diff options
| author | Lilli <lilli@janrain.com> | 2010-02-10 12:33:42 -0800 |
|---|---|---|
| committer | Lilli <lilli@janrain.com> | 2010-02-10 12:33:42 -0800 |
| commit | a2aa5e59b9479f18148fc65b2ebc0076e89a2f07 (patch) | |
| tree | 07ce5f1df7b2910d4e011fa66671fa8a1fd4e4a9 | |
| parent | 4bda4445ee8c3167cd64089eefeadac32019f607 (diff) | |
| download | php-openid-a2aa5e59b9479f18148fc65b2ebc0076e89a2f07.zip php-openid-a2aa5e59b9479f18148fc65b2ebc0076e89a2f07.tar.gz php-openid-a2aa5e59b9479f18148fc65b2ebc0076e89a2f07.tar.bz2 | |
Added the following patch from the trac.openidenabled.com ticket #253:
http://trac.openidenabled.com/trac/attachment/ticket/253/detect.patch.txt
Original Message:
Opened 2 years ago
Reported by: http://openid.jamus.com/
detect.php - Detect "corruption" of query string by mod_encoding
"The mod_encoding module "corrupts" the query string by translating %xx in the query sring to the character representation.
For example, for the URL http://foo.com?a=a%26b, the QUERY_STRING should be a=a%26b, but with mod_encoding enabled, QUERY_STRING is a=a&b. This corruption prevents the library from working correctly.
Attached is a simple patch to detect.php to detect this. I hope to save somebody else time tracking this down.
mod_encoding was enabled by my webhost (dreamhost.com) when I enabled web_dav for the domain."
All hunks were applied successfully.
| -rw-r--r-- | examples/detect.php | 25 |
1 files changed, 22 insertions, 3 deletions
diff --git a/examples/detect.php b/examples/detect.php index 2d06ae1..947fe4c 100644 --- a/examples/detect.php +++ b/examples/detect.php @@ -395,6 +395,21 @@ function detect_xml($r, &$out) } } +function detect_query_corruption($r, &$out) +{ + $out .= $r->h2('Query Corruption'); + if ($_SERVER["QUERY_STRING"]!="test_query=a%26b") + { + $out.=$r->p("Your web server seems to corrupt queries. Received ".$_SERVER["QUERY_STRING"].", expected a=%26b. Check for mod_encoding."); + return false; + } + else + { + $out.=$r->p("Your web server does not corrupt queries. Good."); + return true; + } +} + function detect_fetcher($r, &$out) { $out .= $r->h2('HTTP Fetching'); @@ -468,8 +483,12 @@ function detect_fetcher($r, &$out) } header('Content-Type: ' . $r->contentType() . '; charset=us-ascii'); - -$title = 'OpenID Library Support Report'; +if (!$_GET["test_query"]) +{ + header("Location: ".$_SERVER['PHP_SELF']."?test_query=a%26b"); +} + + $title = 'OpenID Library Support Report'; $out = $r->start($title) . $r->h1($title) . $r->p('This script checks your PHP installation to determine if you ' . @@ -493,7 +512,7 @@ if (!$_include) { $status[] = detect_stores($r, $body); $status[] = detect_fetcher($r, $body); $status[] = detect_xml($r, $body); - + $status[] = detect_query_corruption($r, $body); $result = true; foreach ($status as $v) { |