Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 1.10.15

Bug #6322 Installer fails to follow redirects
Submitted: 2005-12-22 08:57 UTC
From: tuupola Assigned: toggg
Status: Closed Package: PEAR
PHP Version: 4.4.0 OS: Solaris 8
Roadmaps: (Not assigned)    
Subscription  


 [2005-12-22 08:57 UTC] tuupola
Description: ------------ pear install http://www.example.com/package.tgz command fails if webserver returns a redirect to correct location of the tarball. Test script: --------------- I have the following: RewriteRule ^php/download/(.*) /~tuupola/download/$1 [R,L] and the following fails: #pear install http://www.appelsiini.net/~tuupola/php/download/DB_DataContainer-1.3.1.tgz Could not download from "http://www.appelsiini.net/~tuupola/php/download/DB_DataContainer-1.3.1.tgz" Invalid or missing remote package file Package "http://www.appelsiini.net/~tuupola/php/download/DB_DataContainer-1.3.1.tgz" is not valid install failed however the following succeeds: #wget http://www.appelsiini.net/~tuupola/download/DB_DataContainer-1.3.1.tgz #pear install DB_DataContainer-1.3.1.tgz

Comments

 [2005-12-23 09:08 UTC] toggg
The request to get the .tgz returns a 302 (Found) but pear does not uses the returned location Instead, as the reply code is not 304 (not modified) neither 200 (OK) , it considers the request as failed. If I manually take into account the: "Location: http://www.appelsiini.net/~tuupola/download/DB_DataContainer-1.3.1.tgz " returned in the headers: # pear install http://www.appelsiini.net/~tuupola/download/DB_DataContainer-1.3.1.tgz downloading DB_DataContainer-1.3.1.tgz ... Starting to download DB_DataContainer-1.3.1.tgz (9,455 bytes) .....done: 9,455 bytes install ok: channel://pear.php.net/DB_DataContainer-1.3.1
 [2005-12-23 10:02 UTC] toggg
Please try the following patch against 1.4.5 or 1.4.6 (cvs): http://toggg.com/pear/Downloader.php.6322.diff.txt
 [2005-12-24 09:24 UTC] toggg
As a side note, the same should certainly be done for all redirect replies: * 301 Moved permanently * 302 Found (as for this bug) * 303 See Other * 305 Use Proxy * 307 Temporary Redirect
 [2005-12-25 20:01 UTC] cellog
note: the redirection patch, although short, does not take into account malicious/shoddy infinite recursion through 302 redirecting to one site redirecting to another, etc. HTTP_Request implements 302, and has a 5-deep limit, perhaps a static variable in httpDownload() could be used to do this? # further note, I am still in .cz won't have internet again until 12/27. Merry Christmas/Holiday of your choice!
 [2005-12-26 17:37 UTC] toggg
I rewrote this patch: * integrating all redirect replies * limiting to (hard coded) 5 redirects. It's based on a static counter which is systematically reset to zero after saving it, so we avoid any interference with other error or good cases. The saved value will be only considered case of redirect. ( http://toggg.com/pear/Downloader.php.6322.diff.txt )
 [2006-01-02 06:09 UTC] cellog
This bug has been fixed in CVS. If this was a documentation problem, the fix will appear on pear.php.net by the end of next Sunday (CET). If this was a problem with the pear.php.net website, the change should be live shortly. Otherwise, the fix will appear in the package's next release. Thank you for the report and for helping us make PEAR better.