Issue Type: Docs: Problem Created: 2010-10-09T04:03:39.000+0000 Last Updated: 2012-05-29T17:35:15.000+0000 Status: Closed Fix version(s): Reporter: Arno Schäfer (arnoschaefer) Assignee: Adam Lundrigan (adamlundrigan) Tags: - Zend_Controller
Related issues: - ZF-11204
I am not sure if this is a bug, but at least it needs to be properly documented.
I just noticed that ZF's standard dispatcher behaves differently from what I would have expected with extraneous characters in the action name such as -/+/.
For example, if I add a dash to the action name, e.g. "/foo/bar-", I do not get a Zend_Controller_Plugin_ErrorHandler::EXCEPTION_NO_ACTION error, but instead, the barAction() method is called, and only afterwards ZF fails with a Zend_View_Exception: 'script 'foo/bar-.phtml' not found in path.
This is apparently due to the method Zend_Controller_Dispatcher_Abstract::_formatName silently stripping out all non-alphanumeric characters.
This is very unexpected and may at least disrupt error handling (resulting e.g. in an 'internal error' instead of 'file not found'), and potentially may have security implications if not properly handled.
No comments to display
Have you found an issue?
See the Overview section for more details.