ZF-7824: GET params can break setting baseurl in Zend_Controller_Request_Http

Issue Type: Bug Created: 2009-09-10T13:04:56.000+0000 Last Updated: 2009-09-18T23:55:21.000+0000 Status: Resolved Fix version(s): Reporter: boris (jer) Assignee: Jan Pieper (jpieper) Tags: - Zend_Controller

Related issues: Attachments: - ZF-7824.patch


Passing 'index.php' via $_GET, e.g. requesting http://mydomain.tld/index/index/… will break Zend_Controller_Request_Http::setBaseUrl() on line 503 ( for v.1.9.2 )

<pre class="highlight">
            if (empty($basename) || !strpos($requestUri, $basename)) {
                // no match whatsoever; set it blank
                $this->_baseUrl = '';
                return $this;

when QUERY_STRING doesn't contain 'index.php' everything is fine, otherwise second test strpos($requestUri, $basename) triggers. I think it's done in error, second part of condition must be tested against REQUEST_URI with QUERY_STRING cut off (i.e. str_ireplace($_SERVER['QUERY_STRING'], '', $_SERVER['REQUET_URI']) or something), because setting baseulr has nothing to do with GET parameters.

Finally in Zend_Controller_Request_Http::setPathInfo() on line 607

<pre class="highlight">
            if ((null !== $baseUrl)
                && (false === ($pathInfo = substr($requestUri, strlen($baseUrl)))))

$pathInfo is truncated from 'index/index' to 'ex' (last 2 symbols survived) and exception no controller is thown.

I ran into trouble using autocomplete with dojo. Auto complete field queries big DB table with URLs, where literally every second record contains 'index.php'. I'll try now to work around with url_encoding queries (but I guess it's url_decoded before dispatch loop) or putting queries to POST...


Posted by Jan Pieper (jpieper) on 2009-09-17T12:10:38.000+0000

Could reproduce this bug on my website.

Attached patch to fix this bug. It includes new unit test for Zend_Controller_Request_Http.

Posted by Jan Pieper (jpieper) on 2009-09-17T13:38:15.000+0000

Fixed in r18191.

Have you found an issue?

See the Overview section for more details.


© 2006-2018 by Zend, a Rogue Wave Company. Made with by awesome contributors.

This website is built using zend-expressive and it runs on PHP 7.