sascha
/
nextcloud-server
mirror of https://github.com/nextcloud/server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

more reliable host detection for reverse proxy servers

remotes/origin/stable45
Frank Karlitschek 2012-06-05 12:52:23 +07:00
parent 564b0358f9
commit e3031ae28b
2 changed files with 8 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
lib/base.php
Unescape Escape View File

@ -367,16 +367,18 @@ class OC{
// CSRF protection
if(isset($_SERVER['HTTP_REFERER'])) $referer=$_SERVER['HTTP_REFERER']; else $referer='';
$protocol=OC_Helper::serverProtocol().'://';
$refererhost=parse_url($referer);
if(isset($refererhost['host'])) $refererhost=$refererhost['host']; else $refererhost='';
$server=OC_Helper::serverHost();
$serverhost=parse_url($server);
if(isset($serverhost['host'])) $serverhost=$serverhost['host']; else $serverhost='';
if(!self::$CLI){
$server=$protocol.OC_Helper::serverHost();
if(($_SERVER['REQUEST_METHOD']=='POST') and (substr($referer,0,strlen($server))<>$server)) {
$url = $protocol.OC_Helper::serverProtocol().OC::$WEBROOT.'/index.php';
if(($_SERVER['REQUEST_METHOD']=='POST') and ($refererhost<>$serverhost)) {
$url = OC_Helper::serverProtocol().'://'.$server.OC::$WEBROOT.'/index.php';
header("Location: $url");
exit();
}
}
self::initSession();
self::initTemplateEngine();
self::checkUpgrade();

2
lib/helper.php
Unescape Escape View File

@ -120,7 +120,7 @@ class OC_Helper {
*/
public static function linkToAbsolute( $app, $file ) {
$urlLinkTo = self::linkTo( $app, $file );
$urlLinkTo = OC_Helper::serverProtocol(). '://' . self::serverHost() . $urlLinkTo;
$urlLinkTo = self::serverProtocol(). '://' . self::serverHost() . $urlLinkTo;
return $urlLinkTo;
}