User tests: Successful: Unsuccessful:
The current code relies on the presence of the super-global variable HTTP_HOST, which is not always set.
In case of HTTP 1.0 requests, HTTP_HOST is not set. This causes a series of PHP notices:
Undefined index: HTTP_HOST in [...]/libraries/joomla/application/web.php on line 867
Undefined index: HTTP_HOST in [...]/libraries/joomla/uri/uri.php on line 85
Undefined index: HTTP_HOST in [...]/modules/mod_wrapper/helper.php on line 48
telnet localhost 80
GET index.php?option=com_users&view=remind HTTP/1.0
(Don't forget to press enter twice after this command.)In case you have PHP DISPLAY ERROR active, the PHP notices will be present in the HTML output in addition to the web server log, but it's hard to find them by eye within the whole HTML code received in the telnet console.
Status | New | ⇒ | Pending |
Labels |
Added:
?
|
Category | ⇒ | Libraries |
You code does not seem account for the port number from the case that SERVER_NAME is used and port != 80
[EDIT]
i have to check this
As far as I remember the HTTP_HOST includes a port if it's other than 80.
On the other side, SERVER_NAME never includes a port
Since the automatic tests are clearly crafted on the current behaviour of the program (which works perfectly with HTTP 1.1, but not with HTTP 1.0),
I've limited the fix only to the prevention of the PHP notice, and leave the programs behaves exactly as it did before.
This is achieved using input->get() instead of accessing super global variables directly, which is always a good practice.
Preventing PHP notices is important to avoid path information discosure on servers configured to display notices in the HTML output.
It still fails. I have to debug the unit tests as well.
The test JApplicationWebTest::testDetectRequestUri should be rewritten. It makes direct use of super-globals instead of JInput object, and assumes that the functions tested do the same.
So, to summarise: this patch fixes the PHP notice mentioned at the top, and nothing more.
Category | Libraries | ⇒ | Libraries Modules Front End |
Status | Pending | ⇒ | Closed |
Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2017-08-21 15:34:30 |
Closed_By | ⇒ | franz-wohlkoenig |
Closed_Date | 2017-08-21 15:34:30 | ⇒ | 2017-08-21 15:34:31 |
Closed_By | franz-wohlkoenig | ⇒ | joomla-cms-bot |
Set to "closed" on behalf of @franz-wohlkoenig by The JTracker Application at issues.joomla.org/joomla-cms/10973
closed as stated above.
It seems that the tests rely on the presence of the super-global variable HTTP_HOST too.