External prestashop PHP script fails when "All pages SSL" enabled

[xavibj]

Hi, if I try to execute the following script 

 

<?php

include_once('/var/ean/config/config.inc.php');

include_once('/var/ean/init.php');

 

$p = new Product(401);

echo $p->id;

?>

 

in a prestahop (1.6.1.11) site with "all pages SSL" enabled fails with these warnings:

 

PHP Notice:  Undefined index: REQUEST_METHOD in /home/ean_test/classes/controller/FrontController.php on line 788

 

Notice: Undefined index: REQUEST_METHOD in /home/ean_test/classes/controller/FrontController.php on line 788

PHP Warning:  Cannot modify header information - headers already sent by (output started at /home/ean_test/classes/controller/FrontController.php:788) in /home/ean_test/classes/controller/FrontController.php on line 790

 

Warning: Cannot modify header information - headers already sent by (output started at /home/ean_test/classes/controller/FrontController.php:788) in /home/ean_test/classes/controller/FrontController.php on line 790

PHP Warning:  Cannot modify header information - headers already sent by (output started at /home/ean_test/classes/controller/FrontController.php:788) in /home/ean_test/classes/controller/FrontController.php on line 791

 

Warning: Cannot modify header information - headers already sent by (output started at /home/ean_test/classes/controller/FrontController.php:788) in /home/ean_test/classes/controller/FrontController.php on line 791

PHP Warning:  Cannot modify header information - headers already sent by (output started at /home/ean_test/classes/controller/FrontController.php:788) in /home/ean_test/classes/controller/FrontController.php on line 793

 

Warning: Cannot modify header information - headers already sent by (output started at /home/ean_test/classes/controller/FrontController.php:788) in /home/ean_test/classes/controller/FrontController.php on line 793

 

the problem is in the if condition in sslRedirection, that evaluates to true. 

 

protected function sslRedirection()

    {

        // If we call a SSL controller without SSL or a non SSL controller with SSL, we redirect with the right protocol

        if (Configuration::get('PS_SSL_ENABLED') && $_SERVER['REQUEST_METHOD'] != 'POST' && $this->ssl != Tools::usingSecureMode()) {

            $this->context->cookie->disallowWriting();

            header('HTTP/1.1 301 Moved Permanently');

            header('Cache-Control: no-cache');

            if ($this->ssl) {

                header('Location: '.Tools::getShopDomainSsl(true).$_SERVER['REQUEST_URI']);

            } else {

                header('Location: '.Tools::getShopDomain(true).$_SERVER['REQUEST_URI']);

            }

            exit();

        }

    }

 

 

To solve this error I added isset($_SERVER['REQUEST_METHOD']) to the condition to avoid entering when called from external scripts and now all of them work again. 

 

is it correct? any thoughts?

 

Thanks,

 

Xavi.

Edited April 4, 2017 by xavibj (see edit history)

[jetway]

Are you trying to redirect in your external script? The headers are already declared in /FrontController.php on line 788 which results in an error.

[xavibj]

No, a simple script like this also fails, if SSL is  enabled for all pages

 

<?php

include_once('/var/ean/config/config.inc.php');

include_once('/var/ean/init.php');

 

echo "hola"

?>

 

So I changed the condition in line 788 in classes/controller/FrontController.php

 

if (Configuration::get('PS_SSL_ENABLED') && $_SERVER['REQUEST_METHOD'] != 'POST' && $this->ssl != Tools::usingSecureMode()) {

 

by this

 

if (isset($_SERVER['REQUEST_METHOD']) && Configuration::get('PS_SSL_ENABLED') && $_SERVER['REQUEST_METHOD'] != 'POST' && $this->ssl != Tools::usingSecureMode()) {

Edited April 5, 2017 by xavibj (see edit history)

[bellini13]

why are you including init.php?

include_once('/var/ean/init.php');

[xavibj]

Hi, I put these 2 includes since PS 1.6.0.x with no problem. Please see what happens in a fresh install with 1.6.1.11 (NO SSL)

without init.php I get a Fatal error when I try to retreive the product price.

 

 

<?php

include_once('/home/limpio/config/config.inc.php');

include_once('/home/limpio/init.php');

 

echo "Hi";

 

$p = new Product(1);

echo $p->getPrice();

?>

 

root:~#php test2.php 

Hi19.9771

root:~#

 

Same script without init.php

 

<?php

include_once('/home/limpio/config/config.inc.php');

//include_once('/home/limpio/init.php');

 

echo "Hi";

 

$p = new Product(1);

echo $p->getPrice();

?>

 

root:~# php test2.php 

HiFatal error

root:~# 

 

Edited April 6, 2017 by xavibj (see edit history)

[xavibj]

I'm using PHP 7

 

php -v

PHP 7.0.15-0ubuntu0.16.04.2 (cli) ( NTS )

Copyright © 1997-2017 The PHP Group

Zend Engine v3.0.0, Copyright © 1998-2017 Zend Technologies

    with Zend OPcache v7.0.15-0ubuntu0.16.04.2, Copyright © 1999-2017, by Zend Technologies

[Mauro Gesuitti]

include(dirname(__FILE__).'/../../config/config.inc.php');
$_SERVER['REQUEST_METHOD'] = "POST"; // Fix for SSL redirection
include(dirname(__FILE__).'/../../init.php');

[Nishanthan93]

On 4/5/2017 at 4:15 PM, xavibj said:

No, a simple script like this also fails, if SSL is  enabled for all pages

 

 

 

 

<?php

 

 

include_once('/var/ean/config/config.inc.php');

 

 

include_once('/var/ean/init.php');

 

 

 

 

 

echo "hola"

 

 

?>

 

 

 

 

 

So I changed the condition in line 788 in classes/controller/FrontController.php

 

 

 

 

 

if (Configuration::get('PS_SSL_ENABLED') && $_SERVER['REQUEST_METHOD'] != 'POST' && $this->ssl != Tools::usingSecureMode()) {

 

 

 

 

 

by this

 

 

 

 

 

if (isset($_SERVER['REQUEST_METHOD']) && Configuration::get('PS_SSL_ENABLED') && $_SERVER['REQUEST_METHOD'] != 'POST' && $this->ssl != Tools::usingSecureMode()) {

 

I am faced the same issue in set cron job . i am created the script that run in cron . am included the init.php .this error was occured. 
after changed the code you mentioned its working fine,
Thanks Lot .