PHP :: Bug #25102 :: Relative URI location breaks PATH

Bug #25102	Relative URI location breaks PATH_INFO
Submitted:	2003-08-15 15:22 UTC	Modified:	2003-08-15 18:15 UTC
From:	phpbugs at lusis dot org	Assigned:
Status:	Not a bug	Package:	Unknown/Other Function
PHP Version:	4.3.2	OS:	gentoo 1.4
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	phpbugs at lusis dot org
New email:
PHP Version:		OS:

New Comment:

[2003-08-15 15:22 UTC] phpbugs at lusis dot org

Description:
------------
*** I'm resubmitting this bug because my original bugid got lost somehow in the database. My original bug ID is showing as some old bug from two years ago ***
---------------------------------------------
I was testing some session-setting code that uses PATH_INFO to set session
variables from PATH_INFO. After exploding PATH_INFO and using the
information, I wanted to redirect back to the page.

This didn't work as expected. The page I was attempting to redirect to was
treated as a PATH_INFO value.

The only way to resolve this was to use an absolute URL as the Location.

The whole purpose is to have a single page as the URL.

An example URL is:

http://hostname/~username/directory/main.php/1/2

This would set the current menu to 1 and the current task as 2. These
values are for a sort of breadcrumb system. The tasks are specific to a
menu and are pulled from a database to build the tasklist.

What ends up happening is $menu gets overwritten with main.php instead of
1.

When this is moved to production, the desired URL will actually be:

http://hostname/main.php/1/2

which should redirect to:

http://hostname/main.php after parsing the PATH_INFO.

Reproduce code:
---------------
$MYURL="http://hostname/~username/directory/"
list($dummy,$menu,$task)=explode('/',$_SERVER['PATH_INFO']);
if($task)
{
        $_SESSION['CurrentMenu'] = $menu;
        $_SESSION['CurrentTask'] = $task;
        // This works
        header("Location: ".$MYURL."main.php");
        // This does not:
        // header("Location: main.php");
        exit;
}else($menu){
        $_SESSION['CurrentMenu'] = $menu;
        header("Location: ".$MYURL."main.php");
        exit;
}


Expected result:
----------------
PATH_INFO should be parsed properly.

PAge should be refreshed as main.php with the session variables set as
shown.

Actual result:
--------------
$menu gets overwritten with main.php instead of 1 after first redirect.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2003-08-15 18:15 UTC] pollita@php.net

This is expected behavior.

The HTTP protocol states that Location: headers must be absolute URLs.  The fact that relative urls sometimes works is as confusing to most as it is seemingly fortunate.

That said, it is the browser which is putting mail.php onto the URL that its working with (it has no knowledge that the index.php in the middle of the url is the real script) and is therefore nothing that can be fixed by PHP.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sat Oct 05 07:01:27 2024 UTC