php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #59709 Call URLDecode() on $_GET Variables
Submitted: 2011-04-11 14:54 UTC Modified: 2017-10-24 08:24 UTC
From: timd dot mackey at gmail dot com Assigned:
Status: Suspended Package: xhprof (PECL)
PHP Version: 5.3.3 OS: Mac OS
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2011-04-11 14:54 UTC] timd dot mackey at gmail dot com
Description:
------------
I am using XHProf with Drupal (see drupal.org) to Profile my 
website. The problem I ran into is that Drupal (Devel 
Module) 
uses the Site's Full Name as the XHProf Namespace for the 
XHProf reports, which often results in the namespace 
containing spaces in the filenames for each report (e.g.- 
"4da346cf71423.Example Website Name"). This causes the 
Profiler Report UI to not be able to find the correct file, 
since it gets the namespace ($_GET["space"]) from the $_GET 
variables without url decoding it, and uses it as the file 
extension (e.g.- it looks for 
"4da346cf71423.Example%20Website%20Name" instead of 
"4da346cf71423.Example Website Name").

I propose the following fix, which solved my problem and 
seems 
to be working fine. Modify the "xhprof_get_param_helper()" 
function in "xhprof_lib.php" to call urldecode() on the 
value 
of all $_GET variables. This will make sure that encoded 
spaces (and other encoded characters) are converted to real 
spaces. I've included the patch under "Reproduce Code".


Reproduce code:
---------------
--- /xhprof/xhprof_lib/utils/xhprof_lib.php	2011-04-11 10:45:44.000000000 -0700
+++ /xhprof/xhprof_lib/utils/xhprof_lib.php	2011-04-11 11:29:22.000000000 -0700
@@ -666,7 +666,7 @@
 function xhprof_get_param_helper($param) {
   $val = null;
   if (isset($_GET[$param]))
-    $val = $_GET[$param];
+    $val = urldecode($_GET[$param]);
   else if (isset($_POST[$param])) {
     $val = $_POST[$param];
   }



Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-04-11 18:13 UTC] timd dot mackey at gmail dot com
On second thought, this would be better classified as a bug.
 [2012-06-12 18:01 UTC] sixd@php.net
-Assigned To: +Assigned To: scottmac
 [2017-10-24 06:11 UTC] kalle@php.net
-Status: Assigned +Status: Open -Assigned To: scottmac +Assigned To:
 [2017-10-24 08:24 UTC] kalle@php.net
-Status: Open +Status: Suspended
 [2017-10-24 08:24 UTC] kalle@php.net
This package has not had a release for over 4 years, and the last bit of git activity was over 2 years ago, so I think its safe to say this extension is no longer in active development. If development picks back up, then please re-open this report
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Mar 28 14:01:29 2024 UTC