From: phpbugs at lusis dot org Operating system: gentoo 1.4 PHP version: 4.3.2 PHP Bug Type: Apache2 related Bug description: Relative URI location breaks PATH_INFO
Description: ------------ I was testing some session-setting code that uses PATH_INFO to set session variables from PATH_INFO. After exploding PATH_INFO and using the information, I wanted to redirect back to the page. This didn't work as expected. The page I was attempting to redirect to was treated as a PATH_INFO value. The only way to resolve this was to use an absolute URL as the Location. The whole purpose is to have a single page as the URL. An example URL is: http://hostname/~username/directory/main.php/1/2 This would set the current menu to 1 and the current task as 2. These values are for a sort of breadcrumb system. The tasks are specific to a menu and are pulled from a database to build the tasklist. What ends up happening is $menu gets overwritten with main.php instead of 1. When this is moved to production, the desired URL will actually be: http://hostname/main.php/1/2 which should redirect to: http://hostname/main.php after parsing the PATH_INFO. Reproduce code: --------------- $MYURL="http://hostname/~username/directory/"; list($dummy,$menu,$task)=explode('/',$_SERVER['PATH_INFO']); if($task) { $_SESSION['CurrentMenu'] = $menu; $_SESSION['CurrentTask'] = $task; // This works header("Location: ".$MYURL."main.php"); // This does not: // header("Location: main.php"); exit; }else($menu){ $_SESSION['CurrentMenu'] = $menu; header("Location: ".$MYURL."main.php"); exit; } Expected result: ---------------- PATH_INFO should be parsed properly. PAge should be refreshed as main.php with the session variables set as shown. Actual result: -------------- $menu gets overwritten with main.php instead of 1 after first redirect. -- Edit bug report at http://bugs.php.net/?id=11498&edit=1 -- Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=11498&r=trysnapshot4 Try a CVS snapshot (php5): http://bugs.php.net/fix.php?id=11498&r=trysnapshot5 Fixed in CVS: http://bugs.php.net/fix.php?id=11498&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=11498&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=11498&r=needtrace Try newer version: http://bugs.php.net/fix.php?id=11498&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=11498&r=support Expected behavior: http://bugs.php.net/fix.php?id=11498&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=11498&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=11498&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=11498&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=11498&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=11498&r=dst IIS Stability: http://bugs.php.net/fix.php?id=11498&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=11498&r=gnused
