From e199f55ba2d3fcac361b2a546ed86061423cb990 Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Mon, 9 Jun 2008 17:10:59 +0000 Subject: [PATCH] #27395 git-svn-id: file:///svn/phpbb/trunk@8637 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/functions.php | 2 +- phpBB/includes/session.php | 12 ++++++++++++ phpBB/install/install_install.php | 13 +++++++++++++ 3 files changed, 26 insertions(+), 1 deletion(-) diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 3e1b3cf903..bdc081c593 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -1722,7 +1722,7 @@ function generate_board_url($without_script_path = false) if ($server_port && (($config['cookie_secure'] && $server_port <> 443) || (!$config['cookie_secure'] && $server_port <> 80))) { - // HTTP HOST can carry a port number... + // HTTP HOST can carry a port number (we fetch $user->host, but for old versions this may be true) if (strpos($server_name, ':') === false) { $url .= ':' . $server_port; diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 05c9aa8de8..a3a3a60061 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -160,6 +160,13 @@ class session $this->referer = (!empty($_SERVER['HTTP_REFERER'])) ? htmlspecialchars((string) $_SERVER['HTTP_REFERER']) : ''; $this->forwarded_for = (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) ? (string) $_SERVER['HTTP_X_FORWARDED_FOR'] : ''; $this->host = (!empty($_SERVER['HTTP_HOST'])) ? (string) strtolower($_SERVER['HTTP_HOST']) : ((!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME')); + + // Since HTTP_HOST may carry a port definition, we need to remove it here... + if (strpos($this->host, ':') !== false) + { + $this->host = substr($this->host, 0, strpos($this->host, ':')); + } + $this->page = self::extract_current_page(PHPBB_ROOT_PATH); // if the forwarded for header shall be checked we have to validate its contents @@ -1300,8 +1307,10 @@ class session { return true; } + $host = htmlspecialchars($this->host); $ref = substr($this->referer, strpos($this->referer, '://') + 3); + if (!(stripos($ref , $host) === 0)) { return false; @@ -1310,15 +1319,18 @@ class session { $ref = substr($ref, strlen($host)); $server_port = (!empty($_SERVER['SERVER_PORT'])) ? (int) $_SERVER['SERVER_PORT'] : (int) getenv('SERVER_PORT'); + if ($server_port !== 80 && $server_port !== 443 && stripos($ref, ":$server_port") === 0) { $ref = substr($ref, strlen(":$server_port")); } + if (!(stripos(rtrim($ref, '/'), rtrim($this->page['root_script_path'], '/')) === 0)) { return false; } } + return true; } diff --git a/phpBB/install/install_install.php b/phpBB/install/install_install.php index 919f13dfa4..1388e8d6c6 100644 --- a/phpBB/install/install_install.php +++ b/phpBB/install/install_install.php @@ -1043,6 +1043,12 @@ class install_install extends module // HTTP_HOST is having the correct browser url in most cases... $server_name = (!empty($_SERVER['HTTP_HOST'])) ? strtolower($_SERVER['HTTP_HOST']) : ((!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME')); + // HTTP HOST can carry a port number... + if (strpos($server_name, ':') !== false) + { + $server_name = substr($server_name, 0, strpos($server_name, ':')); + } + $data['email_enable'] = ($data['email_enable'] !== '') ? $data['email_enable'] : true; $data['server_name'] = ($data['server_name'] !== '') ? $data['server_name'] : $server_name; $data['server_port'] = ($data['server_port'] !== '') ? $data['server_port'] : ((!empty($_SERVER['SERVER_PORT'])) ? (int) $_SERVER['SERVER_PORT'] : (int) getenv('SERVER_PORT')); @@ -1136,6 +1142,13 @@ class install_install extends module // HTTP_HOST is having the correct browser url in most cases... $server_name = (!empty($_SERVER['HTTP_HOST'])) ? strtolower($_SERVER['HTTP_HOST']) : ((!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME')); + + // HTTP HOST can carry a port number... + if (strpos($server_name, ':') !== false) + { + $server_name = substr($server_name, 0, strpos($server_name, ':')); + } + $cookie_domain = ($data['server_name'] != '') ? $data['server_name'] : $server_name; // Try to come up with the best solution for cookie domain...