Uploaded image for project: 'phpBB3'
  1. phpBB3
  2. PHPBB3-9126

Invalid redirection after login to forum not in web root

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.0.7-PL1
    • Fix Version/s: 3.0.8-RC1
    • Component/s: Login
    • Labels:
      None
    • Environment:
      PHP Environment: 5.2.12
      Database: 5.1.40

      Description

      This issue affects any forum (i.e. https://myforum/phpBB3/) where:

      If these conditions are met, after successful login the user is redirected to an invalid URI (i.e., https://myforum/phpBB3/phpBB3?sid=).

      To fix this behavior, extract_current_page() in includes/session.php needs to handle the case correctly where the URI of the current page ends in a slash and is not the web root.

        Activity

        Hide
        dpward dpward added a comment -

        nargelion, I believe I upgraded directly from 3.0.4 to 3.0.6. The other variable I may be leaving out is that my webhost runs LiteSpeed Web Server rather than Apache, not sure if that is causing anything strange.

        Let me see if I can reproduce this in a virtual machine, then if so try to see where our setups may differ.

        Show
        dpward dpward added a comment - nargelion, I believe I upgraded directly from 3.0.4 to 3.0.6. The other variable I may be leaving out is that my webhost runs LiteSpeed Web Server rather than Apache, not sure if that is causing anything strange. Let me see if I can reproduce this in a virtual machine, then if so try to see where our setups may differ.
        Hide
        A_Jelly_Doughnut A_Jelly_Doughnut added a comment -

        I would imagine this is a "problem" with LiteHTTPD, then. The $_SERVER array is populated by the web daemon.

        That's not to say the patch isn't worth keeping ... because LiteHTTPD is relatively popular. Just as long as it doesn't break anything else

        Show
        A_Jelly_Doughnut A_Jelly_Doughnut added a comment - I would imagine this is a "problem" with LiteHTTPD, then. The $_SERVER array is populated by the web daemon. That's not to say the patch isn't worth keeping ... because LiteHTTPD is relatively popular. Just as long as it doesn't break anything else
        Hide
        narqelion narqelion [X] (Inactive) added a comment -

        dpward:

        Let me see if I can reproduce this in a virtual machine, then if so try to see where our setups may differ.


        I'd be interested to see what the difference is. During lunch now I just tested on Litespeed Enterprise 4.0.x and was still not able to reproduce the behavior. The PHP version was 4.x so I am going to recompile with PHP 5.3.x tonight and see if anything changes.

        Show
        narqelion narqelion [X] (Inactive) added a comment - dpward: Let me see if I can reproduce this in a virtual machine, then if so try to see where our setups may differ. I'd be interested to see what the difference is. During lunch now I just tested on Litespeed Enterprise 4.0.x and was still not able to reproduce the behavior. The PHP version was 4.x so I am going to recompile with PHP 5.3.x tonight and see if anything changes.
        Hide
        naderman Nils Adermann added a comment -

        So has anyone else been able to reproduce this? I'm inclined to undo the patch if this is not reproducible.

        Show
        naderman Nils Adermann added a comment - So has anyone else been able to reproduce this? I'm inclined to undo the patch if this is not reproducible.
        Hide
        narqelion narqelion [X] (Inactive) added a comment -

        I was never able to reproduce the reported error with https, using PHP4 or PHP5 under Litespeed Enterprise 4.

        Show
        narqelion narqelion [X] (Inactive) added a comment - I was never able to reproduce the reported error with https, using PHP4 or PHP5 under Litespeed Enterprise 4.

          People

          • Assignee:
            naderman Nils Adermann
            Reporter:
            dpward dpward
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development