Project

General

Profile

Actions
Copy link

Bug #24508

closed

TYPO3-Core throws PHP-Warnings (function "parse_url()") if $_SERVER['HTTP_HOST'] is empty

Added by Andy Grunwald over 13 years ago. Updated almost 10 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
-
Target version:
-
Start date:
2011-01-10
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
4.3
PHP Version:
5.2
Tags:
Complexity:
Is Regression:
No
Sprint Focus:

Description

If the Variable $_SERVER['HTTP_HOST'] is empty / not set, the TYPO3 Core throws PHP Warnings. This variable is empty if a HTTP request is done with HTTP/1.0 (HTTP version 1.0). This version of HTTP don`t support HTTP_HOST.

With a request with HTTP/1.0, TYPO3 acts to show the "Page not Found"-Website.If you configure [FE][pageNotFound_handling] (Install-Tool) with the value "/404/" (Show the page http://www.domain.com/404/ if a page wasn`t found) the following PHP warning appear:

Core: Error handler (FE): PHP Warning: parse_url(http:///404/) [<a href='function.parse-url'>function.parse-url</a>]: Unable to parse URL in /var/www/bitburger-braugruppe.de/typo3_src-4.3.10/t3lib/class.t3lib_div.php line 3315

If you switch the [FE][pageNotFound_handling]-value to "http://www.domain.com/404/" the following php warning will appear:

Core: Error handler (FE): PHP Warning: parse_url(http:///) [<a href='function.parse-url'>function.parse-url</a>]: Unable to parse URL in /var/www/bitburger-braugruppe.de/typo3_src-4.3.10/t3lib/class.t3lib_userauth.php line 1170

IMPORTANT: The request must use HTTP in version 1.0!

A work-a-round is to use "REDIRECT:http://www.domain.com/404/" as [FE][pageNotFound_handling]-value, but in my opinion this is not a real solution.

Technical stuff:
TYPO3 4.3.10
PHP: 5.2
Webserver: Apache 2

Following lines are affected:
in tslib_fe::pageErrorHandler the incomming url ($code) is modified in line 1500:
$code = t3lib_div::getIndpEnv('TYPO3_REQUEST_HOST') . $code;

The call t3lib_div::getIndpEnv('TYPO3_REQUEST_HOST') relies on t3lib_div::getIndpEnv('HTTP_HOST'). t3lib_div::getIndpEnv('TYPO3_REQUEST_HOST') doesn`t check if the return value of t3lib_div::getIndpEnv('HTTP_HOST') is empty.
And so urls like http:///404/ (with [FE][pageNotFound_handling] = "/404/") or http:/// (with [FE][pageNotFound_handling] = "http://www.domain.com/404/") are created

What the hell? How do you find such a bug? Which one is using HTTP 1.0 ???
The networking monitoring tool "Whats Up" from "Ipswitch" (http://www.whatsupgold.com/) make http requests to check the uptime. This tool uses in some cases HTTP in version 1.0
(issue imported from #M16960)

Actions
Copy link

Also available in: Atom PDF