[#10973] - PHP Notice: Undefined index: HTTP_HOST
- Closed
- 21 Aug 2017
- Medium
- Build: staging
- # 10973
- Diff
- demis-palma:fix-http-host-1
- Success continuous-integration/travis-ci/pr The Travis CI build passed Details
- Error continuous-integration/jenkins/pr-merge This commit cannot be built Details
User tests: Successful: Unsuccessful:
Summary of Changes
The current code relies on the presence of the super-global variable HTTP_HOST, which is not always set.
In case of HTTP 1.0 requests, HTTP_HOST is not set. This causes a series of PHP notices:
Undefined index: HTTP_HOST in [...]/libraries/joomla/application/web.php on line 867
Undefined index: HTTP_HOST in [...]/libraries/joomla/uri/uri.php on line 85
Undefined index: HTTP_HOST in [...]/modules/mod_wrapper/helper.php on line 48
Testing Instructions
- Force your browser to use HTTP protocol 1.0 instead of 1.1, or simply telnet to your testing web server to the port 80
telnet localhost 80
and ask for the user reminder form using HTTP 1.0 protocol:
GET index.php?option=com_users&view=remind HTTP/1.0(Don't forget to press enter twice after this command.) - Check the error log of your web server for the PHP notices mentioned above.
In case you have PHP DISPLAY ERROR active, the PHP notices will be present in the HTML output in addition to the web server log, but it's hard to find them by eye within the whole HTML code received in the telnet console.
| Status | New | ⇒ | Pending |
| Labels |
Added:
?
|
||
brianteeman
- | Category | ⇒ | Libraries |
You code does not seem account for the port number from the case that SERVER_NAME is used and port != 80
[EDIT]
i have to check this
As far as I remember the HTTP_HOST includes a port if it's other than 80.
On the other side, SERVER_NAME never includes a port
Since the automatic tests are clearly crafted on the current behaviour of the program (which works perfectly with HTTP 1.1, but not with HTTP 1.0),
I've limited the fix only to the prevention of the PHP notice, and leave the programs behaves exactly as it did before.
This is achieved using input->get() instead of accessing super global variables directly, which is always a good practice.
Preventing PHP notices is important to avoid path information discosure on servers configured to display notices in the HTML output.
It still fails. I have to debug the unit tests as well.
The test JApplicationWebTest::testDetectRequestUri should be rewritten. It makes direct use of super-globals instead of JInput object, and assumes that the functions tested do the same.
So, to summarise: this patch fixes the PHP notice mentioned at the top, and nothing more.
| Category | Libraries | ⇒ | Libraries Modules Front End |
| Status | Pending | ⇒ | Closed |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2017-08-21 15:34:30 |
| Closed_By | ⇒ | franz-wohlkoenig |
| Closed_Date | 2017-08-21 15:34:30 | ⇒ | 2017-08-21 15:34:31 |
| Closed_By | franz-wohlkoenig | ⇒ | joomla-cms-bot |
Set to "closed" on behalf of @franz-wohlkoenig by The JTracker Application at issues.joomla.org/joomla-cms/10973
closed as stated above.
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/10973.
It seems that the tests rely on the presence of the super-global variable HTTP_HOST too.