Missing user agent triggers notice [#276008]

RFC 2616:

The User-Agent request-header field contains information about the
user agent originating the request. This is for statistical purposes,
the tracing of protocol violations, and automated recognition of user
agents for the sake of tailoring responses to avoid particular user
agent limitations. User agents SHOULD include this field with
requests. The field can contain multiple product tokens (section 3.8)
and comments identifying the agent and any subproducts which form a
significant part of the user agent. By convention, the product tokens
are listed in order of their significance for identifying the
application.

As it is not required ("MUST"/"SHOULD"), Drupal should not trigger a notice when it is missing. I noticed this with telnet:

Undefined index: HTTP_USER_AGENT in includes/database.inc on line 155

Comment	File	Size	Author
#4	issue-276008.patch	1.72 KB	lilou
#4
#2	drupal-isset-user-agent-276008-2.patch	2.31 KB	cburschka
#2

Support from Acquia helps fund testing for Drupal Acquia logo

Comments

Comment #1

cburschka

they

CreditAttribution: cburschka commented 28 June 2008 at 08:29

The variable is used here:

$ grep HTTP_USER_AGENT -R *
includes/database.inc:    if (preg_match("/^simpletest\d+$/", $_SERVER['HTTP_USER_AGENT'])) {
includes/database.inc:      $db_prefix = $_SERVER['HTTP_USER_AGENT'];
modules/simpletest/simpletest.module:  $batch_mode = !preg_match("/^simpletest\d+$/", $_SERVER['HTTP_USER_AGENT']);
modules/simpletest/simpletest.test:    return preg_match("/^simpletest\d+/", $_SERVER['HTTP_USER_AGENT']);

Alternatives for solving this:

1.) Use safe coding in all four places by checking isset().
2.) Do if (!isset($_SERVER['HTTP_USER_AGENT']) $_SERVER['HTTP_USER_AGENT'] = ''; once somewhere at system startup.

The first approach is more in line with what is done with other variables, while the second will prevent many potential bugs in contrib which are extremely hard to identify (because the user agent is rarely missing). Discuss...