AtomPub service sends duplicate status headers, breaking FastCGI
|Reported by:||dwc||Owned by:|
The AtomPub service (wp-app.php) sends duplicate Status headers when authorization is not provided, which breaks on FastCGI setups. This is seen when you attempt to connect to the service using e.g. Ape, resulting in the following error message in the Apache logs:
[Wed May 25 16:09:21 2011] [error] [client 10.5.62.176] FastCGI: comm with server "/tmp/webadmin_test" aborted: error parsing headers: duplicate header 'Status'
This results in a 500 Internal Server Error from Apache:
HTTP/1.1 500 Internal Server Error Date: Wed, 25 May 2011 20:09:21 GMT Server: Apache X-Powered-By: PHP/5.2.6RC4-pl0-gentoo Expires: Wed, 11 Jan 1984 05:00:00 GMT Last-Modified: Wed, 25 May 2011 20:09:21 GMT Cache-Control: no-cache, must-revalidate, max-age=0 Pragma: no-cache WWW-Authenticate: Basic realm="WordPress Atom Protocol" Content-Length: 735 Connection: close Content-Type: text/html; charset=iso-8859-1 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>401 Credentials required.</title> </head><body> <h1>Credentials required.</h1> <p>The server encountered an internal error or misconfiguration and was unable to complete your request.</p> <p>Please contact the server administrator, email@example.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.</p> <p>More information about this error may be available in the server error log.</p> <p>Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request.</p> <hr> <address>Apache Server at test.news.ufl.edu Port 80</address> </body></html>
Patch attached to refactor Status headers in wp-app.php to use the status_header function like most of the code uses. There's also a function that handles which I have refactored to use wp_redirect. Affects all versions back to 2.9.2, including trunk.
Examples of this issue (and corresponding fixes) include: