function drupal_set_header in Drupal 6
Same name and namespace in other branches
- 4 includes/common.inc \drupal_set_header()
- 5 includes/common.inc \drupal_set_header()
Set an HTTP response header for the current page.
Note: When sending a Content-Type header, always include a 'charset' type, too. This is necessary to avoid security bugs (e.g. UTF-7 XSS).
Note: No special sanitizing needs to be done to headers. However if a header value contains a line break a PHP warning will be thrown and the header will not be set.
15 calls to drupal_set_header()
- blogapi_rsd in modules/
blogapi/ blogapi.module - drupal_access_denied in includes/
common.inc - Generates a 403 error if the request is not allowed.
- drupal_get_headers in includes/
common.inc - Get the HTTP response headers for the current page.
- drupal_json in includes/
common.inc - Return data in JSON format.
- drupal_not_found in includes/
common.inc - Generates a 404 error if the request can not be handled.
File
- includes/
common.inc, line 150 - Common functions that many Drupal modules will need to reference.
Code
function drupal_set_header($header = NULL) {
// We use an array to guarantee there are no leading or trailing delimiters.
// Otherwise, header('') could get called when serving the page later, which
// ends HTTP headers prematurely on some PHP versions.
static $stored_headers = array();
if (strlen($header)) {
// Protect against header injection attacks if PHP is too old to do that.
if (version_compare(PHP_VERSION, '5.1.2', '<') && (strpos($header, "\n") !== FALSE || strpos($header, "\r") !== FALSE)) {
// Use the same warning message that newer versions of PHP use.
trigger_error('Header may not contain more than a single header, new line detected', E_USER_WARNING);
}
else {
header($header);
$stored_headers[] = $header;
}
}
return implode("\n", $stored_headers);
}