Pico::getBaseUrl(): Improve hostname detection with proxies
This commit is contained in:
parent
381b339b9f
commit
d9393df4fa
|
@ -6,6 +6,7 @@ Released: -
|
||||||
|
|
||||||
```
|
```
|
||||||
* [Changed] Improve documentation
|
* [Changed] Improve documentation
|
||||||
|
* [Fixed] Improve hostname detection with proxies
|
||||||
```
|
```
|
||||||
|
|
||||||
### Version 1.0.4
|
### Version 1.0.4
|
||||||
|
|
15
lib/Pico.php
15
lib/Pico.php
|
@ -1237,6 +1237,10 @@ class Pico
|
||||||
/**
|
/**
|
||||||
* Returns the base URL of this Pico instance
|
* Returns the base URL of this Pico instance
|
||||||
*
|
*
|
||||||
|
* Security Notice: You MUST configure Pico's base URL explicitly when
|
||||||
|
* using the base URL in contexts that are potentially vulnerable to
|
||||||
|
* HTTP Host Header Injection attacks (e.g. when generating emails).
|
||||||
|
*
|
||||||
* @return string the base url
|
* @return string the base url
|
||||||
*/
|
*/
|
||||||
public function getBaseUrl()
|
public function getBaseUrl()
|
||||||
|
@ -1256,9 +1260,14 @@ class Pico
|
||||||
$protocol = 'https';
|
$protocol = 'https';
|
||||||
}
|
}
|
||||||
|
|
||||||
$this->config['base_url'] =
|
$host = $_SERVER['SERVER_NAME'];
|
||||||
$protocol . "://" . $_SERVER['HTTP_HOST']
|
if (!empty($_SERVER['HTTP_X_FORWARDED_HOST'])) {
|
||||||
. rtrim(dirname($_SERVER['SCRIPT_NAME']), '/\\') . '/';
|
$host = $_SERVER['HTTP_X_FORWARDED_HOST'];
|
||||||
|
} elseif (!empty($_SERVER['HTTP_HOST'])) {
|
||||||
|
$host = $_SERVER['HTTP_HOST'];
|
||||||
|
}
|
||||||
|
|
||||||
|
$this->config['base_url'] = $protocol . "://" . $host . rtrim(dirname($_SERVER['SCRIPT_NAME']), '/\\') . '/';
|
||||||
|
|
||||||
return $this->getConfig('base_url');
|
return $this->getConfig('base_url');
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue