[kronolith] [bug] $_SERVER['PHP_SELF'] being double encoded in base.php

Aaron Straup Cope asc at vineyard.net
Thu Oct 9 07:43:55 PDT 2003


Hi all,

If there is a more appropriate place to submit this report my apologies.
I poked around the Bugzilla widget at horde.org but there was no
'kronolith' component so...

kronolith/lib/base.php (~ ln. 49) is encoding the value of
$_SERVER['PHP_SELF'] before passing it off to Kronolith.php's
addParameter function which, in turn, encodes each of its key/value
pairs.

This means that by the time you get through the redirect chain on login
(in this instance IMP is being used for authentication) the final
redirect ends up going to :

 http://example.com/horde%2Fhorde%2Fkronolith%2Findex.php

I'd be happy to submit a patch but poking around the various sites its
unclear where or how to do so.

Thanks,

---

This is the Kronolith 1.1 FreeBSD port [1]

---

[1] http://www.freshports.org/deskutils/kronolith/



More information about the kronolith mailing list