6.0.0-git
2021-01-18

[#2350] "Problem Report" return_url parameter needs to be complete URI
Summary "Problem Report" return_url parameter needs to be complete URI
Queue Horde Framework Packages
Type Bug
State Resolved
Priority 1. Low
Owners
Requester greg.rundlett (at) savaje (dot) com
Created 2005-07-28 (5653 days ago)
Due
Updated 2005-07-29 (5652 days ago)
Assigned
Resolved 2005-07-29 (5652 days ago)
Milestone
Patch No

History
2005-07-29 09:18:02 Jan Schneider Comment #2
State ⇒ Resolved
Reply to this comment
Committed, thanks.
2005-07-28 18:51:18 greg (dot) rundlett (at) savaje (dot) com Comment #1
Type ⇒ Bug
State ⇒ Unconfirmed
Priority ⇒ 1. Low
Summary ⇒ "Problem Report" return_url parameter needs to be complete URI
Queue ⇒ Horde Framework Packages
New Attachment: Horde.php.diff Download
Reply to this comment
Hi Jan (I posted this to the dev list, but you asked me to post here).



This is fairly simple, but took me a long time to track it down, so 
I'll explain it in detail.



In lib/Horde.php (confirmed in CVS v. 1.522), the getServiceLink() 
method is responsible for creating the URL that is used for the 
'Problem Report' function displayed in most Horde applications.  The 
generated URL contains a querystring parameter (return_url), that is 
then used to return the user from whence they came after submitting 
the form.  This 'return to sender' is accomplished using an HTTP 
Location header.  The current CVS version only creates a relative path 
for the return_url parameter.  The HTTP location header should always 
use a complete URI.  Also, a proxied application will result in a 404 
error if the querystring parameter is just a relative path.  Using the 
optional $full arguments to Horde::url() and  Horde::selfUrl() cures 
these issues, creating a Problem Report URL like the following:

https://mead-2.savaje.com/ab-dev/services/problem.php?return_url=https%3A%2F%2Fmead-2.savaje.com%2Fab-dev%2Fautobuilder%2Faddr2line.php



The attached diff can be used with patch to make the one-line change 
required to fix this bug



See http://pastebin.com/323798 for a highlighted example of the 
one-line change the patch would make.


Saved Queries