You need to log in before you can comment on or make changes to this bug.
Use of "Query" widget generates a PHP fatal error A PHP error is generated when executing a Query on the "sample_basic.phtml" (select Sample using multi-state buttons" link) template. Steps to reproduce: 1. Load the template 2. Click on "Identify Feature" 3. Click on the map preview near Ottawa 4. PHP error comes out. Fedora Core 1 Mozilla 1.6 Chameleon tarball 20040506 ----------------------- PHP error: [07-May-2004 15:40:17] PHP Fatal error: Call to a member function on a non-object in /home/nsavard/proj/chameleon_cvs/htdocs/widgets/Query/QueryResults.phtml on line 465
this happens under very specific circumstances: in cwc2.xml set web_server_path to http://<ipadress>/... then access apps via http://localhost/... accessing via http://<ipaddress>/.. is okay, so is setting web_server_path to /... (no http://<ipaddress>) The error in QueryResults refers to the MLT object that *should* have been created. Investigating further.
accessing via http://<ipaddress>/ is working but it generates an Apache error (see below). Apache error: [Tue May 18 15:38:24 2004] [error] [client 192.168.4.101] File does not exist: /var/www/html/nsavard/chameleon_beta/widgets/images, referer: http://192.168.4.101/nsavard/chameleon_beta/widgets/Query/QueryResults.phtml? sid=40aa60d93c82f&RADIUS=3&FEATURE_COUNT=5& include_empty=true&NAV_INPUT_COORDINATES=260,84
a bit more info: even though the app is accessed as http://localhost/... the url used to launch the query popup is http://<ipaddress>/... which I think is causing the session to invalidate because the IP address is different from the one that started it.
fix applied to php_utils/src/session/session.php. The code now explicitly tests to see if the app was started from 127.0.0.1 and won't refuse to open the session if the ipadress is different. I assume that this does open a security hole for hackers that try to steal sessions from people who are accessing apps running on localhost, but in general this should not be the case on servers and should only happen to people who are testing before deploying.
Verified on Linux.
Verified on Windows. Closed.