[Tickets #2350] NEW: "Problem Report" return_url parameter needs to be complete URI

bugs@bugs.horde.org bugs at bugs.horde.org
Thu Jul 28 11:51:20 PDT 2005 

DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.

Ticket URL: http://bugs.horde.org/ticket/?id=2350
-----------------------------------------------------------------------
 Ticket             | 2350
 Created By         | greg.rundlett at savaje.com
 Summary            | "Problem Report" return_url parameter needs to be complete URI
 Queue              | Horde Framework Packages
 State              | Unconfirmed
 Priority           | 1. Low
 Type               | Bug
 Owners             | 
+New Attachment     | Horde.php.diff
-----------------------------------------------------------------------


greg.rundlett at savaje.com (2005-07-28 11:51) wrote:

Hi Jan (I posted this to the dev list, but you asked me to post here).

This is fairly simple, but took me a long time to track it down, so I'll
explain it in detail.

In lib/Horde.php (confirmed in CVS v. 1.522), the getServiceLink() method is
responsible for creating the URL that is used for the 'Problem Report'
function displayed in most Horde applications.  The generated URL contains a
querystring parameter (return_url), that is then used to return the user
from whence they came after submitting the form.  This 'return to sender' is
accomplished using an HTTP Location header.  The current CVS version only
creates a relative path for the return_url parameter.  The HTTP location
header should always use a complete URI.  Also, a proxied application will
result in a 404 error if the querystring parameter is just a relative path. 
Using the optional $full arguments to Horde::url() and  Horde::selfUrl()
cures these issues, creating a Problem Report URL like the following:
https://mead-2.savaje.com/ab-dev/services/problem.php?return_url=https%3A%2F
%2Fmead-2.savaje.com%2Fab-dev%2Fautobuilder%2Faddr2line.php

The attached diff can be used with patch to make the one-line change
required to fix this bug

See http://pastebin.com/323798 for a highlighted example of the one-line
change the patch would make.

More information about the bugs mailing list