php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #62086 header() in 404 error page
Submitted: 2012-05-21 07:14 UTC Modified: 2012-06-25 08:07 UTC
From: dave dot kimble at gmx dot com Assigned:
Status: Not a bug Package: Other web server
PHP Version: 5.4.3 OS: Win 7 Ult 32
Private report: No CVE-ID: None
 [2012-05-21 07:14 UTC] dave dot kimble at gmx dot com
Description:
------------
I am trying to redirect all external links to pages in 
http://www.*******.org.au/dave.kimble/ 
to http://www.davekimble.org.au/ 
by using header() in 404 error page.
Fastream IQWebFTPServer v11.5.5R possibly implicated.

If header() follows echo(), I expect error "headers already written".
Adding echo statements to debug, the output either doesn't appear, or after <BR> output is the remaining script itself. 

Same problem with PHP 5.4.0

Test script:
---------------
Must be set in web server as Error Page 404

<?php
// error page for 404
$uri = $_SERVER['REQUEST_URI'];
if (substr($uri, 0, 12 ) == '/dave.kimble' )
{	$restofuri = substr($uri, 12 );
	header('Location: http://www.davekimble.org.au'.$restofuri );
	exit('Redirecting you to http://www.davekimble.org.au'.$restofuri);
}
echo ($uri . ' not found<BR>');
?>


Expected result:
----------------
a) Browser URL: http://test-domain.com/dave.kimble/index.htm
   should return page http://www.davekimble.org.au/index.htm 
b) Browser URL: http://test-domain.com/xxxx.xxx
   should return "/xxxx.xxx not found"

Actual result:
--------------
a) Browser URL: http://test-domain.com/dave.kimble/index.htm
   returns blank page and response status 404
b) Browser URL: http://test-domain.com/xxxx.xxx
   returns '); ?> 
   which is the tail end of the script !

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-05-21 08:39 UTC] anon at anon dot anon
It looks like your error page is not configured to be interpreted as PHP, so everything from <?php to BR> is interpreted by the browser as a single HTML tag. Also the URL in your exit statement should be passed through htmlspecialchars to avoid an XSS vulnerability.
 [2012-05-22 07:25 UTC] dave dot kimble at gmx dot com
OK, I can confirm this is not a PHP bug, but an IQWebFTPServer bug:
IQ doesn't pre-process error pages.
Thanks.
CLOSED
 [2012-06-25 08:07 UTC] maarten@php.net
-Status: Open +Status: Not a bug
 [2012-06-25 08:07 UTC] maarten@php.net
Sorry, but your problem does not imply a bug in PHP itself.  For a
list of more appropriate places to ask for help using PHP, please
visit http://www.php.net/support.php as this bug system is not the
appropriate forum for asking support questions.  Due to the volume
of reports we can not explain in detail here why your report is not
a bug.  The support channels will be able to provide an explanation
for you.

Thank you for your interest in PHP.


 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Dec 21 13:01:31 2024 UTC