Project

General

Profile

Actions
Copy link

Bug #81720

closed

GeneralUtility::locationHeaderUrl can not handle URLs that are relative to the current protocol

Added by Matteo Bonaker over 7 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
Site Handling, Site Sets & Routing
Target version:
-
Start date:
2017-06-27
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
7
PHP Version:
Tags:
Complexity:
Is Regression:
Sprint Focus:
On Location Sprint

Description

First off it is important to know what protocol relative urls are.
A very brief description is provided by Wikipedia: https://en.wikipedia.org/wiki/URL#prurl
In fact all well-known Browsers (except IE 6 and partially IE 7-9) handle PRURLs nicely when used as links. TYPO3 in most cases also does its job when it comes to PRURLs.
So now to the actual bug which I found because EXT:dd_googlesitemap does not work with PRURLs due to it.

Reproduction:

  • Install TYPO3 7.6.15 or 8.7.0 (those are the only ones that I tested)
  • Get in a position to write PHP-Code (e.g. write an extension or modify the core)
  • Let the url of your site be 'https://example.tld/'
  • Now in your PHP-Code do echo GeneralUtility::locationHeaderUrl('//example.tld/path/page.html')
  • Visit your site via 'https://example.tld/'

My expected result:

https://example.tld/path/page.html

... because it is the absolute URL that would be generated by the browser for the given input.

Actual result:

http://example.tld//example.tld/path/page.html

This is the code of the current function locationHeaderUrl:

        $uI = parse_url($path);
        // relative to HOST
        if ($path[0] === '/') {
            $path = self::getIndpEnv('TYPO3_REQUEST_HOST') . $path;
        } elseif (!$uI['scheme']) {
            // No scheme either
            $path = self::getIndpEnv('TYPO3_REQUEST_DIR') . $path;
        }
        return $path;

Even technically the comment above the function contradicts the result. The comment is:

     * Prefixes a URL used with 'header-location' with 'http://...' depending on whether it has it already.
     * - If already having a scheme, nothing is prepended
     * - If having REQUEST_URI slash '/', then prefixing 'http://[host]' (relative to host)
     * - Otherwise prefixed with TYPO3_REQUEST_DIR (relative to current dir / TYPO3_REQUEST_DIR)

And because the double slash at the beginning of a PRURL is not a "REQUEST_URI slash '/'", the result technically would have to be

/html/typo3///example.tld/path/page.html

... which is ridiculous. So the comment is wrong, too imho.

Files

fix_location_header_url.patch (1.75 KB) fix_location_header_url.patch Matteo Bonaker, 2017-06-27 18:48
Actions
Copy link

Also available in: Atom PDF