From 73e5c34896f1d2746185840864fc0f411dfad245 Mon Sep 17 00:00:00 2001
From: Ingo Schommer <ingo@silverstripe.com>
Date: Mon, 14 May 2012 15:11:35 +0200
Subject: [PATCH] BUGFIX Encoding multibyte characters in custom X-Status HTTP
 headers used in CMS (headers don't allow multibyte data)

---
 code/controllers/AssetAdmin.php            |  4 ++--
 code/controllers/CMSMain.php               | 22 +++++++++++-----------
 code/controllers/CMSSettingsController.php |  2 +-
 code/model/ErrorPage.php                   |  2 +-
 4 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/code/controllers/AssetAdmin.php b/code/controllers/AssetAdmin.php
index b7304181..b844aa5d 100644
--- a/code/controllers/AssetAdmin.php
+++ b/code/controllers/AssetAdmin.php
@@ -478,7 +478,7 @@ JS
 	 */
 	public function doSync() {
 		$message = Filesystem::sync();
-		$this->response->addHeader('X-Status', $message);
+		$this->response->addHeader('X-Status', rawurlencode($message));
 		
 		return;
 	}
@@ -512,7 +512,7 @@ JS
 			'{count} unused thumbnails have been deleted', 
 			array('count' => $count)
 		);
-		$this->response->addHeader('X-Status', $message);
+		$this->response->addHeader('X-Status', rawurlencode($message));
 		return;
 	}
 	
diff --git a/code/controllers/CMSMain.php b/code/controllers/CMSMain.php
index d945f798..aa0da360 100644
--- a/code/controllers/CMSMain.php
+++ b/code/controllers/CMSMain.php
@@ -796,15 +796,15 @@ class CMSMain extends LeftAndMain implements CurrentPageIdentifier, PermissionPr
 			
 			$this->response->addHeader(
 				'X-Status',
-				_t(
+				rawurlencode(_t(
 					'LeftAndMain.STATUSPUBLISHEDSUCCESS', 
 					"Published '{title}' successfully",
 					'Status message after publishing a page, showing the page title',
 					array('title' => $record->Title)
-				)
+				))
 			);
 		} else {
-			$this->response->addHeader('X-Status', _t('LeftAndMain.SAVEDUP'));
+			$this->response->addHeader('X-Status', rawurlencode(_t('LeftAndMain.SAVEDUP')));
 		}
 
 		return $this->getResponseNegotiator()->respond($this->request);
@@ -891,7 +891,7 @@ class CMSMain extends LeftAndMain implements CurrentPageIdentifier, PermissionPr
 
 		$this->response->addHeader(
 			'X-Status',
-			sprintf(_t('CMSMain.REMOVED', 'Deleted \'%s\'%s from live site'), $recordTitle, $descRemoved)
+			rawurlencode(sprintf(_t('CMSMain.REMOVED', 'Deleted \'%s\'%s from live site'), $recordTitle, $descRemoved))
 		);
 		
 		// Even if the record has been deleted from stage and live, it can be viewed in "archive mode"
@@ -936,12 +936,12 @@ class CMSMain extends LeftAndMain implements CurrentPageIdentifier, PermissionPr
 		
 		$this->response->addHeader(
 			'X-Status',
-			_t(
+			rawurlencode(_t(
 				'CMSMain.RESTORED',
 				"Restored '{title}' successfully",
 				'Param %s is a title',
 				array('title' => $record->Title)
-			)
+			))
 		);
 		
 		return $this->getResponseNegotiator()->respond($this->request);
@@ -966,7 +966,7 @@ class CMSMain extends LeftAndMain implements CurrentPageIdentifier, PermissionPr
 
 		$this->response->addHeader(
 			'X-Status',
-			sprintf(_t('CMSMain.REMOVEDPAGEFROMDRAFT',"Removed '%s' from the draft site"), $record->Title)
+			rawurlencode(sprintf(_t('CMSMain.REMOVEDPAGEFROMDRAFT',"Removed '%s' from the draft site"), $record->Title))
 		);
 		
 		// Even if the record has been deleted from stage and live, it can be viewed in "archive mode"
@@ -990,7 +990,7 @@ class CMSMain extends LeftAndMain implements CurrentPageIdentifier, PermissionPr
 		
 		$this->response->addHeader(
 			'X-Status',
-			_t('CMSMain.REMOVEDPAGE',"Removed '{title}' from the published site", array('title' => $record->Title))
+			rawurlencode(_t('CMSMain.REMOVEDPAGE',"Removed '{title}' from the published site", array('title' => $record->Title)))
 		);
 		
 		return $this->getResponseNegotiator()->respond($this->request);
@@ -1038,7 +1038,7 @@ class CMSMain extends LeftAndMain implements CurrentPageIdentifier, PermissionPr
 			);
 		}
 
-		$this->response->addHeader('X-Status', $message);
+		$this->response->addHeader('X-Status', rawurlencode($message));
 		
 		// Can be used in different contexts: In normal page edit view, in which case the redirect won't have any effect.
 		// Or in history view, in which case a revert causes the CMS to re-load the edit view.
@@ -1187,11 +1187,11 @@ class CMSMain extends LeftAndMain implements CurrentPageIdentifier, PermissionPr
 		
 		$this->response->addHeader(
 			'X-Status',
-			_t(
+			rawurlencode(_t(
 				'CMSMain.RESTORED',
 				"Restored '{title}' successfully", 
 				array('title' => $restoredPage->TreeTitle)
-			)
+			))
 		);
 		
 		return $this->getResponseNegotiator()->respond($this->request);
diff --git a/code/controllers/CMSSettingsController.php b/code/controllers/CMSSettingsController.php
index 20990155..028ecc6f 100644
--- a/code/controllers/CMSSettingsController.php
+++ b/code/controllers/CMSSettingsController.php
@@ -45,7 +45,7 @@ class CMSSettingsController extends CMSMain {
 		$form->saveInto($siteConfig);
 		$siteConfig->write();
 		
-		$this->response->addHeader('X-Status', _t('LeftAndMain.SAVEDUP'));
+		$this->response->addHeader('X-Status', rawurlencode(_t('LeftAndMain.SAVEDUP')));
 	
 		return $form->forTemplate();
 	}
diff --git a/code/model/ErrorPage.php b/code/model/ErrorPage.php
index 7962fe33..ae7c627e 100644
--- a/code/model/ErrorPage.php
+++ b/code/model/ErrorPage.php
@@ -209,7 +209,7 @@ class ErrorPage extends Page {
 				"Error opening file \"{filename}\" for writing. Please check file permissions.",
 				array('filename' => $errorFile)
 			);
-			$this->response->addHeader('X-Status', $fileErrorText);
+			$this->response->addHeader('X-Status', rawurlencode($fileErrorText));
 			return $this->httpError(405);
 		}
 	}