ZF-10023: Zend_Amf_Server->_handle() sometimes uses uninitialized variable (resulting in PHP notice in AMF response)


In the _handle() method in Zend_Amf_Server, there is a try/catch block that uses a variable ($message) that sometimes isn't initialized.

Line 507-571

try {
    if ($handleAuth) {
        if ($this->_handleAuth(
            $headers[Zend_Amf_Constants::CREDENTIALS_HEADER]->password)) {
// *snip*
// _handleAuth throws an exception when authentication failes
    if ($objectEncoding == Zend_Amf_Constants::AMF0_OBJECT_ENCODING) {
        $message = '';
// *snip*
    } else {
        $message = $body->getData();
// *snip*
} catch (Exception $e) {
    $return = $this->_errorMessage($objectEncoding, $message,
        $e->getMessage(), $e->getTraceAsString(),$e->getCode(),  $e->getLine());

As you can see, when _handleAuth() throws an exception, the $message variable in the catch block isn't set, resulting in a PHP Notice in the AMF response.

The fix would be initializing $message above the try/catch, or checking if it exists in the catch block.


Thank You for report. Solved at SVN r23896.

Fixed in release branch 1.11 at r23897