summaryrefslogtreecommitdiff
path: root/includes
diff options
context:
space:
mode:
authorGreg Roach <fisharebest@gmail.com>2015-01-31 20:36:22 +0000
committerGreg Roach <fisharebest@gmail.com>2015-01-31 20:36:22 +0000
commit70a771297845d0b0b03635c2430fdcf474d95aaf (patch)
tree7a95ad8274141284e3a6c8824fce92526cf7eb74 /includes
parent35734852efe1feb1a7923483a980e701f16a5f07 (diff)
downloadwebtrees-70a771297845d0b0b03635c2430fdcf474d95aaf.tar.gz
webtrees-70a771297845d0b0b03635c2430fdcf474d95aaf.tar.bz2
webtrees-70a771297845d0b0b03635c2430fdcf474d95aaf.zip
Combine WT_SERVER_NAME and WT_SCRIPT_PATH into WT_BASE_URL
Diffstat (limited to 'includes')
-rw-r--r--includes/session.php76
1 files changed, 27 insertions, 49 deletions
diff --git a/includes/session.php b/includes/session.php
index 210bdd1cf3..6bedb3fba9 100644
--- a/includes/session.php
+++ b/includes/session.php
@@ -187,46 +187,29 @@ if (!ini_get('date.timezone')) {
// 2) provide calendar conversions for the Arabic and Persian calendars
\Fisharebest\ExtCalendar\Shim::create();
-// Split the request protocol://host:port/path/to/script.php?var=value into parts
-// WT_SERVER_NAME = protocol://host:port
-// WT_SCRIPT_PATH = /path/to/ (begins and ends with /)
-// WT_SCRIPT_NAME = script.php (already defined in the calling script)
+// Calculate the base URL, so we can generate absolute URLs.
-if (isset($_SERVER['HTTP_X_FORWARDED_PROTO'])) {
- $protocol = $_SERVER['HTTP_X_FORWARDED_PROTO'];
-} elseif (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') {
- $protocol = 'https';
-} else {
- $protocol = 'http';
-}
-if (isset($_SERVER['HTTP_X_FORWARDED_PORT'])) {
- $port = $_SERVER['HTTP_X_FORWARDED_PORT'];
-} elseif (isset($_SERVER['SERVER_PORT'])) {
- $port = $_SERVER['SERVER_PORT'];
-} else {
- $port = '80';
-}
+$protocol = WT_Filter::server('HTTP_X_FORWARDED_PROTO', 'https?', WT_Filter::server('HTTPS', null, 'off') === 'off' ? 'http' : 'https');
-define('WT_SERVER_NAME',
- $protocol . '://' .
- (empty($_SERVER['SERVER_NAME']) ? '' : $_SERVER['SERVER_NAME']) .
- ($protocol === 'http' && $port === '80' || $protocol === 'https' && $port === '443' ? '' : ':' . $port)
-);
+// For CLI scripts, use localhost.
+$host = WT_Filter::server('SERVER_NAME', null, 'localhost');
-// REDIRECT_URL should be set in the case of Apache following a RedirectRule
-// SCRIPT_NAME should always be correct, but is not always present.
-// PHP_SELF should always be present, but may have trailing path: /path/to/script.php/FOO/BAR
-if (!empty($_SERVER['REDIRECT_URL'])) {
- define('WT_SCRIPT_PATH', substr($_SERVER['REDIRECT_URL'], 0, stripos($_SERVER['REDIRECT_URL'], WT_SCRIPT_NAME)));
-} elseif (!empty($_SERVER['SCRIPT_NAME'])) {
- define('WT_SCRIPT_PATH', substr($_SERVER['SCRIPT_NAME'], 0, stripos($_SERVER['SCRIPT_NAME'], WT_SCRIPT_NAME)));
-} elseif (!empty($_SERVER['PHP_SELF'])) {
- define('WT_SCRIPT_PATH', substr($_SERVER['PHP_SELF'], 0, stripos($_SERVER['PHP_SELF'], WT_SCRIPT_NAME)));
+$port = WT_Filter::server('HTTP_X_FORWARDED_PORT', '80|443', WT_Filter::server('SERVER_PORT', null, '80'));
+
+// Ignore the default port.
+if ($protocol === 'http' && $port === '80' || $protocol === 'https' && $port === '443') {
+ $port = '';
} else {
- // No server settings - probably running as a command line script
- define('WT_SCRIPT_PATH', '/');
+ $port = ':' . $port;
}
+// REDIRECT_URL should be set when Apache is following a RedirectRule
+// PHP_SELF may have trailing path: /path/to/script.php/FOO/BAR
+$path = WT_Filter::server('REDIRECT_URL', null, WT_Filter::server('PHP_SELF'));
+$path = substr($path, 0, stripos($path, WT_SCRIPT_NAME));
+
+define('WT_BASE_URL', $protocol . '://' . $host . $port . $path);
+
// Microsoft IIS servers don’t set REQUEST_URI, so generate it for them.
if (!isset($_SERVER['REQUEST_URI'])) {
$_SERVER['REQUEST_URI'] = substr($_SERVER['PHP_SELF'], 1);
@@ -235,11 +218,6 @@ if (!isset($_SERVER['REQUEST_URI'])) {
}
}
-// Some browsers do not send a user-agent string
-if (!isset($_SERVER['HTTP_USER_AGENT'])) {
- $_SERVER['HTTP_USER_AGENT'] = '';
-}
-
// Common functions - move these to classes so we can autoload them.
require WT_ROOT . 'includes/functions/functions.php';
require WT_ROOT . 'includes/functions/functions_db.php';
@@ -285,17 +263,17 @@ if (file_exists(WT_ROOT . 'data/config.ini.php')) {
$dbconfig = parse_ini_file(WT_ROOT . 'data/config.ini.php');
// Invalid/unreadable config file?
if (!is_array($dbconfig)) {
- header('Location: ' . WT_SERVER_NAME . WT_SCRIPT_PATH . 'site-unavailable.php');
+ header('Location: ' . WT_BASE_URL . 'site-unavailable.php');
exit;
}
// Down for maintenance?
if (file_exists(WT_ROOT . 'data/offline.txt')) {
- header('Location: ' . WT_SERVER_NAME . WT_SCRIPT_PATH . 'site-offline.php');
+ header('Location: ' . WT_BASE_URL . 'site-offline.php');
exit;
}
} else {
// No config file. Set one up.
- header('Location: ' . WT_SERVER_NAME . WT_SCRIPT_PATH . 'setup.php');
+ header('Location: ' . WT_BASE_URL . 'setup.php');
exit;
}
@@ -311,7 +289,7 @@ try {
WT_DB::updateSchema(WT_ROOT . 'includes/db_schema/', 'WT_SCHEMA_VERSION', WT_SCHEMA_VERSION);
} catch (PDOException $ex) {
WT_FlashMessages::addMessage($ex->getMessage(), 'danger');
- header('Location: ' . WT_SERVER_NAME . WT_SCRIPT_PATH . 'site-unavailable.php');
+ header('Location: ' . WT_BASE_URL . 'site-unavailable.php');
throw $ex;
}
@@ -321,7 +299,7 @@ define('WT_DATA_DIR', realpath(WT_Site::getPreference('INDEX_DIRECTORY') ? WT_Si
// If we have a preferred URL (e.g. www.example.com instead of www.isp.com/~example), then redirect to it.
$SERVER_URL = WT_Site::getPreference('SERVER_URL');
-if ($SERVER_URL && $SERVER_URL != WT_SERVER_NAME . WT_SCRIPT_PATH) {
+if ($SERVER_URL && $SERVER_URL != WT_BASE_URL) {
header('Location: ' . $SERVER_URL . WT_SCRIPT_NAME . (isset($_SERVER['QUERY_STRING']) ? '?' . $_SERVER['QUERY_STRING'] : ''), true, 301);
exit;
}
@@ -343,7 +321,7 @@ $rule = WT_DB::prepare(
" WHERE IFNULL(INET_ATON(?), 0) BETWEEN ip_address_start AND ip_address_end" .
" AND ? LIKE user_agent_pattern" .
" ORDER BY ip_address_end LIMIT 1"
-)->execute(array($WT_REQUEST->getClientIp(), $_SERVER['HTTP_USER_AGENT']))->fetchOne();
+)->execute(array($WT_REQUEST->getClientIp(), WT_Filter::server('HTTP_USER_AGENT')))->fetchOne();
switch ($rule) {
case 'allow':
@@ -362,7 +340,7 @@ case 'unknown':
case '':
WT_DB::prepare(
"INSERT INTO `##site_access_rule` (ip_address_start, ip_address_end, user_agent_pattern, comment) VALUES (IFNULL(INET_ATON(?), 0), IFNULL(INET_ATON(?), 4294967295), ?, '')"
- )->execute(array($WT_REQUEST->getClientIp(), $WT_REQUEST->getClientIp(), $_SERVER['HTTP_USER_AGENT']));
+ )->execute(array($WT_REQUEST->getClientIp(), $WT_REQUEST->getClientIp(), WT_Filter::server('HTTP_USER_AGENT')));
$SEARCH_SPIDER = true;
break;
}
@@ -419,7 +397,7 @@ $cfg = array(
'gc_maxlifetime' => WT_Site::getPreference('SESSION_TIME'),
'gc_probability' => 1,
'gc_divisor' => 100,
- 'cookie_path' => WT_SCRIPT_PATH,
+ 'cookie_path' => parse_url(WT_BASE_URL, PHP_URL_PATH),
'cookie_httponly' => true,
);
@@ -532,14 +510,14 @@ require WT_ROOT . 'includes/config_data.php';
if (WT_Site::getPreference('LOGIN_URL')) {
define('WT_LOGIN_URL', WT_Site::getPreference('LOGIN_URL'));
} else {
- define('WT_LOGIN_URL', WT_SERVER_NAME . WT_SCRIPT_PATH . 'login.php');
+ define('WT_LOGIN_URL', WT_BASE_URL . 'login.php');
}
// If there is no current tree and we need one, then redirect somewhere
if (WT_SCRIPT_NAME != 'admin_trees_manage.php' && WT_SCRIPT_NAME != 'admin_pgv_to_wt.php' && WT_SCRIPT_NAME != 'login.php' && WT_SCRIPT_NAME != 'logout.php' && WT_SCRIPT_NAME != 'import.php' && WT_SCRIPT_NAME != 'help_text.php' && WT_SCRIPT_NAME != 'message.php') {
if (!$WT_TREE || !$WT_TREE->getPreference('imported')) {
if (Auth::isAdmin()) {
- header('Location: ' . WT_SERVER_NAME . WT_SCRIPT_PATH . 'admin_trees_manage.php');
+ header('Location: ' . WT_BASE_URL . 'admin_trees_manage.php');
} else {
header('Location: ' . WT_LOGIN_URL . '?url=' . rawurlencode(WT_SCRIPT_NAME . (isset($_SERVER['QUERY_STRING']) ? '?' . $_SERVER['QUERY_STRING'] : '')), true, 301);