Skip to content
This repository has been archived by the owner on Nov 3, 2023. It is now read-only.

Let Environment::requestUri() handle absolute URI #8661

Merged
merged 2 commits into from
Mar 16, 2017
Merged

Let Environment::requestUri() handle absolute URI #8661

merged 2 commits into from
Mar 16, 2017

Conversation

martinschumann
Copy link
Contributor

Hi Contaoists!

Method Environment::requestUri relys on the $_SERVER['REQUEST_URI'] variable containing a URI only in relative-form.

In rfc 7230 section 5.3.2 it's demanded that a "server MUST accept the absolute-form in requests, even though HTTP/1.1 clients will only send them in requests to proxies." Therefore $_SERVER['REQUEST_URI'] may contain a full valid URL including scheme. This happens for instance when using a SSH tunnel as HTTP Proxy, where GET request line doesn't get rewritten as in HTTP Proxies for that purpse.
This has an subsequent effect on e.g. the generation of the action attribute in the backend login form, resulting in an url-encoded full URL (http%3A//...) and disabling login.

May I suggest stripping the hostname and scheme if present?

Regards
Martin

@leofeyer leofeyer added this to the 3.5.25 milestone Mar 14, 2017
@leofeyer leofeyer self-assigned this Mar 16, 2017
@leofeyer leofeyer changed the base branch from master to hotfix/3.5.25 March 16, 2017 12:25
@leofeyer leofeyer merged commit 3e273a8 into contao:hotfix/3.5.25 Mar 16, 2017
leofeyer pushed a commit that referenced this pull request Mar 20, 2017
@martinschumann @leofeyer
Handle absolute URLs in Environment::requestUri() (see #8661).
3808e94
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees

@leofeyer leofeyer

Labels
defect
Projects
None yet
Milestone
3.5.25
Development

Successfully merging this pull request may close these issues.
2 participants
@martinschumann @leofeyer