makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-10 13:28:55 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge branch '3.2.x'

Browse source 
* 3.2.x:
  [ticket/14481] Add tests for x_forwarded_proto header
  [ticket/14481] Use port 443 if https is specified in x-forwarded-proto
  [ticket/14481] Respect HTTP_X_FORWARDED headers for implying https
This commit is contained in:
Tristan Darricau 2016-03-27 12:56:06 +02:00
commit c13c7c28ad
5 changed files with 126 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
phpBB/common.php
View file

@ -43,7 +43,13 @@ if (!defined('PHPBB_INSTALLED'))
// available as used by the redirect function // available as used by the redirect function
$server_name = (!empty($_SERVER['HTTP_HOST'])) ? strtolower($_SERVER['HTTP_HOST']) : ((!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME')); $server_name = (!empty($_SERVER['HTTP_HOST'])) ? strtolower($_SERVER['HTTP_HOST']) : ((!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME'));
$server_port = (!empty($_SERVER['SERVER_PORT'])) ? (int) $_SERVER['SERVER_PORT'] : (int) getenv('SERVER_PORT'); $server_port = (!empty($_SERVER['SERVER_PORT'])) ? (int) $_SERVER['SERVER_PORT'] : (int) getenv('SERVER_PORT');
$secure = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? 1 : 0; $secure = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') ? 1 : 0;
if (!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https')
{
$secure = 1;
$server_port = 443;
}
$script_name = (!empty($_SERVER['PHP_SELF'])) ? $_SERVER['PHP_SELF'] : getenv('PHP_SELF'); $script_name = (!empty($_SERVER['PHP_SELF'])) ? $_SERVER['PHP_SELF'] : getenv('PHP_SELF');
if (!$script_name) if (!$script_name)

6
phpBB/includes/functions.php
View file

@ -1648,6 +1648,12 @@ function generate_board_url($without_script_path = false)
$server_name = $user->host; $server_name = $user->host;
$server_port = $request->server('SERVER_PORT', 0); $server_port = $request->server('SERVER_PORT', 0);
$forwarded_proto = $request->server('HTTP_X_FORWARDED_PROTO');
if (!empty($forwarded_proto) && $forwarded_proto === 'https')
{
$server_port = 443;
}
// Forcing server vars is the only way to specify/override the protocol // Forcing server vars is the only way to specify/override the protocol
if ($config['force_server_vars'] || !$server_name) if ($config['force_server_vars'] || !$server_name)

8
phpBB/phpbb/auth/provider/oauth/oauth.php
View file

@ -280,7 +280,13 @@ class oauth extends \phpbb\auth\provider\base
} }
$uri_factory = new \OAuth\Common\Http\Uri\UriFactory(); $uri_factory = new \OAuth\Common\Http\Uri\UriFactory();
$current_uri = $uri_factory->createFromSuperGlobalArray($this->request->get_super_global(\phpbb\request\request_interface::SERVER)); $super_globals = $this->request->get_super_global(\phpbb\request\request_interface::SERVER);
if (!empty($super_globals['HTTP_X_FORWARDED_PROTO']) && $super_globals['HTTP_X_FORWARDED_PROTO'] === 'https')
{
$super_globals['HTTPS'] = 'on';
$super_globals['SERVER_PORT'] = 443;
}
$current_uri = $uri_factory->createFromSuperGlobalArray($super_globals);
$current_uri->setQuery($query); $current_uri->setQuery($query);
$this->current_uri = $current_uri; $this->current_uri = $current_uri;

4
phpBB/phpbb/request/request.php
View file

@ -325,7 +325,9 @@ class request implements \phpbb\request\request_interface
*/ */
public function is_secure() public function is_secure()
{ {
return $this->server('HTTPS') == 'on'; $https = $this->server('HTTPS');
$https = $this->server('HTTP_X_FORWARDED_PROTO') === 'https' ? 'on' : $https;
return !empty($https) && $https !== 'off';
} }
/** /**

106
tests/request/request_test.php
View file

@ -13,7 +13,10 @@
class phpbb_request_test extends phpbb_test_case class phpbb_request_test extends phpbb_test_case
{ {
/** @var \phpbb\request\type_cast_helper_interface */
private $type_cast_helper; private $type_cast_helper;
/** @var \phpbb\request\request */
private $request; private $request;
protected function setUp() protected function setUp()
@ -143,15 +146,112 @@ class phpbb_request_test extends phpbb_test_case
$this->assertTrue($this->request->is_ajax()); $this->assertTrue($this->request->is_ajax());
} }
public function test_is_secure() public function data_is_secure()
{
return array(
array(
array(
'HTTPS' => 'on',
),
true,
),
array(
array(
'HTTPS' => '1',
),
true,
),
array(
array(
'HTTPS' => 'yes',
),
true,
),
array(
array(
'HTTPS' => 1,
),
true,
),
array(
array(
'HTTPS' => 'off',
),
false,
),
array(
array(
'HTTPS' => '0',
),
false,
),
array(
array(
'HTTPS' => 0,
),
false,
),
array(
array(
'HTTPS' => '',
),
false,
),
array(
array(
'HTTPS' => 'off',
'HTTP_X_FORWARDED_PROTO' => 'https',
),
true,
),
array(
array(
'HTTPS' => 'on',
'HTTP_X_FORWARDED_PROTO' => 'http',
),
true,
),
array(
array(
'HTTPS' => 'off',
'HTTP_X_FORWARDED_PROTO' => 'http',
),
false,
),
array(
array(
'HTTP_X_FORWARDED_PROTO' => 'http',
),
false,
),
array(
array(
'HTTP_X_FORWARDED_PROTO' => 'https',
),
true,
),
array(
array(
'HTTPS' => 'on',
'HTTP_X_FORWARDED_PROTO' => 'http',
),
true,
),
);
}
/**
* @dataProvider data_is_secure
*/
public function test_is_secure($server_data, $expected)
{ {
$this->assertFalse($this->request->is_secure()); $this->assertFalse($this->request->is_secure());
$this->request->enable_super_globals(); $this->request->enable_super_globals();
$_SERVER['HTTPS'] = 'on'; $_SERVER = $server_data;
$this->request = new \phpbb\request\request($this->type_cast_helper); $this->request = new \phpbb\request\request($this->type_cast_helper);
$this->assertTrue($this->request->is_secure()); $this->assertSame($expected, $this->request->is_secure());
} }
public function test_variable_names() public function test_variable_names()