Index: includes/common.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/common.inc,v
retrieving revision 1.756
diff -u -r1.756 common.inc
--- includes/common.inc	30 Jan 2008 23:07:41 -0000	1.756
+++ includes/common.inc	3 Feb 2008 14:56:34 -0000
@@ -316,7 +316,8 @@
   // need all session data written to the database before redirecting.
   session_write_close();
 
-  header('Location: '. $url, TRUE, $http_response_code);
+  drupal_set_http_status($http_response_code);
+  header('Location: '. $url, TRUE);
 
   // The "Location" header sends a redirect status code to the HTTP daemon. In
   // some cases this can be wrong, so we make sure none of the code below the
@@ -329,7 +330,7 @@
  */
 function drupal_site_offline() {
   drupal_maintenance_theme();
-  drupal_set_header('HTTP/1.1 503 Service unavailable');
+  drupal_set_http_status(503, 'Service unavailable');
   drupal_set_title(t('Site off-line'));
   print theme('maintenance_page', filter_xss_admin(variable_get('site_offline_message',
     t('@site is currently under maintenance. We should be back shortly. Thank you for your patience.', array('@site' => variable_get('site_name', 'Drupal'))))));
@@ -339,8 +340,7 @@
  * Generates a 404 error if the request can not be handled.
  */
 function drupal_not_found() {
-  drupal_set_header('HTTP/1.1 404 Not Found');
-
+  drupal_set_http_status(404, 'Not Found');
   watchdog('page not found', check_plain($_GET['q']), NULL, WATCHDOG_WARNING);
 
   // Keep old path for reference.
@@ -369,7 +369,7 @@
  * Generates a 403 error if the request is not allowed.
  */
 function drupal_access_denied() {
-  drupal_set_header('HTTP/1.1 403 Forbidden');
+  drupal_set_http_status(403, 'Forbidden');
   watchdog('access denied', check_plain($_GET['q']), NULL, WATCHDOG_WARNING);
 
   // Keep old path for reference.
Index: includes/bootstrap.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/bootstrap.inc,v
retrieving revision 1.206
diff -u -r1.206 bootstrap.inc
--- includes/bootstrap.inc	10 Jan 2008 22:47:17 -0000	1.206
+++ includes/bootstrap.inc	3 Feb 2008 14:56:31 -0000
@@ -556,6 +556,36 @@
 }
 
 /**
+ * Set the given HTTP status with respect to the current PHP server API.
+ * 
+ * As the CGI specification does not allow directly setting the HTTP
+ * status code, the 'HTTP/1.1' header will not work on CGI/FastCGI.
+ * In this case we are using a 'Status' header instead.
+ * See http://www.php.net/manual/en/function.header.php#66254
+ *
+ * @param int $status
+ *   The http status.
+ * @param string $message
+ *   The header message.
+ */
+function drupal_set_http_status($status, $message = '') {
+  static $cgi;
+  if (!isset($cgi)) {
+    $cgi = substr(php_sapi_name(), 0, 3) === 'cgi';
+  }
+  
+  $http_status = $cgi ? 'Status: '. $status : 'HTTP/1.1 '. $status .' '. $message;
+  
+  // if common.inc has not been included yet, use the native header function 
+  if (function_exists('drupal_set_header')) {
+    drupal_set_header($http_status);
+  }
+  else {
+    header($http_status);
+  }
+}
+
+/**
  * Set HTTP headers in preparation for a page response.
  *
  * Authenticated users are always given a 'no-cache' header, and will
@@ -592,7 +622,7 @@
   if ($if_modified_since && $if_none_match
       && $if_none_match == $etag // etag must match
       && $if_modified_since == $last_modified) {  // if-modified-since must match
-    header('HTTP/1.1 304 Not Modified');
+    drupal_set_http_status(304, 'Not Modified');
     // All 304 responses must send an etag if the 200 response for the same object contained an etag
     header("Etag: $etag");
     exit();
@@ -955,7 +985,7 @@
     case DRUPAL_BOOTSTRAP_ACCESS:
       // Deny access to hosts which were banned - t() is not yet available.
       if (drupal_is_denied('host', ip_address())) {
-        header('HTTP/1.1 403 Forbidden');
+        drupal_set_http_status(403, 'Forbidden');
         print 'Sorry, '. check_plain(ip_address()) .' has been banned.';
         exit();
       }
Index: includes/database.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/database.inc,v
retrieving revision 1.92
diff -u -r1.92 database.inc
--- includes/database.inc	8 Jan 2008 16:03:31 -0000	1.92
+++ includes/database.inc	3 Feb 2008 14:56:35 -0000
@@ -173,7 +173,7 @@
 function _db_error_page($error = '') {
   global $db_type;
   drupal_maintenance_theme();
-  drupal_set_header('HTTP/1.1 503 Service Unavailable');
+  drupal_set_http_status(503, 'Service Unavailable');
   drupal_set_title('Site off-line');
 
   $message = '<p>The site is currently not available due to technical problems. Please try again later. Thank you for your understanding.</p>';