From e3031ae28be12b377f6a570f8048512b744d5951 Mon Sep 17 00:00:00 2001 From: Frank Karlitschek Date: Tue, 5 Jun 2012 12:52:23 +0200 Subject: [PATCH] more reliable host detection for reverse proxy servers --- lib/base.php | 12 +++++++----- lib/helper.php | 2 +- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/lib/base.php b/lib/base.php index bdfd05e8f1..b9c28119e3 100644 --- a/lib/base.php +++ b/lib/base.php @@ -367,16 +367,18 @@ class OC{ // CSRF protection if(isset($_SERVER['HTTP_REFERER'])) $referer=$_SERVER['HTTP_REFERER']; else $referer=''; - $protocol=OC_Helper::serverProtocol().'://'; + $refererhost=parse_url($referer); + if(isset($refererhost['host'])) $refererhost=$refererhost['host']; else $refererhost=''; + $server=OC_Helper::serverHost(); + $serverhost=parse_url($server); + if(isset($serverhost['host'])) $serverhost=$serverhost['host']; else $serverhost=''; if(!self::$CLI){ - $server=$protocol.OC_Helper::serverHost(); - if(($_SERVER['REQUEST_METHOD']=='POST') and (substr($referer,0,strlen($server))<>$server)) { - $url = $protocol.OC_Helper::serverProtocol().OC::$WEBROOT.'/index.php'; + if(($_SERVER['REQUEST_METHOD']=='POST') and ($refererhost<>$serverhost)) { + $url = OC_Helper::serverProtocol().'://'.$server.OC::$WEBROOT.'/index.php'; header("Location: $url"); exit(); } } - self::initSession(); self::initTemplateEngine(); self::checkUpgrade(); diff --git a/lib/helper.php b/lib/helper.php index aedac20405..decc1d6133 100644 --- a/lib/helper.php +++ b/lib/helper.php @@ -120,7 +120,7 @@ class OC_Helper { */ public static function linkToAbsolute( $app, $file ) { $urlLinkTo = self::linkTo( $app, $file ); - $urlLinkTo = OC_Helper::serverProtocol(). '://' . self::serverHost() . $urlLinkTo; + $urlLinkTo = self::serverProtocol(). '://' . self::serverHost() . $urlLinkTo; return $urlLinkTo; }