Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 1.0.10

Bug #16328 Case where $_SERVER["HTTPS"] is returned as uppercase not handled
Submitted: 2009-06-15 17:16 UTC
From: spacecharly Assigned: avb
Status: Closed Package: HTML_QuickForm_Controller (version 1.0.9)
PHP Version: 5.2.0 OS: SunOS hefrms03 5.10 Generic_1200
Roadmaps: (Not assigned)    
Subscription  
Comments Add Comment Add patch


Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know! Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
MUST BE VALID
Solve the problem : 29 - 26 = ?

 
 [2009-06-15 17:16 UTC] spacecharly (Charly Pache)
Description: ------------ I ran into a server configuration where $_SERVER["HTTPS"] was returned in uppercase ('OFF'). This case is not handled in the script ./Action/Jump.php (where 'off' in lowercase is tested). This lead to a redirection with 'https' instead of 'http', which is a problem if there is no 'https' set up for this website. Actual result: -------------- The fix is to change following line of code in Jump.php (method _resolveRelativeURL($url)): $https = !empty($_SERVER['HTTPS']) && ('off' != $_SERVER['HTTPS']); this way: $https = !empty($_SERVER['HTTPS']) && ('off' != strtolower($_SERVER['HTTPS']));

Comments

 [2009-06-16 17:18 UTC] doconnor (Daniel O'Connor)
-Status: Open +Status: Verified
It should always be "HTTPS" - see http://au2.php.net/manual/en/reserved.variables.server.php
 [2009-09-02 15:25 UTC] avb (Alexey Borzov)
-Status: Verified +Status: Closed -Assigned To: +Assigned To: avb
This bug has been fixed in CVS. If this was a documentation problem, the fix will appear on pear.php.net by the end of next Sunday (CET). If this was a problem with the pear.php.net website, the change should be live shortly. Otherwise, the fix will appear in the package's next release. Thank you for the report and for helping us make PEAR better. ------- Daniel, the bug dealt not with 'HTTPS' being uppercase or lowercase, but with the value of that field being 'OFF' rather than the expected 'off' mentioned in the manual you link to.