Fixed PHP Notice: Undefined index: HTTP_HOST

[JannikMichel]

Pull Request for Issue #10973.

Summary of Changes

Fixed PHP Notice: Undefined index: HTTP_HOST

Testing Instructions

Connect to the Webserver via HTTP 1.0 to port 80.
Commandline:
telnet localhost 80

and in there :
get [...joomlaDirectory]/index.php HTTP/1.0

Expected result

No notices from PHP

Actual result

No notices from PHP

Documentation Changes Required

[Schmidie64]

I have tested this item ✅ successfully on dc5cc1e

@icampus
I've tested this item sucessfully. A little bit complicated but everything works well.

---

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/17655.}

[bembelimen]

Is there a way to used JUri for this?

[laoneo]

I mean the notices will disappear but you generate wrong urls when the HTTP_HOST variable is not set. Probably it woul be safer to throw an exception as we need th variable to generate proper urls. It can become a BC break but at least it will not generate invalid urls.

[Murat75]

OS Darwin
PHP 7.1.4
MySQLi 5.5.5-10.1.22-MariaDB

It work!
@icampus

[ghost]

@Murat75 can you please mark your Test at Issue Tracker

[JannikMichel]

@bembelimen Do you mean to use JUri for the link in mod_wrapper?
@laoneo I agree, when the HTTP_HOST is empty we should throw an exception. There is no use in constructing an invalid URL. This would be a BC break so I will redo this PR for the 4.0-dev branch. What do you think?

[laoneo]

@JannikMichel I think it would be a good idea to have it properly fixed in 4.

[roland-d]

@laoneo Ok, we will make a new PR against the 4.0-dev.

[ghost]

RTC after two successful tests.

@Murat75 i altered your Test.

[laoneo]

Would be not bad to adapt the unit tests then accordingly.

[roland-d]

@laoneo Going to need help in that department.

[laoneo]

@roland-d Ping me on glip, when you get stuck.

[bembelimen]

@JannikMichel Yes and perhaps in the Application class, too (not sure if JUri is already available there)

[roland-d]

@JannikMichel Please don't forget to follow up. Thanks.

[photodude]

My preference is for

$host = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : "undefined";

I do not think leaving this as an empty value when HTTP_HOST is undefined is apropreate.
(note: I am not sure if it would cause problems with urls the set host to an undefined value)

I'm also not sure if there is a better way to handle the situation of HTTP_HOST being undefined.
(the exceptions approach for J4 is likely the direction things need to go)

[piotr-cz]

What about resolving to $_SERVER['SERVER_NAME'], like here: https://github.com/slimphp/Slim/blob/3.9.0/Slim/Http/Uri.php#L176-L181

[photodude]

Both $_SERVER['HTTP_HOST'] and $_SERVER['SERVER_NAME'] can both be empty, then what?

[Quy]

$_SERVER['SERVER_NAME'] would work in my case.

[piotr-cz]

@photodude ATM we are relying only on $_SERVER['HTTP_HOST'] so it's a step forward.

[photodude]

I agree that adding $_SERVER['SERVER_NAME'] could be a step in the right direction. But we need to properly handle the case of both $_SERVER['HTTP_HOST'] and $_SERVER['SERVER_NAME'] being empty otherwise we are just introducing a new known problem.

We also need to check more than just Apache. What happens on Nginx or on IIS?

[csthomas]

HTTP_HOST is not set when we run CLI script or the Apache or NginX do not have such variable set up.

If we do not know the name of domain we can not create any absolute URL with schema.
This means that $theURI or $uri should be relative without schema and host.

There is a global configuration variable live_site, I do not know if this is deprecated.

joomla-cms/libraries/src/Uri/Uri.php

Line 141 in 0ac5c79

$live_site = ($uri->isSsl()) ? str_replace('http://', 'https://', $config->get('live_site')) : $config->get('live_site');

and IMO it should be used if HTTP_HOST is not available.

[Quy]

I checked 2 sites and live_site is blank.
I get this error when the client is using HTTP/1.0.

error log:

PHP Notice: Undefined index: HTTP_HOST in /httpdocs/libraries/src/Application/WebApplication.php on line 988
PHP Notice: Undefined index: HTTP_HOST in /httpdocs/libraries/src/Uri/Uri.php on line 90

access log:

176.58.114.41 - - [03/Nov/2017:10:45:21 -0700] "GET / HTTP/1.0" 400 0 "-" "-"
176.58.114.41 - - [03/Nov/2017:10:45:24 -0700] "GET / HTTP/1.0" 200 75748 "-" "-"

[piotr-cz]

AFAIK the live_site setting is meant for edge cases when it's not possible to resolve URL, like this one

[csthomas]

Maybe this way?

# HTTP/1.1
if $_SERVER['HTTP_HOST'] then 
...

# HTTP/1.0 and we have server variable
elseif $_SERVER['SERVER_NAME'] then 
...

# CLI request and joomla has set up $live_site
elseif $live_site then 
...

# At least do not raise PHP notice
else 'use empty schema and host'

[photodude]

I think @csthomas's suggestion is getting the closest to a proper way to address this issue.
As I noted when I opened #10203 the solution to this is going to be complex.

Looking at the definition of the $live_site variable in most cases we are getting text something like http://www.yourdomainname.com where $_SERVER['HTTP_HOST'] or $_SERVER['SERVER_NAME'] would only give text like www.yourdomainname.com or yourdomainname.com
So additional processing is going to be needed to strip off the http:// from the $live_site variable

[photodude]

possible example based on @csthomas's suggestion

if (isset($_SERVER['HTTP_HOST']))
{
    $host =  $_SERVER['HTTP_HOST'];
}
elseif (isset($_SERVER['SERVER_NAME']))
{
    $host = $_SERVER['SERVER_NAME'];
}
elseif (!empty(JFactory::getConfig()->get('live_site')))
{
    $liveSite = str_replace("http://", "https://", JFactory::getConfig()->get('live_site'));
    $host = $liveSite;
}
elseif ( !empty($_SERVER['SERVER_ADDR']))
{
    $host = $_SERVER['SERVER_ADDR'];
}
else
{
    $host = '';
}

[csthomas]

Why would you want to add$_SERVER['SERVER_ADDR']?

Take a look at https://stackoverflow.com/questions/5705082/is-serverserver-addr-safe-to-rely-on/5705170

$_SERVER['HTTP_HOST'] and $live_site - may contain schema and port, ex http://www.example.com:8080
$_SERVER['SERVER_NAME'] - usually does not contains schema or port, only www.example.com

More info at:

• https://stackoverflow.com/questions/2297403/what-is-the-difference-between-http-host-and-server-name-in-php
• https://stackoverflow.com/questions/9731076/local-host-and-port-number-in-server-variable

[photodude]

$_SERVER['SERVER_ADDR'] is the IP address
On IIS $_SERVER['SERVER_NAME'] might be "The server's host name, DNS alias, or IP address"

I considered $_SERVER['SERVER_ADDR'] as an alternative to possible IIS output for $_SERVER['SERVER_NAME']

based on some things I was reading for CLI we may want to also consider

elseif (isset($_ENV["HOSTNAME"]))
{
    $host = $_ENV["HOSTNAME"];
}
elseif (isset($_ENV["COMPUTERNAME"]))
{
    $host = $$_ENV["COMPUTERNAME"];
}

[photodude]

@csthomas I was looking into the $_SERVER['SERVER_NAME'] issue with the port. From other things I was reading with Apache 2 "if your httpd UseCanonicalName directive is set to "On" then port gets parsed out of the ServerName directive."
So $_SERVER['SERVER_NAME'] may or may not include the port depending on apache server configuration.

Not sure about behavior on Nginx or IIS.

[Quy]

@photodude I would like it simple HTTP_HOST > SERVER_NAME > live_site that you proposed earlier without having to consider all possible cases/setup.

[photodude]

@Quy sounds good to me. It's much better than what's currently in place.

I still question the last case. Is $host = ''; or $host = "undefined"; more correct. I generally am against leaving things as empty strings, but I'm not sure what the most appropriate solution here is.

If possible, someone should try to put some unit tests in for this issue too.

[mbabker]

You shouldn't shove arbitrary data into something if you can't resolve a correct value.

[photodude]

@mbabker I somewhat agree. There is definitely a balance between not shoving data into something when a value cannot be resolved; and specifying a default/fallback value for something when a value cannot be resolved because the variable should not be empty.

This is a case where I continue to be unsure of the appropriate course of action.

[Quy]

I get this warning now and then, but not frequent enough. In my case, SERVER_NAME would have resolved this issue. I don't mind updating live_site as the last resort/fallback. If left empty it will be the scenario now, but at least I have control of this value if required.

[rotech1]

Joomla 5.8.5, PHP 7.1.13 on Apache still get this...

[Thu Feb 15 01:18:48 2018] [notice] [client xxx.xxx.xxx.xxx] PHP Notice: Undefined index: HTTP_HOST in [redacted]/libraries/src/Application/WebApplication.php on line 986
[Thu Feb 15 01:18:48 2018] [notice] [client xxx.xxx.xxx.xxx] PHP Notice: Undefined index: HTTP_HOST in [redacted]/libraries/src/Uri/Uri.php on line 90

[zero-24]

Dear @JannikMichel

in preperation of the upcomming release of Joomla 3.10 we have used GitHubs rename feature to rename the staging branch into 3.10-dev. Usually GitHub moves all existing PRs towards the new branch just fine, but here it didnt work. The reason seems to be that the fork of the CMS that was used as base for this PR has been deleted so GitHub does no longer have a base to rebase the PR against the new branch and we are also not able to reopen the PR. For that reason GitHub closed this PR in my name, when this issue is still valid It would require a new PR against the new 3.10-dev or 4.0-dev branch.