php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #33638 /phpweb/include/site.inc -- revert revision 1.254
Submitted: 2005-07-11 02:12 UTC Modified: 2005-09-19 14:10 UTC
From: rajesh at meetrajesh dot com Assigned:
Status: Wont fix Package: Website problem
PHP Version: Irrelevant OS: Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: rajesh at meetrajesh dot com
New email:
PHP Version: OS:

 

 [2005-07-11 02:12 UTC] rajesh at meetrajesh dot com 
Description:
------------
$_SERVER['SERVER_NAME'] and $_SERVER['HTTP_HOST'] are NOT the same if the webpage is being served on a non-standard port.

I rsync the PHP manual and run the manual on http://localhost:9000/. $_SERVER['SERVER_NAME'] redirects the page back to http://localhost/ and all images are called from http://localhost instead of http://localhost:9000/ due to the use of $_SERVER['SERVER_NAME']. Using $_SERVER['HTTP_HOST'] corrects this problem.

Reproduce code:
---------------
Line 188 in /phpweb/includes/site.inc:

-    $MYSITE = 'http://' . preg_replace("!^www\\.!", "", $_SERVER["SERVER_NAME"]) . '/';
+    $MYSITE = 'http://' . preg_replace("!^www\\.!", "", $_SERVER["HTTP_HOST"]) . '/';

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-09-19 14:10 UTC] sniper@php.net 
You're not hosting any official mirror, so no, this will not be reverted (it's a XSS hole!).
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri Apr 19 00:01:29 2024 UTC