diff --git a/authorize.php b/authorize.php
index 78de76ceb47d9d8aac697dc28520a301c7aab435..ee228894487ba2bfe6805331fda0987a33ce537c 100644
--- a/authorize.php
+++ b/authorize.php
@@ -39,7 +39,7 @@
* Render a 403 access denied page for authorize.php
*/
function authorize_access_denied_page() {
- drupal_add_http_header('403 Forbidden');
+ drupal_add_http_header('Status', '403 Forbidden');
watchdog('access denied', 'authorize.php', NULL, WATCHDOG_WARNING);
drupal_set_title('Access denied');
return t('You are not allowed to access this page.');
diff --git a/includes/bootstrap.inc b/includes/bootstrap.inc
index 9a1691fb11a967733c15c5defa342663f2660369..c263fbe50373d2d78d16c5a4a23c4e6d9d615ed3 100644
--- a/includes/bootstrap.inc
+++ b/includes/bootstrap.inc
@@ -906,32 +906,22 @@ function drupal_load($type, $name) {
* too. This is necessary to avoid security bugs (e.g. UTF-7 XSS).
*
* @param $name
- * The HTTP header name, or a status code followed by a reason phrase, e.g.
- * "404 Not Found".
+ * The HTTP header name, or the special 'Status' header name.
* @param $value
- * The HTTP header value; if omitted, the specified header is unset.
+ * The HTTP header value; if equal to FALSE, the specified header is unset.
+ * If $name is 'Status', this is expected to be a status code followed by a
+ * reason phrase, e.g. "404 Not Found".
* @param $append
* Whether to append the value to an existing header or to replace it.
*/
-function drupal_add_http_header($name = NULL, $value = NULL, $append = FALSE) {
+function drupal_add_http_header($name, $value, $append = FALSE) {
// The headers as name/value pairs.
- $headers = &drupal_static(__FUNCTION__, array());
+ $headers = &drupal_static('drupal_http_headers', array());
- if (!isset($name)) {
- return $headers;
- }
-
- // Save status codes using the special key ":status".
- if (preg_match('/^\d{3} /', $name)) {
- $value = $name;
- $name = $name_lower = ':status';
- }
- else {
- $name_lower = strtolower($name);
- }
+ $name_lower = strtolower($name);
_drupal_set_preferred_header_name($name);
- if (!isset($value)) {
+ if ($value === FALSE) {
$headers[$name_lower] = FALSE;
}
elseif (isset($headers[$name_lower]) && $append) {
@@ -956,7 +946,7 @@ function drupal_add_http_header($name = NULL, $value = NULL, $append = FALSE) {
* or NULL if the header has not been set.
*/
function drupal_get_http_header($name = NULL) {
- $headers = drupal_add_http_header();
+ $headers = &drupal_static('drupal_http_headers', array());
if (isset($name)) {
$name = strtolower($name);
return isset($headers[$name]) ? $headers[$name] : NULL;
@@ -1006,7 +996,7 @@ function drupal_send_headers($default_headers = array(), $only_default = FALSE)
}
}
foreach ($headers as $name_lower => $value) {
- if ($name_lower == ':status') {
+ if ($name_lower == 'status') {
header($_SERVER['SERVER_PROTOCOL'] . ' ' . $value);
}
// Skip headers that have been unset.
diff --git a/includes/common.inc b/includes/common.inc
index e9b8180db32102ee82ae20cbf7d4defe0bd4ad17..b90618198994fe9a22827259f7fd49204e0c3781 100644
--- a/includes/common.inc
+++ b/includes/common.inc
@@ -2339,7 +2339,7 @@ function drupal_deliver_html_page($page_callback_result) {
switch ($page_callback_result) {
case MENU_NOT_FOUND:
// Print a 404 page.
- drupal_add_http_header('404 Not Found');
+ drupal_add_http_header('Status', '404 Not Found');
watchdog('page not found', check_plain($_GET['q']), NULL, WATCHDOG_WARNING);
@@ -2369,7 +2369,7 @@ function drupal_deliver_html_page($page_callback_result) {
case MENU_ACCESS_DENIED:
// Print a 403 page.
- drupal_add_http_header('403 Forbidden');
+ drupal_add_http_header('Status', '403 Forbidden');
watchdog('access denied', check_plain($_GET['q']), NULL, WATCHDOG_WARNING);
// Keep old path for reference, and to allow forms to redirect to it.
@@ -2397,7 +2397,7 @@ function drupal_deliver_html_page($page_callback_result) {
case MENU_SITE_OFFLINE:
// Print a 503 page.
drupal_maintenance_theme();
- drupal_add_http_header('503 Service unavailable');
+ drupal_add_http_header('Status', '503 Service unavailable');
drupal_set_title(t('Site under maintenance'));
print theme('maintenance_page', array('content' => filter_xss_admin(variable_get('maintenance_mode_message',
t('@site is currently under maintenance. We should be back shortly. Thank you for your patience.', array('@site' => variable_get('site_name', 'Drupal')))))));
diff --git a/includes/database/database.inc b/includes/database/database.inc
index b381ac72bb0d6dc9c308426747ca9460fe29fadf..e111291361c985b1301641e0c5364f7c43f15a2f 100644
--- a/includes/database/database.inc
+++ b/includes/database/database.inc
@@ -2722,7 +2722,7 @@ function _db_error_page($error = '') {
global $db_type;
drupal_language_initialize();
drupal_maintenance_theme();
- drupal_add_http_header($_SERVER['SERVER_PROTOCOL'] . ' 503 Service Unavailable');
+ drupal_add_http_header('Status', '503 Service Unavailable');
drupal_set_title('Site offline');
}
diff --git a/includes/errors.inc b/includes/errors.inc
index 39fb48be9814e215d332bbbe580f553a8e376355..4ed7115e4583474afd82ebbfde34a41bcbe34ed4 100644
--- a/includes/errors.inc
+++ b/includes/errors.inc
@@ -172,7 +172,7 @@ function _drupal_log_error($error, $fatal = FALSE) {
}
if ($fatal) {
- drupal_add_http_header('500 Service unavailable (with message)');
+ drupal_add_http_header('Status', '500 Service unavailable (with message)');
}
if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') {
diff --git a/modules/aggregator/tests/aggregator_test.module b/modules/aggregator/tests/aggregator_test.module
index d5667f2697873be3c0dc44b6b9c8d0da62b11282..46521995f767ba88a93e2f67db24424f50414578 100644
--- a/modules/aggregator/tests/aggregator_test.module
+++ b/modules/aggregator/tests/aggregator_test.module
@@ -40,7 +40,7 @@ function aggregator_test_feed($use_last_modified = FALSE, $use_etag = FALSE) {
}
// Return 304 not modified if either last modified or etag match.
if ($last_modified == $if_modified_since || $etag == $if_none_match) {
- drupal_add_http_header('304 Not Modified');
+ drupal_add_http_header('Status', '304 Not Modified');
return;
}
diff --git a/modules/image/image.module b/modules/image/image.module
index 3d6cb2d6598f1cf1e692f5f477a1487486201f5d..404be65f98c35bc12a4813cdfbf4b725d60a80b1 100644
--- a/modules/image/image.module
+++ b/modules/image/image.module
@@ -609,7 +609,7 @@ function image_style_generate() {
if (!$lock_acquired) {
// Tell client to retry again in 3 seconds. Currently no browsers are known
// to support Retry-After.
- drupal_add_http_header('503 Service Unavailable');
+ drupal_add_http_header('Status', '503 Service Unavailable');
drupal_add_http_header('Retry-After', 3);
print t('Image generation in progress. Try again shortly.');
drupal_exit();
@@ -630,7 +630,7 @@ function image_style_generate() {
}
else {
watchdog('image', 'Unable to generate the derived image located at %path.', array('%path' => $destination));
- drupal_add_http_header('500 Internal Server Error');
+ drupal_add_http_header('Status', '500 Internal Server Error');
print t('Error generating image.');
drupal_exit();
}
diff --git a/update.php b/update.php
index 5c01ea92e0c9e00e57b40b5ffac8574003c2643b..af43c756533b8141c2d84dd280962270a6677ddd 100644
--- a/update.php
+++ b/update.php
@@ -237,7 +237,7 @@ function update_info_page() {
}
function update_access_denied_page() {
- drupal_add_http_header('403 Forbidden');
+ drupal_add_http_header('Status', '403 Forbidden');
watchdog('access denied', 'update.php', NULL, WATCHDOG_WARNING);
drupal_set_title('Access denied');
return '<p>Access denied. You are not authorized to access this page. Log in using either an account with the <em>administer software updates</em> permission or the site maintenance account (the account you created during installation). If you cannot log in, you will have to edit <code>settings.php</code> to bypass this access check. To do this:</p>