Svn 1429: bug in Common.php line 628


(diri) #1
		if(is_null($browserLang))
		{
			if(self::isPhpCliMode())
			{
// fix it!				$browserLang = $_ENV['LANG'];
				$browserLang = self::sanitizeInputValues(@$_SERVER['HTTP_ACCEPT_LANGUAGE']);
			}
			else
			{
				$browserLang = self::sanitizeInputValues(@$_SERVER['HTTP_ACCEPT_LANGUAGE']);
			}
		}


Browser used is Firefox 3.52 Windows


(vipsoft) #2

In this case, it would be more helpful if you told me a little about your server.

What operating system is the web server, PHP version, and PHP SAPI name?

<?php
echo php_sapi_name();

(diri) #3

[quote=vipsoft @ Aug 23 2009, 10:41 PM]What operating system is the web server, PHP version, and PHP SAPI name?

<?php
echo php_sapi_name();

[/quote]

php_sapi_name: cgi

Operating system: Debian based
Web server: Apache
PHP version: 5.2.10

Browser language is available via _ENV[“HTTP_ACCEPT_LANGUAGE”] and _SERVER[“HTTP_ACCEPT_LANGUAGE”].

AFAICS fix should be _ENV[“HTTP_ACCEPT_LANGUAGE”] instead of _ENV[“LANG”].

btw: Same effect when server (Apache) is running on CentOS, Fedora, BSD or Windows.


(vipsoft) #4

Thanks. Please svn up, and let me know if it’s still broken. $_ENV[‘LANG’] is needed for command-line sessions.

I’ve changed isPhpCliMode() to only count cgi as command-line when REMOTE_ADDR is empty (which should only occur when not a browser session).


(diri) #5

[quote=vipsoft @ Aug 24 2009, 10:33 AM]Thanks. Please svn up, and let me know if it’s still broken. $_ENV[‘LANG’] is needed for command-line sessions.

I’ve changed isPhpCliMode() to only count cgi as command-line when REMOTE_ADDR is empty (which should only occur when not a browser session).[/quote]

Thank you very much.

It works so far but, you might come in trouble in case of a proxy when you take this as given. Didn’t check code for it but, don’t forget

if (getenv(HTTP_X_FORWARDED_FOR)) 

(vipsoft) #6

In that situation, isn’t REMOTE_ADDR the ip addr of the proxy?


(diri) #7

Depends on proxy. It can be different and not empty. There are combinations of redirects and proxies which work similar to an anonymizieser.


(vipsoft) #8

I think you’re mistaken. Whether or not REMOTE_ADDR is set is determined by PHP.