History | Log In     View a printable version of the current page. Get help!  
   HOME       BROWSE PROJECT       FIND ISSUES       CREATE NEW ISSUE   
    QUICK SEARCH:  
Issue Details [XML]

Key: CHD-838
Type: Improvement Improvement
Status: Resolved Resolved
Resolution: Fixed
Assignee: Scott Luther
Reporter: Dan Hildebrandt [WGM]
Votes: 1
Watchers: 0
Operations

Clone this issue
If you were logged in you would be able to see more operations.
Cerberus Helpdesk

Update Location header to use SERVER_NAME instead of PHP_SELF

Created: 16/Sep/08 11:45 AM   Updated: 21/Jun/11 06:59 AM
Fix Version/s: 5.0 RC1

Original Estimate: Unknown Remaining Estimate: Unknown Time Spent: Unknown

Value: 1 - Must Have


 Description   
Suggested / Requested by a customer:
========================================================
Welp, there's some connecting of the dots here (sorry I wasn't very
clear). The code looks like this inside index.php at the root (snipped
for brevity):

// If this is our first run, redirect to the installer
   if('' == APP_DB_DRIVER
     [ ... ]
     header('Location:
'.dirname($_SERVER['PHP_SELF']).'/install/index.php'); // [TODO] change
this to a meta redirect
     exit;
   }

The problems combine because 'PHP_SELF' is an empty variable when you
parent the source code at the top of a (sub)domain and request it
without the name of the script, such as:

http://helpdesk.customerdomain.com/

So, the variable is empty - you're also violating the HTTP protocol
because a Location: is supposed to be absolute, but you're assuming
relative. So what happens in this case is a redirect is forces that
looks like this:

http://install/index.php

...which the usual web browser starts sending to Google, etc. The fix is
easy, you need to simply use the SERVER_NAME use instead:

header('Location: http://' .$_SERVER['SERVER_NAME']).
'/install/index.php');

To be more correct, you want to also accommodate for SSL (writing this
off the top of my head, should work but untested :) ):

// protocol
   $myproto = "http://";
   if ($_SERVER['HTTPS']) {
     $myproto = "https://";
   }
   // port
   $myserver = $_SERVER['SERVER_NAME'];
   if ( ($_SERVER['SERVER_PORT'] != "80") ||
        ($_SERVER['SERVER_PORT'] != "443") ) {
     $myserver .= ":" . $_SERVER['SERVER_PORT'];
   }
   // redirect
   $myloc = $myproto . $myserver . "/install/index.php";
   header("Location: $myloc");

 All   Comments   Work Log   Change History      Sort Order:
Comment by Joe Geck [24/Jun/09 11:35 AM]
[ Permlink ]
Update this thread when completed.
http://www.cerb4.com/forums/showpost.php?p=10718&postcount=3

Comment by Michael [28/Jul/09 07:29 PM]
[ Permlink ]
Just had the same problem. Patched it this way (but the other solutions seems more robust):

$location=dirname($_SERVER['PHP_SELF'])=='/' ? '' : dirname($_SERVER['PHP_SELF']);
header('Location: '.$location.'/install/index.php'); // [TODO] change this to a meta redirect

Comment by Scott Luther [07/Apr/10 01:31 PM]
[ Permlink ]
This issue is fixed in the patch attached to http://wgmdev.com/jira/browse/CHD-1808.



Powered by Atlassian JIRA™ (Standard Edition, Version: 3.3.1-#97) - Bug/feature request
Contact Administrators