php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #60054 get_headers() Redirect ../../ error
Submitted: 2011-10-13 15:18 UTC Modified: 2013-02-18 00:35 UTC
Votes:2
Avg. Score:1.0 ± 0.0
Reproduced:1 of 2 (50.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: greenrover33 at gmail dot com Assigned:
Status: No Feedback Package: HTTP related
PHP Version: 5.3.8 OS: Ubuntu
Private report: No CVE-ID: None
 [2011-10-13 15:18 UTC] greenrover33 at gmail dot com
Description:
------------
When i open with: get_headers() 
http://www.zebis.ch/Unterricht/Fach/Unterrichtsmaterialien/dateizeigen.php?id=4070&vz=ME4gDDrhrBwBKVWwrrubqqAFR9r4Hv&file=symmetrien.doc

I got 302 Found
Location => ../../schublade/ME4gDDrhrBwBKVWwrrubqqAFR9r4Hv/docs/symmetrien.doc

PHP try open:
GET /Unterricht/Fach/Unterrichtsmaterialien//../../schublade/ME4gDDrhrBwBKVWwrrubqqAFR9r4Hv/docs/symmetrien.doc

But it should be:
GET /Unterricht/schublade/ME4gDDrhrBwBKVWwrrubqqAFR9r4Hv/docs/symmetrien.doc

Browsers can handle that (ie, ff, chrome)

this means:
get_headers()  dont execute ../ like browser will do.



Test script:
---------------
<?PHP 
$url = 'http://www.zebis.ch/Unterricht/Fach/Unterrichtsmaterialien/dateizeigen.php?id=4070&vz=ME4gDDrhrBwBKVWwrrubqqAFR9r4Hv&file=symmetrien.doc';
$headers = get_headers($url, 1);
print_r($headers);


Expected result:
----------------
GET /Unterricht/schublade/ME4gDDrhrBwBKVWwrrubqqAFR9r4Hv/docs/symmetrien.doc


Actual result:
--------------
GET /Unterricht/Fach/Unterrichtsmaterialien//../../schublade/ME4gDDrhrBwBKVWwrrubqqAFR9r4Hv/docs/symmetrien.doc

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-11-29 13:33 UTC] iliaa@php.net
-Status: Open +Status: Feedback
 [2011-11-29 13:33 UTC] iliaa@php.net
Please try using this snapshot:

  http://snaps.php.net/php5.3-latest.tar.gz
 
For Windows:

  http://windows.php.net/snapshots/

With newer version of PHP I get the following, expected output:


Array
(
    [0] => HTTP/1.1 302 Found
    [Date] => Array
        (
            [0] => Tue, 29 Nov 2011 13:32:43 GMT
            [1] => Tue, 29 Nov 2011 13:32:43 GMT
        )

    [Server] => Array
        (
            [0] => Apache
            [1] => Apache
        )

    [X-Powered-By] => PHP/5.2.9
    [Set-Cookie] => Array
        (
            [0] => PHPSESSID=40ca678b4b35ce5370d0d3ae68739e9e; path=/
            [1] => aktiviert=1322573563; expires=Sat, 16-Jun-2012 13:32:43 GMT; 
path=/
        )

    [Expires] => Thu, 19 Nov 1981 08:52:00 GMT
    [Cache-Control] => no-store, no-cache, must-revalidate, post-check=0, pre-
check=0
    [Pragma] => no-cache
    [location] => 
http://www.zebis.ch/Unterricht/schublade/ME4gDDrhrBwBKVWwrrubqqAFR9r4Hv/docs/sym
metrien.doc
    [Connection] => Array
        (
            [0] => close
            [1] => close
        )

    [Content-Type] => Array
        (
            [0] => text/html; charset=ISO-8859-1
            [1] => application/msword
        )

    [Content-Language] => Array
        (
            [0] => de
            [1] => de
        )

    [1] => HTTP/1.1 200 OK
    [Last-Modified] => Thu, 12 Nov 2009 09:48:20 GMT
    [ETag] => "6101f5-53600-47829717f4100"
    [Accept-Ranges] => bytes
    [Content-Length] => 341504
)
 [2013-02-18 00:35 UTC] php-bugs at lists dot php dot net
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Open". Thank you.
 [2013-02-18 04:49 UTC] greenrover33 at gmail dot com
The problem does still exist.

Here i provide the test againe:

http://www.file-upload.net/download-7225004/tests_60054.zip.html


Download, unzip and run  test.php  (with a browser)

To validate open:  a/b/redirect.php  (with a browser)

Hope that will helps to reproduce.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Dec 03 14:01:30 2024 UTC