? Failure
Referenced as Pull Request for: # 17655

User tests: Successful: Unsuccessful:

avatar demis-palma
demis-palma
29 Jun 2016

Summary of Changes

The current code relies on the presence of the super-global variable HTTP_HOST, which is not always set.
In case of HTTP 1.0 requests, HTTP_HOST is not set. This causes a series of PHP notices:

Undefined index: HTTP_HOST in [...]/libraries/joomla/application/web.php on line 867
Undefined index: HTTP_HOST in [...]/libraries/joomla/uri/uri.php on line 85
Undefined index: HTTP_HOST in [...]/modules/mod_wrapper/helper.php on line 48

Testing Instructions

  1. Force your browser to use HTTP protocol 1.0 instead of 1.1, or simply telnet to your testing web server to the port 80
    telnet localhost 80
    and ask for the user reminder form using HTTP 1.0 protocol:
    GET index.php?option=com_users&view=remind HTTP/1.0 (Don't forget to press enter twice after this command.)
  2. Check the error log of your web server for the PHP notices mentioned above.

In case you have PHP DISPLAY ERROR active, the PHP notices will be present in the HTML output in addition to the web server log, but it's hard to find them by eye within the whole HTML code received in the telnet console.

avatar demis-palma demis-palma - open - 29 Jun 2016
avatar demis-palma demis-palma - change - 29 Jun 2016
Status New Pending
avatar joomla-cms-bot joomla-cms-bot - change - 29 Jun 2016
Labels Added: ?
avatar demis-palma
demis-palma - comment - 30 Jun 2016

It seems that the tests rely on the presence of the super-global variable HTTP_HOST too.

avatar brianteeman brianteeman - change - 30 Jun 2016
Category Libraries
avatar ggppdk
ggppdk - comment - 30 Jun 2016

@demis-palma

You code does not seem account for the port number from the case that SERVER_NAME is used and port != 80

[EDIT]
i have to check this

avatar piotr-cz
piotr-cz - comment - 30 Jun 2016

As far as I remember the HTTP_HOST includes a port if it's other than 80.
On the other side, SERVER_NAME never includes a port

avatar demis-palma
demis-palma - comment - 30 Jun 2016

Since the automatic tests are clearly crafted on the current behaviour of the program (which works perfectly with HTTP 1.1, but not with HTTP 1.0),
I've limited the fix only to the prevention of the PHP notice, and leave the programs behaves exactly as it did before.
This is achieved using input->get() instead of accessing super global variables directly, which is always a good practice.

Preventing PHP notices is important to avoid path information discosure on servers configured to display notices in the HTML output.

avatar demis-palma
demis-palma - comment - 30 Jun 2016

It still fails. I have to debug the unit tests as well. ? !

avatar demis-palma
demis-palma - comment - 30 Jun 2016

The test JApplicationWebTest::testDetectRequestUri should be rewritten. It makes direct use of super-globals instead of JInput object, and assumes that the functions tested do the same.

So, to summarise: this patch fixes the PHP notice mentioned at the top, and nothing more.

avatar Quy
Quy - comment - 21 Aug 2017

This can be closed because of PR #17655 .

avatar joomla-cms-bot joomla-cms-bot - change - 21 Aug 2017
Category Libraries Libraries Modules Front End
avatar joomla-cms-bot joomla-cms-bot - close - 21 Aug 2017
avatar joomla-cms-bot joomla-cms-bot - change - 21 Aug 2017
The description was changed
avatar franz-wohlkoenig franz-wohlkoenig - change - 21 Aug 2017
Status Pending Closed
Closed_Date 0000-00-00 00:00:00 2017-08-21 15:34:30
Closed_By franz-wohlkoenig
avatar joomla-cms-bot joomla-cms-bot - change - 21 Aug 2017
Closed_Date 2017-08-21 15:34:30 2017-08-21 15:34:31
Closed_By franz-wohlkoenig joomla-cms-bot
avatar joomla-cms-bot
joomla-cms-bot - comment - 21 Aug 2017
avatar joomla-cms-bot joomla-cms-bot - edited - 21 Aug 2017
avatar franz-wohlkoenig
franz-wohlkoenig - comment - 21 Aug 2017

closed as stated above.


This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/10973.

Add a Comment

Login with GitHub to post a comment