makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 22:28:51 +00:00
Code Issues Projects Releases Packages Wiki Activity

#27395

Browse source 
git-svn-id: file:///svn/phpbb/trunk@8637 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Meik Sievertsen 2008-06-09 17:10:59 +00:00
parent d7a217c28c
commit e199f55ba2
3 changed files with 26 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
phpBB/includes/functions.php
View file

@ -1722,7 +1722,7 @@ function generate_board_url($without_script_path = false)
if ($server_port && (($config['cookie_secure'] && $server_port <> 443) || (!$config['cookie_secure'] && $server_port <> 80))) if ($server_port && (($config['cookie_secure'] && $server_port <> 443) || (!$config['cookie_secure'] && $server_port <> 80)))
{ {
// HTTP HOST can carry a port number... // HTTP HOST can carry a port number (we fetch $user->host, but for old versions this may be true)
if (strpos($server_name, ':') === false) if (strpos($server_name, ':') === false)
{ {
$url .= ':' . $server_port; $url .= ':' . $server_port;

12
phpBB/includes/session.php
View file

@ -160,6 +160,13 @@ class session
$this->referer = (!empty($_SERVER['HTTP_REFERER'])) ? htmlspecialchars((string) $_SERVER['HTTP_REFERER']) : ''; $this->referer = (!empty($_SERVER['HTTP_REFERER'])) ? htmlspecialchars((string) $_SERVER['HTTP_REFERER']) : '';
$this->forwarded_for = (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) ? (string) $_SERVER['HTTP_X_FORWARDED_FOR'] : ''; $this->forwarded_for = (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) ? (string) $_SERVER['HTTP_X_FORWARDED_FOR'] : '';
$this->host = (!empty($_SERVER['HTTP_HOST'])) ? (string) strtolower($_SERVER['HTTP_HOST']) : ((!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME')); $this->host = (!empty($_SERVER['HTTP_HOST'])) ? (string) strtolower($_SERVER['HTTP_HOST']) : ((!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME'));
// Since HTTP_HOST may carry a port definition, we need to remove it here...
if (strpos($this->host, ':') !== false)
{
$this->host = substr($this->host, 0, strpos($this->host, ':'));
}
$this->page = self::extract_current_page(PHPBB_ROOT_PATH); $this->page = self::extract_current_page(PHPBB_ROOT_PATH);
// if the forwarded for header shall be checked we have to validate its contents // if the forwarded for header shall be checked we have to validate its contents
@ -1300,8 +1307,10 @@ class session
{ {
return true; return true;
} }
$host = htmlspecialchars($this->host); $host = htmlspecialchars($this->host);
$ref = substr($this->referer, strpos($this->referer, '://') + 3); $ref = substr($this->referer, strpos($this->referer, '://') + 3);
if (!(stripos($ref , $host) === 0)) if (!(stripos($ref , $host) === 0))
{ {
return false; return false;
@ -1310,15 +1319,18 @@ class session
{ {
$ref = substr($ref, strlen($host)); $ref = substr($ref, strlen($host));
$server_port = (!empty($_SERVER['SERVER_PORT'])) ? (int) $_SERVER['SERVER_PORT'] : (int) getenv('SERVER_PORT'); $server_port = (!empty($_SERVER['SERVER_PORT'])) ? (int) $_SERVER['SERVER_PORT'] : (int) getenv('SERVER_PORT');
if ($server_port !== 80 && $server_port !== 443 && stripos($ref, ":$server_port") === 0) if ($server_port !== 80 && $server_port !== 443 && stripos($ref, ":$server_port") === 0)
{ {
$ref = substr($ref, strlen(":$server_port")); $ref = substr($ref, strlen(":$server_port"));
} }
if (!(stripos(rtrim($ref, '/'), rtrim($this->page['root_script_path'], '/')) === 0)) if (!(stripos(rtrim($ref, '/'), rtrim($this->page['root_script_path'], '/')) === 0))
{ {
return false; return false;
} }
} }
return true; return true;
} }

13
phpBB/install/install_install.php
View file

@ -1043,6 +1043,12 @@ class install_install extends module
// HTTP_HOST is having the correct browser url in most cases... // HTTP_HOST is having the correct browser url in most cases...
$server_name = (!empty($_SERVER['HTTP_HOST'])) ? strtolower($_SERVER['HTTP_HOST']) : ((!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME')); $server_name = (!empty($_SERVER['HTTP_HOST'])) ? strtolower($_SERVER['HTTP_HOST']) : ((!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME'));
// HTTP HOST can carry a port number...
if (strpos($server_name, ':') !== false)
{
$server_name = substr($server_name, 0, strpos($server_name, ':'));
}
$data['email_enable'] = ($data['email_enable'] !== '') ? $data['email_enable'] : true; $data['email_enable'] = ($data['email_enable'] !== '') ? $data['email_enable'] : true;
$data['server_name'] = ($data['server_name'] !== '') ? $data['server_name'] : $server_name; $data['server_name'] = ($data['server_name'] !== '') ? $data['server_name'] : $server_name;
$data['server_port'] = ($data['server_port'] !== '') ? $data['server_port'] : ((!empty($_SERVER['SERVER_PORT'])) ? (int) $_SERVER['SERVER_PORT'] : (int) getenv('SERVER_PORT')); $data['server_port'] = ($data['server_port'] !== '') ? $data['server_port'] : ((!empty($_SERVER['SERVER_PORT'])) ? (int) $_SERVER['SERVER_PORT'] : (int) getenv('SERVER_PORT'));
@ -1136,6 +1142,13 @@ class install_install extends module
// HTTP_HOST is having the correct browser url in most cases... // HTTP_HOST is having the correct browser url in most cases...
$server_name = (!empty($_SERVER['HTTP_HOST'])) ? strtolower($_SERVER['HTTP_HOST']) : ((!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME')); $server_name = (!empty($_SERVER['HTTP_HOST'])) ? strtolower($_SERVER['HTTP_HOST']) : ((!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME'));
// HTTP HOST can carry a port number...
if (strpos($server_name, ':') !== false)
{
$server_name = substr($server_name, 0, strpos($server_name, ':'));
}
$cookie_domain = ($data['server_name'] != '') ? $data['server_name'] : $server_name; $cookie_domain = ($data['server_name'] != '') ? $data['server_name'] : $server_name;
// Try to come up with the best solution for cookie domain... // Try to come up with the best solution for cookie domain...