+ $value = ltrim($value);

I'm not sure if we even should use trim to also trim the optional trailing whitespace. I think we can ignore it.

Steps to reproduce

Send a custom header without a space after the colon.

I can do this in my project by adding a header-bug.php with the following contents inside my mu-plugins folder:

<?php

header('x-test:header');

System info

No response

Log output

No response

Please confirm this isn't a support request.

Yes
@RafaelKr RafaelKr added the bug Something isn't working label Sep 11, 2024
@Log1x
Copy link
Member

Log1x commented Sep 11, 2024

Hey, thanks for the report! Care to do a PR? I'd say ltrim is fine.

RafaelKr added a commit to RafaelKr/acorn that referenced this issue Sep 24, 2024
@RafaelKr
Correctly split headers without leading whitespace
5ae170d 
According to https://datatracker.ietf.org/doc/html/rfc7230#section-3.2 headers may contain optional leading whitespace before the value. The previous implementation threw an error if there was no whitespace.
Fixes roots#401.
@RafaelKr RafaelKr mentioned this issue Sep 24, 2024
Merged
@RafaelKr
Copy link
Contributor Author

There you go :)
#402

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

🩹 Correctly split headers without leading whitespace RafaelKr/acorn
2 participants
@Log1x @RafaelKr