Permalink
Browse files

Updated the handling of response status codes

Improved API integrity by blocking the ability to set invalid status codes according to the HTTP spec. This includes any non-numeric codes, or any code that is greater or less than 3 digits in length (100-999 being the accepted range).
  • Loading branch information...
1 parent 4b21175 commit 2ce2a2aaa986d063746da3ef937d85360a466eb5 @jameswatts jameswatts committed Aug 10, 2013
Showing with 25 additions and 9 deletions.
  1. +25 −9 lib/Cake/Network/CakeResponse.php
View
34 lib/Cake/Network/CakeResponse.php
@@ -618,7 +618,7 @@ public function body($content = null) {
* Sets the HTTP status code to be sent
* if $code is null the current code is returned
*
- * @param integer $code
+ * @param integer $code the HTTP status code
* @return integer current status code
* @throws CakeException When an unknown status code is reached.
*/
@@ -635,31 +635,47 @@ public function statusCode($code = null) {
/**
* Queries & sets valid HTTP response codes & messages.
*
- * @param integer|array $code If $code is an integer, then the corresponding code/message is
- * returned if it exists, null if it does not exist. If $code is an array,
- * then the 'code' and 'message' keys of each nested array are added to the default
- * HTTP codes. Example:
+ * @param integer|array $code If $code is an integer, then the corresponding code/message is
+ * returned if it exists, null if it does not exist. If $code is an array, then the
+ * keys are used as codes and the values as messages to add to the default HTTP
+ * codes. The codes must be integers greater than 99 and less than 1000. Keep in
+ * mind that the HTTP specification outlines that status codes begin with a digit
+ * between 1 and 5, which defines the class of response the client is to expect.
+ * Example:
*
* httpCodes(404); // returns array(404 => 'Not Found')
*
* httpCodes(array(
- * 701 => 'Unicorn Moved',
- * 800 => 'Unexpected Minotaur'
+ * 381 => 'Unicorn Moved',
+ * 555 => 'Unexpected Minotaur'
* )); // sets these new values, and returns true
*
+ * httpCodes(array(
+ * 0 => 'Nothing Here',
+ * -1 => 'Reverse Infinity',
+ * 12345 => 'Universal Password',
+ * 'Hello' => 'World'
+ * )); // throws an error due to invalid codes
+ *
+ * For more on HTTP status codes see: http://www.w3.org/Protocols/rfc2616/rfc2616-sec6.html#sec6.1
+ *
* @return mixed associative array of the HTTP codes as keys, and the message
* strings as values, or null of the given $code does not exist.
+ * @throws CakeException If an attempt is made to add an invalid status code
*/
public function httpCodes($code = null) {
if (empty($code)) {
return $this->_statusCodes;
}
-
if (is_array($code)) {
+ $codes = array_keys($code);
+ $min = min($codes);
+ if (!is_int($min) || $min < 100 || max($codes) > 999) {
+ throw new CakeException(__d('cake_dev', 'Invalid status code'));
+ }
$this->_statusCodes = $code + $this->_statusCodes;
return true;
}
-
if (!isset($this->_statusCodes[$code])) {
return null;
}

0 comments on commit 2ce2a2a

Please sign in to comment.