Issue Type: Bug Created: 2008-04-22T00:06:25.000+0000 Last Updated: 2009-03-11T16:02:35.000+0000 Status: Resolved Fix version(s): - 1.7.1 (01/Dec/08)
Reporter: Tony Ford (tony4d) Assignee: Matthew Weier O'Phinney (matthew) Tags: - Zend_Controller
Related issues: Attachments:
Not sure if other web servers are affected, but I'm assuming so. I've tested both apache 1.3 and 2.2 with php 4.4 and 5.2 respectively (php as a module of course). To reproduce ... Go here:
Now, setup your browser to proxy through 184.108.40.206. In Firefox go to Tools > Options -> Advanced Tab -> Network Tab -> Connection Settings Button. Select manual proxy configuration, enter the IP in the http proxy field and use 80 for the port. Click OK, and click OK.
Now refresh and you'll see:
<pre class="literal">Error! An error occurred with this request: Invalid controller specified (http:).
The reason is, when http is used with a proxy request apache turns the REQUEST_URI server var into a fully qualified URI. In this case, instead of the request uri being /docs/quickstart it becomes http://framework.zend.com/docs/quickstart and hence why the error is saying http: is an invalid controller, because when request uri is split on / http: is the first param in the request.
This all may not mean much to you, but for development and monitoring we use this all the time. Furthermore, although its very rare, some people do actually use proxies setup in their browsers.
So what to do? I'm not entirely sure I can make a sound recommendation, but just browsing through Zend_Controller_Request_Http it seems that we are fully counting on and trusting web servers. setRequestUri() simply takes a server var and sets it up as the request uri, no validation what so ever. A fairly safe assumption I'd say heh, but in this case there is an exception. So I'm thinking, why not take the logic that happens in the constructor and move it down into setRequestUri()? In other words, use the power of Zend_Uri and make sure only the "path" part of a uri is ever set as the request uri member?
In the mean time I'm just replacing this:
<pre class="highlight"> With:
$requestUri = preg_replace( '/^https?:\/\/' . $_SERVER['HTTP_HOST'] . '/i', '', $_SERVER['REQUEST_URI'] );```
FYI, this might show up in the zf general mailing list too. I'm having all sorts of trouble with my subscription and I don't think my emails ever did get through, but maybe they will ...
Posted by Tony Ford (tony4d) on 2008-04-22T00:09:48.000+0000
Fixed some wiki markup issues in description.
Posted by Matthew Weier O'Phinney (matthew) on 2008-05-09T11:09:22.000+0000
Scheduling for next minor release. This issue will likely take a good chunk of time to resolve, due to the necessity of testing against proxy servers in order to determine the necessary format.
Posted by Matthew Weier O'Phinney (matthew) on 2008-11-26T08:35:38.000+0000
Actually, fairly trvial to solve. Fixed in trunk in r12878 and in 1.7 release branch in r12879
Posted by Al Briggs (grouchal) on 2009-03-04T07:53:16.000+0000
I am seeing this again in version 1.7.6 - looks like it has been reintroduced
Posted by Tony Ford (tony4d) on 2009-03-11T16:02:29.000+0000
Not sure what you're having a problem with Al Briggs. We just upgraded to ZF 1.7.6 and using proxy via http works fine now :)
Have you found an issue?
See the Overview section for more details.