Modified show_error() to allow sending of HTTP server response codes.

Added set_status_header() to the Common functions to allow use when the Output class is unavailable. Fixed a bug where the 400 status header sent with the 'disallowed URI characters' was not compatible with CGI environments.
bcit-ci · Jul 11, 2009 · 817163a · 817163a
1 parent 55acc8b
commit 817163a
Show file tree

Hide file tree

Showing 8 changed files with 121 additions and 79 deletions.
diff --git a/system/codeigniter/Common.php b/system/codeigniter/Common.php
@@ -203,10 +203,10 @@ function config_item($item)
 * @access	public
 * @return	void
 */
-function show_error($message)
+function show_error($message, $status_code = 500)
 {
 	$error =& load_class('Exceptions');
-	echo $error->show_error('An Error Was Encountered', $message);
+	echo $error->show_error('An Error Was Encountered', $message, 'error_general', $status_code);
 	exit;
 }
 
@@ -252,6 +252,91 @@ function log_message($level = 'error', $message, $php_error = FALSE)
 	$LOG->write_log($level, $message, $php_error);
 }
 
+
+/**
+ * Set HTTP Status Header
+ *
+ * @access	public
+ * @param	int 	the status code
+ * @param	string	
+ * @return	void
+ */
+function set_status_header($code = 200, $text = '')
+{
+	$stati = array(
+						200	=> 'OK',
+						201	=> 'Created',
+						202	=> 'Accepted',
+						203	=> 'Non-Authoritative Information',
+						204	=> 'No Content',
+						205	=> 'Reset Content',
+						206	=> 'Partial Content',
+
+						300	=> 'Multiple Choices',
+						301	=> 'Moved Permanently',
+						302	=> 'Found',
+						304	=> 'Not Modified',
+						305	=> 'Use Proxy',
+						307	=> 'Temporary Redirect',
+
+						400	=> 'Bad Request',
+						401	=> 'Unauthorized',
+						403	=> 'Forbidden',
+						404	=> 'Not Found',
+						405	=> 'Method Not Allowed',
+						406	=> 'Not Acceptable',
+						407	=> 'Proxy Authentication Required',
+						408	=> 'Request Timeout',
+						409	=> 'Conflict',
+						410	=> 'Gone',
+						411	=> 'Length Required',
+						412	=> 'Precondition Failed',
+						413	=> 'Request Entity Too Large',
+						414	=> 'Request-URI Too Long',
+						415	=> 'Unsupported Media Type',
+						416	=> 'Requested Range Not Satisfiable',
+						417	=> 'Expectation Failed',
+
+						500	=> 'Internal Server Error',
+						501	=> 'Not Implemented',
+						502	=> 'Bad Gateway',
+						503	=> 'Service Unavailable',
+						504	=> 'Gateway Timeout',
+						505	=> 'HTTP Version Not Supported'
+					);
+
+	if ($code == '' OR ! is_numeric($code))
+	{
+		show_error('Status codes must be numeric', 500);
+	}
+
+	if (isset($stati[$code]) AND $text == '')
+	{				
+		$text = $stati[$code];
+	}
+
+	if ($text == '')
+	{
+		show_error('No status text available.  Please check your status code number or supply your own message text.', 500);
+	}
+
+	$server_protocol = (isset($_SERVER['SERVER_PROTOCOL'])) ? $_SERVER['SERVER_PROTOCOL'] : FALSE;
+
+	if (substr(php_sapi_name(), 0, 3) == 'cgi')
+	{
+		header("Status: {$code} {$text}", TRUE);
+	}
+	elseif ($server_protocol == 'HTTP/1.1' OR $server_protocol == 'HTTP/1.0')
+	{
+		header($server_protocol." {$code} {$text}", TRUE, $code);
+	}
+	else
+	{
+		header("HTTP/1.1 {$code} {$text}", TRUE, $code);
+	}
+}
+
+
 /**
 * Exception Handler
 *

diff --git a/system/libraries/Exceptions.php b/system/libraries/Exceptions.php
@@ -113,8 +113,10 @@ function show_404($page = '')
 	 * @param	string	the template name
 	 * @return	string
 	 */
-	function show_error($heading, $message, $template = 'error_general')
+	function show_error($heading, $message, $template = 'error_general', $status_code = 500)
 	{
+		set_status_header($status_code);
+
 		$message = '<p>'.implode('</p><p>', ( ! is_array($message)) ? array($message) : $message).'</p>';
 
 		if (ob_get_level() > $this->ob_level + 1)

diff --git a/system/libraries/Output.php b/system/libraries/Output.php
@@ -116,85 +116,16 @@ function set_header($header, $replace = TRUE)
 
 	/**
 	 * Set HTTP Status Header
-	 *
+	 * moved to Common procedural functions in 1.7.2
+	 * 
 	 * @access	public
 	 * @param	int 	the status code
 	 * @param	string	
 	 * @return	void
 	 */	
 	function set_status_header($code = '200', $text = '')
 	{
-		$stati = array(
-							'200'	=> 'OK',
-							'201'	=> 'Created',
-							'202'	=> 'Accepted',
-							'203'	=> 'Non-Authoritative Information',
-							'204'	=> 'No Content',
-							'205'	=> 'Reset Content',
-							'206'	=> 'Partial Content',
-
-							'300'	=> 'Multiple Choices',
-							'301'	=> 'Moved Permanently',
-							'302'	=> 'Found',
-							'304'	=> 'Not Modified',
-							'305'	=> 'Use Proxy',
-							'307'	=> 'Temporary Redirect',
-
-							'400'	=> 'Bad Request',
-							'401'	=> 'Unauthorized',
-							'403'	=> 'Forbidden',
-							'404'	=> 'Not Found',
-							'405'	=> 'Method Not Allowed',
-							'406'	=> 'Not Acceptable',
-							'407'	=> 'Proxy Authentication Required',
-							'408'	=> 'Request Timeout',
-							'409'	=> 'Conflict',
-							'410'	=> 'Gone',
-							'411'	=> 'Length Required',
-							'412'	=> 'Precondition Failed',
-							'413'	=> 'Request Entity Too Large',
-							'414'	=> 'Request-URI Too Long',
-							'415'	=> 'Unsupported Media Type',
-							'416'	=> 'Requested Range Not Satisfiable',
-							'417'	=> 'Expectation Failed',
-
-							'500'	=> 'Internal Server Error',
-							'501'	=> 'Not Implemented',
-							'502'	=> 'Bad Gateway',
-							'503'	=> 'Service Unavailable',
-							'504'	=> 'Gateway Timeout',
-							'505'	=> 'HTTP Version Not Supported'
-						);
-
-		if ($code == '' OR ! is_numeric($code))
-		{
-			show_error('Status codes must be numeric');
-		}
-
-		if (isset($stati[$code]) AND $text == '')
-		{				
-			$text = $stati[$code];
-		}
-
-		if ($text == '')
-		{
-			show_error('No status text available.  Please check your status code number or supply your own message text.');
-		}
-
-		$server_protocol = (isset($_SERVER['SERVER_PROTOCOL'])) ? $_SERVER['SERVER_PROTOCOL'] : FALSE;
-
-		if (substr(php_sapi_name(), 0, 3) == 'cgi')
-		{
-			header("Status: {$code} {$text}", TRUE);
-		}
-		elseif ($server_protocol == 'HTTP/1.1' OR $server_protocol == 'HTTP/1.0')
-		{
-			header($server_protocol." {$code} {$text}", TRUE, $code);
-		}
-		else
-		{
-			header("HTTP/1.1 {$code} {$text}", TRUE, $code);
-		}
+		set_status_header($code, $text);
 	}
 
 	// --------------------------------------------------------------------

diff --git a/system/libraries/URI.php b/system/libraries/URI.php
@@ -188,8 +188,7 @@ function _filter_uri($str)
 		{
 			if ( ! preg_match("|^[".preg_quote($this->config->item('permitted_uri_chars'))."]+$|i", $str))
 			{
-				header('HTTP/1.1 400 Bad Request');
-				show_error('The URI you submitted has disallowed characters.');
+				show_error('The URI you submitted has disallowed characters.', 400);
 			}
 		}
 

diff --git a/user_guide/changelog.html b/user_guide/changelog.html
@@ -85,6 +85,12 @@ <h2>Version 1.7.2</h2>
 			<li>Modified <kbd>directory_map()</kbd> in the <a href="helpers/directory_helper.html">Directory helper</a> to allow the inclusion of hidden files.</li>
 		</ul>
 	</li>
+	<li>General
+		<ul>
+			<li>Modified <a href="general/errors.html">show_error()</a> to allow sending of HTTP server response codes.</li>
+			<li>Added set_status_header() to the <a href="general/common_functions.html">Common functions<a> to allow use when the Output class is unavailable.</li>
+		</ul>
+	</li>
 </ul>
 
 <h3>Bug fixes for 1.7.2</h3>
@@ -102,6 +108,7 @@ <h3>Bug fixes for 1.7.2</h3>
 	<li>Fixed a case sensitive string replacement in xss_clean()</li>
 	<li>Fixed a bug in form_prep() causing it to not preserve entities in the user's original input when called back into a form element</li>
 	<li>Fixed a bug in _protect_identifiers() where the swap prefix ($swap_pre) was not being observed.</li>
+	<li>Fixed a bug where the 400 status header sent with the 'disallowed URI characters' was not compatible with CGI environments.</li> 
 </ul>
 
 <h2>Version 1.7.1</h2>

diff --git a/user_guide/general/common_functions.html b/user_guide/general/common_functions.html
@@ -58,8 +58,11 @@
 <h1>Common Functions</h1>
 
 <p>CodeIgniter uses a few functions for its operation that are globally defined, and are available to you at any point. These do not require loading any libraries or helpers.</p>
+
 <h2>is_really_writable('<var>path/to/file</var>')</h2>
+
 <p>is_writable() returns TRUE on Windows servers when you really can't write to the file as the OS reports to PHP as FALSE only if the read-only attribute is marked. This function determines if a file is actually writable by attempting to write to it first. Generally only recommended on platforms where this information may be unreliable.</p>
+
 <code>if (is_really_writable('file.txt'))<br />
 {<br />
 &nbsp;&nbsp;&nbsp;&nbsp;echo &quot;I could write to this if I wanted to&quot;;<br />
@@ -68,11 +71,25 @@ <h2>is_really_writable('<var>path/to/file</var>')</h2>
 {<br />
 &nbsp;&nbsp;&nbsp;&nbsp;echo &quot;File is not writable&quot;;<br />
 }</code>
+
 <h2>config_item('<var>item_key</var>')</h2>
 <p>The <a href="../libraries/config.html">Config library</a> is the preferred way of accessing configuration information, however config_item() can be used to retrieve single keys. See Config library documentation for more information.</p>
+
 <h2>show_error('<var>message</var>'), show_404('<var>page</var>'), log_message('<var>level</var>', '<samp>message</samp>')</h2>
 <p>These are each outlined on the <a href="errors.html">Error Handling</a> page.</p>
+
+<h2>set_status_header(<var>code</var>, '<var>text</var>');</h2>
+
+<p>Permits you to manually set a server status header.  Example:</p>
+
+<code>set_status_header(401);<br />
+// Sets the header as:  Unauthorized</code>
+
+<p><a href="http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html">See here</a> for a full list of headers.</p>
+
 </div>
+
+
 <!-- END CONTENT -->
 
 

diff --git a/user_guide/general/errors.html b/user_guide/general/errors.html
@@ -71,9 +71,10 @@ <h1>Error Handling</h1>
 
 <p>The following functions let you generate errors:</p>
 
-<h2>show_error('<var>message</var>')</h2>
+<h2>show_error('<var>message</var>' [, int <var>$status_code</var>= 500 ] )</h2>
 <p>This function will display the error message supplied to it using the following error template:</p>
 <p><dfn>application/errors/</dfn><kbd>error_general.php</kbd></p>
+<p>The optional parameter $status_code determines what HTTP status code should be sent with the error.</p>
 
 <h2>show_404('<var>page</var>')</h2>
 <p>This function will display the 404 error message supplied to it using the following error template:</p>

diff --git a/user_guide/libraries/output.html b/user_guide/libraries/output.html
@@ -100,7 +100,7 @@ <h2>$this->output->set_header();</h2>
 $this->output->set_header("Pragma: no-cache");	</code>
 
 
-<h2>$this->output->set_status_header();</h2>
+<h2>$this->output->set_status_header(<var>code</var>, '<var>text</var>');</h2>
 
 <p>Permits you to manually set a server status header.  Example:</p>