diff options
| author | Greg Roach <fisharebest@gmail.com> | 2015-01-31 20:36:22 +0000 |
|---|---|---|
| committer | Greg Roach <fisharebest@gmail.com> | 2015-01-31 20:36:22 +0000 |
| commit | 70a771297845d0b0b03635c2430fdcf474d95aaf (patch) | |
| tree | 7a95ad8274141284e3a6c8824fce92526cf7eb74 /includes | |
| parent | 35734852efe1feb1a7923483a980e701f16a5f07 (diff) | |
| download | webtrees-70a771297845d0b0b03635c2430fdcf474d95aaf.tar.gz webtrees-70a771297845d0b0b03635c2430fdcf474d95aaf.tar.bz2 webtrees-70a771297845d0b0b03635c2430fdcf474d95aaf.zip | |
Combine WT_SERVER_NAME and WT_SCRIPT_PATH into WT_BASE_URL
Diffstat (limited to 'includes')
| -rw-r--r-- | includes/session.php | 76 |
1 files changed, 27 insertions, 49 deletions
diff --git a/includes/session.php b/includes/session.php index 210bdd1cf3..6bedb3fba9 100644 --- a/includes/session.php +++ b/includes/session.php @@ -187,46 +187,29 @@ if (!ini_get('date.timezone')) { // 2) provide calendar conversions for the Arabic and Persian calendars \Fisharebest\ExtCalendar\Shim::create(); -// Split the request protocol://host:port/path/to/script.php?var=value into parts -// WT_SERVER_NAME = protocol://host:port -// WT_SCRIPT_PATH = /path/to/ (begins and ends with /) -// WT_SCRIPT_NAME = script.php (already defined in the calling script) +// Calculate the base URL, so we can generate absolute URLs. -if (isset($_SERVER['HTTP_X_FORWARDED_PROTO'])) { - $protocol = $_SERVER['HTTP_X_FORWARDED_PROTO']; -} elseif (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') { - $protocol = 'https'; -} else { - $protocol = 'http'; -} -if (isset($_SERVER['HTTP_X_FORWARDED_PORT'])) { - $port = $_SERVER['HTTP_X_FORWARDED_PORT']; -} elseif (isset($_SERVER['SERVER_PORT'])) { - $port = $_SERVER['SERVER_PORT']; -} else { - $port = '80'; -} +$protocol = WT_Filter::server('HTTP_X_FORWARDED_PROTO', 'https?', WT_Filter::server('HTTPS', null, 'off') === 'off' ? 'http' : 'https'); -define('WT_SERVER_NAME', - $protocol . '://' . - (empty($_SERVER['SERVER_NAME']) ? '' : $_SERVER['SERVER_NAME']) . - ($protocol === 'http' && $port === '80' || $protocol === 'https' && $port === '443' ? '' : ':' . $port) -); +// For CLI scripts, use localhost. +$host = WT_Filter::server('SERVER_NAME', null, 'localhost'); -// REDIRECT_URL should be set in the case of Apache following a RedirectRule -// SCRIPT_NAME should always be correct, but is not always present. -// PHP_SELF should always be present, but may have trailing path: /path/to/script.php/FOO/BAR -if (!empty($_SERVER['REDIRECT_URL'])) { - define('WT_SCRIPT_PATH', substr($_SERVER['REDIRECT_URL'], 0, stripos($_SERVER['REDIRECT_URL'], WT_SCRIPT_NAME))); -} elseif (!empty($_SERVER['SCRIPT_NAME'])) { - define('WT_SCRIPT_PATH', substr($_SERVER['SCRIPT_NAME'], 0, stripos($_SERVER['SCRIPT_NAME'], WT_SCRIPT_NAME))); -} elseif (!empty($_SERVER['PHP_SELF'])) { - define('WT_SCRIPT_PATH', substr($_SERVER['PHP_SELF'], 0, stripos($_SERVER['PHP_SELF'], WT_SCRIPT_NAME))); +$port = WT_Filter::server('HTTP_X_FORWARDED_PORT', '80|443', WT_Filter::server('SERVER_PORT', null, '80')); + +// Ignore the default port. +if ($protocol === 'http' && $port === '80' || $protocol === 'https' && $port === '443') { + $port = ''; } else { - // No server settings - probably running as a command line script - define('WT_SCRIPT_PATH', '/'); + $port = ':' . $port; } +// REDIRECT_URL should be set when Apache is following a RedirectRule +// PHP_SELF may have trailing path: /path/to/script.php/FOO/BAR +$path = WT_Filter::server('REDIRECT_URL', null, WT_Filter::server('PHP_SELF')); +$path = substr($path, 0, stripos($path, WT_SCRIPT_NAME)); + +define('WT_BASE_URL', $protocol . '://' . $host . $port . $path); + // Microsoft IIS servers don’t set REQUEST_URI, so generate it for them. if (!isset($_SERVER['REQUEST_URI'])) { $_SERVER['REQUEST_URI'] = substr($_SERVER['PHP_SELF'], 1); @@ -235,11 +218,6 @@ if (!isset($_SERVER['REQUEST_URI'])) { } } -// Some browsers do not send a user-agent string -if (!isset($_SERVER['HTTP_USER_AGENT'])) { - $_SERVER['HTTP_USER_AGENT'] = ''; -} - // Common functions - move these to classes so we can autoload them. require WT_ROOT . 'includes/functions/functions.php'; require WT_ROOT . 'includes/functions/functions_db.php'; @@ -285,17 +263,17 @@ if (file_exists(WT_ROOT . 'data/config.ini.php')) { $dbconfig = parse_ini_file(WT_ROOT . 'data/config.ini.php'); // Invalid/unreadable config file? if (!is_array($dbconfig)) { - header('Location: ' . WT_SERVER_NAME . WT_SCRIPT_PATH . 'site-unavailable.php'); + header('Location: ' . WT_BASE_URL . 'site-unavailable.php'); exit; } // Down for maintenance? if (file_exists(WT_ROOT . 'data/offline.txt')) { - header('Location: ' . WT_SERVER_NAME . WT_SCRIPT_PATH . 'site-offline.php'); + header('Location: ' . WT_BASE_URL . 'site-offline.php'); exit; } } else { // No config file. Set one up. - header('Location: ' . WT_SERVER_NAME . WT_SCRIPT_PATH . 'setup.php'); + header('Location: ' . WT_BASE_URL . 'setup.php'); exit; } @@ -311,7 +289,7 @@ try { WT_DB::updateSchema(WT_ROOT . 'includes/db_schema/', 'WT_SCHEMA_VERSION', WT_SCHEMA_VERSION); } catch (PDOException $ex) { WT_FlashMessages::addMessage($ex->getMessage(), 'danger'); - header('Location: ' . WT_SERVER_NAME . WT_SCRIPT_PATH . 'site-unavailable.php'); + header('Location: ' . WT_BASE_URL . 'site-unavailable.php'); throw $ex; } @@ -321,7 +299,7 @@ define('WT_DATA_DIR', realpath(WT_Site::getPreference('INDEX_DIRECTORY') ? WT_Si // If we have a preferred URL (e.g. www.example.com instead of www.isp.com/~example), then redirect to it. $SERVER_URL = WT_Site::getPreference('SERVER_URL'); -if ($SERVER_URL && $SERVER_URL != WT_SERVER_NAME . WT_SCRIPT_PATH) { +if ($SERVER_URL && $SERVER_URL != WT_BASE_URL) { header('Location: ' . $SERVER_URL . WT_SCRIPT_NAME . (isset($_SERVER['QUERY_STRING']) ? '?' . $_SERVER['QUERY_STRING'] : ''), true, 301); exit; } @@ -343,7 +321,7 @@ $rule = WT_DB::prepare( " WHERE IFNULL(INET_ATON(?), 0) BETWEEN ip_address_start AND ip_address_end" . " AND ? LIKE user_agent_pattern" . " ORDER BY ip_address_end LIMIT 1" -)->execute(array($WT_REQUEST->getClientIp(), $_SERVER['HTTP_USER_AGENT']))->fetchOne(); +)->execute(array($WT_REQUEST->getClientIp(), WT_Filter::server('HTTP_USER_AGENT')))->fetchOne(); switch ($rule) { case 'allow': @@ -362,7 +340,7 @@ case 'unknown': case '': WT_DB::prepare( "INSERT INTO `##site_access_rule` (ip_address_start, ip_address_end, user_agent_pattern, comment) VALUES (IFNULL(INET_ATON(?), 0), IFNULL(INET_ATON(?), 4294967295), ?, '')" - )->execute(array($WT_REQUEST->getClientIp(), $WT_REQUEST->getClientIp(), $_SERVER['HTTP_USER_AGENT'])); + )->execute(array($WT_REQUEST->getClientIp(), $WT_REQUEST->getClientIp(), WT_Filter::server('HTTP_USER_AGENT'))); $SEARCH_SPIDER = true; break; } @@ -419,7 +397,7 @@ $cfg = array( 'gc_maxlifetime' => WT_Site::getPreference('SESSION_TIME'), 'gc_probability' => 1, 'gc_divisor' => 100, - 'cookie_path' => WT_SCRIPT_PATH, + 'cookie_path' => parse_url(WT_BASE_URL, PHP_URL_PATH), 'cookie_httponly' => true, ); @@ -532,14 +510,14 @@ require WT_ROOT . 'includes/config_data.php'; if (WT_Site::getPreference('LOGIN_URL')) { define('WT_LOGIN_URL', WT_Site::getPreference('LOGIN_URL')); } else { - define('WT_LOGIN_URL', WT_SERVER_NAME . WT_SCRIPT_PATH . 'login.php'); + define('WT_LOGIN_URL', WT_BASE_URL . 'login.php'); } // If there is no current tree and we need one, then redirect somewhere if (WT_SCRIPT_NAME != 'admin_trees_manage.php' && WT_SCRIPT_NAME != 'admin_pgv_to_wt.php' && WT_SCRIPT_NAME != 'login.php' && WT_SCRIPT_NAME != 'logout.php' && WT_SCRIPT_NAME != 'import.php' && WT_SCRIPT_NAME != 'help_text.php' && WT_SCRIPT_NAME != 'message.php') { if (!$WT_TREE || !$WT_TREE->getPreference('imported')) { if (Auth::isAdmin()) { - header('Location: ' . WT_SERVER_NAME . WT_SCRIPT_PATH . 'admin_trees_manage.php'); + header('Location: ' . WT_BASE_URL . 'admin_trees_manage.php'); } else { header('Location: ' . WT_LOGIN_URL . '?url=' . rawurlencode(WT_SCRIPT_NAME . (isset($_SERVER['QUERY_STRING']) ? '?' . $_SERVER['QUERY_STRING'] : '')), true, 301); |
