ZF-10023: Zend_Amf_Server->_handle() sometimes uses uninitialized variable (resulting in PHP notice in AMF response)

Issue Type: Improvement Created: 2010-06-21T03:09:10.000+0000 Last Updated: 2011-05-03T15:00:19.000+0000 Status: Resolved Fix version(s): - 1.11.6 (05/May/11)

Reporter: Jelle-Jan van Veelen (pelle) Assignee: Satoru Yoshida (satoruyoshida) Tags: - Zend_Amf

Related issues: Attachments:


In the _handle() method in Zend_Amf_Server, there is a try/catch block that uses a variable ($message) that sometimes isn't initialized.

Line 507-571

<pre class="highlight">
try {
    if ($handleAuth) {
        if ($this->_handleAuth(
            $headers[Zend_Amf_Constants::CREDENTIALS_HEADER]->password)) {
// *snip*
// _handleAuth throws an exception when authentication failes
    if ($objectEncoding == Zend_Amf_Constants::AMF0_OBJECT_ENCODING) {
        $message = '';
// *snip*
    } else {
        $message = $body->getData();
// *snip*
} catch (Exception $e) {
    $return = $this->_errorMessage($objectEncoding, $message,
        $e->getMessage(), $e->getTraceAsString(),$e->getCode(),  $e->getLine());

As you can see, when _handleAuth() throws an exception, the $message variable in the catch block isn't set, resulting in a PHP Notice in the AMF response.

The fix would be initializing $message above the try/catch, or checking if it exists in the catch block.


Posted by Satoru Yoshida (satoruyoshida) on 2011-04-30T02:08:03.000+0000

Thank You for report. Solved at SVN r23896.

Posted by Ralph Schindler (ralph) on 2011-05-03T15:00:19.000+0000

Fixed in release branch 1.11 at r23897

Have you found an issue?

See the Overview section for more details.


© 2006-2018 by Zend, a Rogue Wave Company. Made with by awesome contributors.

This website is built using zend-expressive and it runs on PHP 7.