Opencart showing error when changed the url

Question

I am using opencart 2.0.2.0. I was just checking some random tricks and i write the url index.php?route=common/home to index.php?route=common/home%00. And it showed me an error Warning: is_dir() expects parameter 1 to be a valid path, string given in \system\engine\action.php on line 18 Didn't understand why this happened. Any one can please help me to know why this error occured and how can i solve it??

Answer 1

This is only warning for this opencart version. For quick solution, You will add "error_reporting(0);" in the __construct function.

Thank You.

Answer 2

After some research I found that it's actually a bug in PHP (reported here @ 2/4/2015 and already fixed)

What's your problem about?
Null byte (%00) causes truncation in PHP strings (which is normal I think because PHP strings are implemented through c strings)

So what's happening in OC?

• Open the file <OC_ROOT>\system\engine\action.php (the one you got the error in), class Action resides there and it's responsible for parsing the route parameter, determining the appropriate controller to be loaded + which function in that controller to call and keeping the method arguments so as to be passed later during execution
• In that line
  $file = DIR_APPLICATION . 'controller/' . str_replace(array('../', '..\', '..'), '', $path) . '.php';
  You will notice that the controller file is loaded through appending a .php to the $path variable constructed by parsing the route parameter, since you have added an extra null byte to the route, $file looks like this: bla bla bla/common/home\0.php, the \0 results in stripping the .phpwhich leads to a non existing file path, that's why OC loads the error page
  

How to solve it
Simply turn off warnings from your project, If you mean by "how can i solve it?" making it work, then just strip null bytes from route parameter before parsing it (in the same file), but I don't advise you to do that because it's a handled hack and you will be de-handling it :D