Hi,
I would like to propose a modification of "iniset.php" to eliminate possible "Undefined index: HTTPS" notices in the error log.
The existence of $_SERVER['HTTPS'] should be tested before any attempt to retrieve its value. We currently use the following solution:
isset($_SERVER['HTTPS']) ? ini_set('session.cookie_secure', ($_SERVER['HTTPS'] && ($_SERVER['HTTPS'] != 'off'))) : ini_set('session.cookie_secure', 0);
The proposed modification is attached as a patch file.
Regards, Jonas Nasholm Bitfuse Network
--- 8< --- detachments --- 8< --- The following attachments have been detached and are available for viewing. http://detached.gigo.com/rc/j3/EflQHdK2/program_include_inis.patch Only click these links if you trust the sender, as well as this message. --- 8< --- detachments --- 8< ---
List info: http://lists.roundcube.net/dev/
Jonas Nasholm wrote:
Hi,
I would like to propose a modification of "iniset.php" to eliminate possible "Undefined index: HTTPS" notices in the error log.
The existence of $_SERVER['HTTPS'] should be tested before any attempt to retrieve its value. We currently use the following solution:
isset($_SERVER['HTTPS']) ? ini_set('session.cookie_secure', ($_SERVER['HTTPS'] && ($_SERVER['HTTPS'] != 'off'))) : ini_set('session.cookie_secure', 0);
The proposed modification is attached as a patch file.
Thanks, but we just need to move upper the line: ini_set('error_reporting', E_ALL&~E_NOTICE);
On Fri, Jan 2, 2009 at 3:27 PM, A.L.E.C alec@alec.pl wrote:
Jonas Nasholm wrote:
Hi,
I would like to propose a modification of "iniset.php" to eliminate possible "Undefined index: HTTPS" notices in the error log.
Thanks, Jonas.
The existence of $_SERVER['HTTPS'] should be tested before any attempt to retrieve its value. We currently use the following solution:
isset($_SERVER['HTTPS']) ? ini_set('session.cookie_secure', ($_SERVER['HTTPS'] && ($_SERVER['HTTPS'] != 'off'))) : ini_set('session.cookie_secure', 0);
The proposed modification is attached as a patch file.
Thanks, but we just need to move upper the line: ini_set('error_reporting', E_ALL&~E_NOTICE);
We need to fix it. Instead of hiding it since most of those errors are being handled more strict in later PHP versions. Besides, a side effect is cleaner and more robust code.
http://trac.roundcube.net/changeset/2211/trunk/roundcubemail/program
Happy new year, Till
Till _______________________________________________ List info: http://lists.roundcube.net/dev/
We found a similar problem in the function setcookie() in "program/include/rcmail.php":
public static function setcookie($name, $value, $exp = 0) { $cookie = session_get_cookie_params(); setcookie($name, $value, $exp, $cookie['path'], $cookie['domain'], ($_SERVER['HTTPS'] && ($_SERVER['HTTPS'] != 'off'))); }
A boolean variable, for example $secure, should be determined before calling setcookie(). The boolean variable could be set according to the same logic as in "iniset.php" in trunc 2211.
Regards, Jonas
On Fri, Jan 2, 2009 at 3:27 PM, A.L.E.C alec@alec.pl wrote:
The existence of $_SERVER['HTTPS'] should be tested before any attempt to retrieve its value.
Thanks, but we just need to move upper the line: ini_set('error_reporting', E_ALL&~E_NOTICE);
We need to fix it. Instead of hiding it since most of those errors are being handled more strict in later PHP versions. Besides, a side effect is cleaner and more robust code.
http://trac.roundcube.net/changeset/2211/trunk/roundcubemail/program
List info: http://lists.roundcube.net/dev/
This has already been discussed a while ago - please don't waste developer time "fixing" notices - they are there for a reason but it is fine to *not* check for the existence of an index - that is the benefit of a scripting language over a string language. It won't throw an exception and in most cases it is fine to not check it.
Instead please focus on new features!
My 2 cents.
Mike
Jonas Nasholm wrote:
We found a similar problem in the function setcookie() in "program/include/rcmail.php":
public static function setcookie($name, $value, $exp = 0) { $cookie = session_get_cookie_params(); setcookie($name, $value, $exp, $cookie['path'], $cookie['domain'], ($_SERVER['HTTPS'] && ($_SERVER['HTTPS'] != 'off'))); }
A boolean variable, for example $secure, should be determined before calling setcookie(). The boolean variable could be set according to the same logic as in "iniset.php" in trunc 2211.
Regards, Jonas
On Fri, Jan 2, 2009 at 3:27 PM, A.L.E.C alec@alec.pl wrote:
The existence of $_SERVER['HTTPS'] should be tested before any attempt to retrieve its value.
Thanks, but we just need to move upper the line: ini_set('error_reporting', E_ALL&~E_NOTICE);
We need to fix it. Instead of hiding it since most of those errors are being handled more strict in later PHP versions. Besides, a side effect is cleaner and more robust code.
http://trac.roundcube.net/changeset/2211/trunk/roundcubemail/program
List info: http://lists.roundcube.net/dev/