Up until now the session cookie used "HttpOnly" to indicate cookies
only available through HTTP while setcookie() used "httponly". The
relevant RFC 6265 claims that case does not matter for this token,
but only explicitely mentions "HttpOnly". Thus this seems like a
logical choice when streamlining the code.
Also the setcookie implementation now uses the same string constants
as the session extension for other tokens like Max-Age or the domain
attribute.
This change poses a slight risk of backwards incompatibility in places
where people deliberately ignore chapter 5.2.5 of RFC 6265 and perform
case-sensitive checks for the HttpOnly attribute.
requests--let's see what I can dig out of the bugtracker for NEWS--
and while crossing the road:
* implemented new zlib API
* fixed up ext/tidy (what was "s&" in zend_parse_parameters() supposed to do?)
Thanks to Jani and Felipe for pioneering.
* Removed ini options, safe_mode*
* Removed --enable-safe-mode --with-exec-dir configure options on Unix
* Updated extensions, SAPI's and core
* php_get_current_user() is now declared in main.c, thrus no need to include safe_mode.h anymore
- "cannot" instead of "can not" (meaning "also can")
- "than" instead of "then" (Hint: "then" should hardly be needed;
you're not telling the order in which to do something)
... plus removed a couple ending. dots
[DOC] proto void header_remove([string header_name])
Removes an HTTP header previously set using header()
The header_name parameter is optionnal, all headers are
removed if it is not set
[SAPIs] The header_handler callback in sapi_module_struct has
been changed, it now take a new argument.
When it is set to SAPI_HEADER_DELETE, sapi_header->header is
the name of an header, header_handler has to delete it.
When it is set to SAPI_HEADER_DELETE_ALL, header_handler has
to delete all headers.
When sapi_header_op_enum is SAPI_HEADER_ADD or _REPLACE,
sapi_header->header is in the form "Name: value", header_handler
has to add or replace the given header.
In all cases, header_handler must not free sapi_header or
sapi_header->header. SAPI_HEADER_ADD must be returned if the
header has been added or replaced, or 0 in other cases.
