Your Location is: Home > Php

Magento 1.7: Strict Notice warning after SUPEE-10975 security patch

From: Portugal View: 2756 Peter Kraume 

Question

After installing SUPEE-10975 in Magento 1.7.0.2 I get this PHP notice:

Strict Notice: Declaration of Mage_Core_Controller_Request_Http::getBaseUrl() should be compatible with that of Zend_Controller_Request_Http::getBaseUrl()  in app/code/core/Mage/Core/Controller/Request/Http.php on line 36

#0 app/code/core/Mage/Core/Controller/Request/Http.php(36): mageCoreErrorHandler(2048, 'Declaration of ...', '/kunden/12345_8...', 36, Array)
#1 lib/Varien/Autoload.php(93): include('/kunden/12345_8...')
#2 [internal function]: Varien_Autoload->autoload('Mage_Core_Contr...')
#3 app/code/core/Mage/Core/Model/App.php(1219): spl_autoload_call('Mage_Core_Contr...')
#4 app/code/core/Mage/Core/Model/Cookie.php(83): Mage_Core_Model_App->getRequest()
#5 app/code/core/Mage/Core/Model/Cookie.php(273): Mage_Core_Model_Cookie->_getRequest()
#6 app/code/core/Mage/Core/Model/App.php(568): Mage_Core_Model_Cookie->get()
#7 app/code/core/Mage/Core/Model/App.php(488): Mage_Core_Model_App->_checkCookieStore('website')
#8 app/code/core/Mage/Core/Model/App.php(349): Mage_Core_Model_App->_initCurrentStore('', 'store')
#9 app/Mage.php(683): Mage_Core_Model_App->run(Array)
#10 index.php(87): Mage::run('', 'store')
#11 {main}

It seems that the code is available twice in my installation:

  • app/code/core/Zend/Controller/Request/Http.php => introduced with SUPEE-10975
  • lib/Zend/Controller/Request/Http.php => available in the basic installation package of Magento 1.7.0.2

Is this a regression of SUPEE-10975 or a problem of my installation?

Best answer

UPDATE: SUPEE-11219 appears to fix this problem, so my fix below may be removed after the 11219 patch is applied

Original answer:

I've seen the same problem, it does look like a regression in the SUPEE-10975 patch for 1.7.

Changing your PHP configuration to suppress strict mode notices would get you working, but if you'd prefer to work in strict mode, there's a way to patch the patch, too.

As you've observed, SUPEE-10975 adds a new class of Mage_Core_Controller_Request_Http which extends the, newly bundled Zend class Zend_Controller_Request_Http, located in the new file app/code/core/Zend/Controller/Request/Http.php.

The strict mode notice is emitted because the Mage_Core_Controller_Request_Http::getBaseUrl() method signature doesn't properly match the method signature of the new Zend_Controller_Request_Http::getBaseUrl() that it extends.

Mage_Core_Controller_Request_Http::getBaseUrl()

class Mage_Core_Controller_Request_Http extends Zend_Controller_Request_Http
...
public function getBaseUrl() //getBaseUrl has no parameters here
{
    ...
}

Zend_Controller_Request_Http::getBaseUrl()

class Zend_Controller_Request_Http extends Zend_Controller_Request_Abstract
...
public function getBaseUrl($raw = false) //getBaseUrl in the ancestor class has the parameter $raw
{
    ...
}

Mage_Core_Controller_Request_Http::getBaseUrl() method should have a parameter $raw to avoid the strict mode notice. It's not really an error, PHP can work around it, but ideally that should be corrected.

Getting going again

Suppressing strict mode notices in your PHP configuration allows the code to function ignoring this error, but it would be nicer if the code could just run in strict mode, wouldn't it?

Here's how to fix it so it will run in strict mode

Copy the app/code/core/Mage/Core/Controller/Request/Http.php to the local code pool: app/code/local/Mage/Core/Controller/Request/Http.php (note that we're creating an override in the the local folder)

Edit app/code/local/Mage/Core/Controller/Request/Http.php and change line number 265 from

public function getBaseUrl()

to

public function getBaseUrl($raw = false)

If your code is compiled, and the compiler ran without erroring out, you may need to clear the compiled version to see your changes. From the webroot of Magento, issue the command php shell/compiler.php clear.

The store should now function normally, with the SUPEE-10975 patch applied.

What this does

We create a copy of a core Magento file in the local code folder, Magento will try local copies of the files before using the core files, so this local copy overrides the original file.

Our edits to the file, make the method signature of getBaseUrl match the ancestor class, suppressing the strict mode notice.

It's okay to do this because none of the Magento 1.7 code uses the $raw parameter anyway and the default behaviour of the method will work exactly the same as it would have without the parameter.

To undo this change, just delete the local copy, app/code/local/Mage/Core/Controller/Request/Http.php, that we just made. Magento will go back to using the core file automatically, albeit with strict mode notices.

The only problem is...

We're creating technical debt

The next time a security patch or upgrade happens, if the original file gets changed, the local copy we made will not get patched or updated. You'll need to check if this change is still required and, if so, re-copy the core file to the local folder and re-patch the file as above.