Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
catch rewrites that pass URI and QUERY STRING as one; related #1551
Some combinations of webserver and php-fpm do this, others dont. The default in .htaccess caters for the last one only, and we don't want to throw an exception here if we can correct it for the user.
- Loading branch information
b873970
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What about:
https://domain.com/transactions
For this case, the $matches is empty (because $uri does not contain '?') and does not pass the Security::clean
b873970
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It doesn't matter, because in that case we're sure $_GET is empty, so there is nothing to clean.
b873970
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not true, see the sample:
Returns:
array(1) { ["/transactions"]=> string(0) "" }
b873970
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah, you mean GET isn't emptied. Hmm... Good point.
b873970
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This would be better:
b873970
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, I think this one is the winner, I will test it for few days and let you know
b873970
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok, thanks. I'll be awaiting your feedback.
b873970
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think I tested it quite well already and can confirm that everything is working as expected on FPM and FastCGI. Of course somebody should test it on other environments.
Thank you for quick fix.
b873970
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, I'll push the change so it can be tested by a wider audience.