View Issue Details

IDProjectCategoryView StatusLast Update
0018134phpList 3 applicationOtherpublic22-09-16 22:10
Reporterduncanc 
PrioritynormalSeverityminorReproducibilityhave not tried
Status assignedResolutionreopened 
Product Version3.2.5 
Target Versionnext patchFixed in Version3.2.6 
Summary0018134: Use of misleading http status codes
DescriptionThis is a bit naughty.

If an error occurs trying to connect to the database the code sends an http header with a misleading status code, e.g.

            case 2005: # "unknown host"
                header('Cannot connect to database, unknown host', true, 505);
                print "Unknown database host to connected to, please check your configuration";
                exit;


There was a forum post to do with a 505 error 'HTTP Version Not Supported' which in the end obviously had nothing to do with the http version.
The user's browser displayed only the correct meaning of 505, and not the header text about unable to connect nor the printed line.

I have found that apache sometimes seems to intercept these status codes and sends a generic 500 internal server error without the following printed text. Using a slightly different form for the header seems to give a better result with the browser receiving a 502 status and also displaying the printed text

header('HTTP/1.0 502 Cannot connect to database, access denied');
print "Cannot connect to database, access denied. Please check your configuration or contact the administrator.";

But what is the reason for sending a header at all?
TagsNo tags attached.

Relationships

related to 0018344 resolvedmichiel Redirect does not work with fastcgi 

Activities

michiel

07-06-16 21:04

manager   ~0057758


Yes, I guess that should be updated. The reason was that it would be easier to set up a monitoring script to identify what was wrong with an installation. All that was needed was the status code to flag the problem. That would make it quicker to identify and fix the issue.

It's never been documented and also never put in action, I think, so yes, let's be more compliant and just return 500 with maybe the error content changing.

duncanc

22-09-16 11:38

developer   ~0058283

This is affected by the same problem with fastcgi as issue 18344. This call causes a further 500 error, with the print() output being lost:

header('Cannot connect to database, access denied', true, 500);
print "Cannot connect to database, access denied. Please check your configuration or contact the administrator.";

But this format keeps the print() output

header('HTTP/1.0 500 Cannot connect to database, access denied');
print "Cannot connect to database, access denied. Please check your configuration or contact the administrator.";