Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

Fixes an issue with urls as GET parameters #1039

Merged
merged 2 commits into from Jan 18, 2013

Conversation

Projects
None yet
2 participants
Contributor

bfanger commented Dec 21, 2012

Allow urls as GET parameter: http://domain.com/controller/action?url=http://example.com

Currently the "://" in the $_SERVER['REQUEST'] causes an invalid value for $request->url.

@markstory markstory commented on the diff Dec 21, 2012

lib/Cake/Network/CakeRequest.php
@@ -232,7 +232,11 @@ protected function _url() {
} elseif (isset($_SERVER['REQUEST_URI']) && strpos($_SERVER['REQUEST_URI'], '://') === false) {
$uri = $_SERVER['REQUEST_URI'];
} elseif (isset($_SERVER['REQUEST_URI'])) {
- $uri = substr($_SERVER['REQUEST_URI'], strlen(FULL_BASE_URL));
+ if (strpos($_SERVER['REQUEST_URI'], '?') !== false && strpos($_SERVER['REQUEST_URI'], '://') > strpos($_SERVER['REQUEST_URI'], '?')) {
+ $uri = $_SERVER['REQUEST_URI'];
+ } else {
+ $uri = substr($_SERVER['REQUEST_URI'], strlen(FULL_BASE_URL));
+ }
@markstory

markstory Dec 21, 2012

Owner

I think this will still have problems when REQUEST_URI contains a query string parameter with the domain and also has the full domain. For example: http://example.com/some/path?url=http://cakephp.org.

Contributor

bfanger commented Dec 21, 2012

No problems for: "http://example.com/some/path?url=http://cakephp.org"
strpos($_SERVER['REQUEST_URI'], '://') == 4
strpos($_SERVER['REQUEST_URI'], '?') == 28

4 > 28 == false, So the domain is stripped from the url.

markstory added a commit that referenced this pull request Jan 18, 2013

Merge pull request #1039 from bfanger/master
Fixes an issue with urls as GET parameters

@markstory markstory merged commit acc6a26 into cakephp:master Jan 18, 2013

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment