How a PHP notice revealed a quirk of Norton Internet Security
April 4th, 2006 by Ivo
I had a strange thing just now.
I was working on a website which was working just fine and notice free.
Out of the blue, my website had the following notice:
Notice: Undefined index: HTTP_ACCEPT_ENCODING in /mnt/clusterdata/home/ivo/beta.epointment.nl/atk/ui/class.atkoutput.inc on line 153
I thought 'Que?!', as I have not modified the code in class.atkoutput.inc in weeks, and certainly not tonight. The code in question:
if (atkconfig("output_gzip") &&
phpversion() >= '4.0.4pl1' &&
(strstr($_SERVER["HTTP_USER_AGENT"],'compatible') || strstr($_SERVER["HTTP_USER_AGENT"],'Gecko')) &&
strstr($_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip')
)
{
header('Content-Encoding: gzip');
echo $this->gzip($res);
}
else
{
echo $res;
}
This code worked in all browsers, for years, without notices, because the HTTP_ACCEPT_ENCODING header is usually set for most major browsers.
Then I realised that simultaneously I was installing Norton Internet Security on my new laptop (a very cool Toshiba Tecra M4 tablet PC, thank you Ibuildings!). It turned out not to be a coincidence. Apparently, Norton Internet Security puts itself between my browser in the network and intercepts headers. It seems to remove the HTTP_ACCEPT_ENCODING header from any browser request.
That explained the sudden appearance of the notice.
The (undocumented?) side effect is that with Norton Internet Security active, no page will be send gzipped. This is a performance penalty I think. They probably do it to be able to scan the text before it arrives in the browser (unzipping, scanning and rezipping would probably take too much time).
I'll be turning off such features in Norton Internet Security anyway, but it was funny how a PHP notice revealed this.