#3711 (ok 3.5.4) Wrong redirect url caused cookies error ForceSSL

3.5.3
fixed
Marc Delisle
1
2013-06-11
2012-11-02
moneycat
No

After enable ForceSSL for ssl support in config.php, the redirect url will AUTOMATIC add an additional slash. This behaviour lead the cookies error where in pMA, there is always show "Cookies must be enabled past this point.".

I'm using CentOS 6.3 with php 5.3.3 with "HTTP" authenticated method. Here is a sample of the the output of "parse_url" funtion used in libraries/common.inc.php#343

Reproduced steps:
1. Write a php page with onlu one command "<?php print_r(parse_url("http://localhost/phpMyAdmin")); ?>"
2. The output is "Array ( [scheme] => http [host] => localhost [path] => /phpMyAdmin/ ) "
3. In the libraries/common.inc.php, the url will be redirect to "http://localhost//phpMyAdmin" where there is an additional "/" in path.
4. If not correct the wrong path, there will always show "Cookies must be enabled past this point." in pages. And there are "import.php: Missing parameter: import_typeDocumentation" and "import.php: Missing parameter: formatDocumentation" erorrs.
5. If remove the slash and reload the pages, the notices gone.

NOTICE: if using "cookie" auth method, the ADDITIONAL slashes will show in login page but GONE whtn successful login.

Discussion

  • Marc Delisle
    Marc Delisle
    2012-11-04

    • assigned_to: nobody --> lem9
     
  • Marc Delisle
    Marc Delisle
    2012-11-04

    suggested patch

     
    Attachments
  • Marc Delisle
    Marc Delisle
    2012-11-04

    Hi,
    please confirm that the attached patch works for you.

     
  • moneycat
    moneycat
    2012-11-05

    Yes, it works.

     
  • moneycat
    moneycat
    2012-11-05

    • status: open --> closed
     
  • Marc Delisle
    Marc Delisle
    2012-11-05

    • status: closed --> open
     
  • Marc Delisle
    Marc Delisle
    2012-11-05

    Please do not close this, because I have to merge the patch to the code base and release a version containing the patch. Then I'll close this artifact.

     
  • Marc Delisle
    Marc Delisle
    2012-11-05

    • priority: 5 --> 1
    • summary: Wrong redirect url caused cookies wrror with ForceSSL --> (ok 3.5.4) Wrong redirect url caused cookies error ForceSSL
    • status: open --> open-fixed
     
  • Marc Delisle
    Marc Delisle
    2012-11-05

    This bug was fixed in repository and will be part of a future release; thanks for reporting.

     
  • Marc Delisle
    Marc Delisle
    2012-11-16

    • status: open-fixed --> closed-fixed
     
  • Michal Čihař
    Michal Čihař
    2013-06-11

    • Status: closed-fixed --> fixed