beenull/Pico
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Pico::getBaseUrl(): Improve hostname detection with proxies

Browse source
This commit is contained in:
Daniel Rudolf 2016-11-23 23:26:55 +01:00
parent 381b339b9f
commit d9393df4fa
No known key found for this signature in database
GPG key ID: A061F02CD8DE4538
2 changed files with 13 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
CHANGELOG.md
View file

@ -6,6 +6,7 @@ Released: -
``` ```
* [Changed] Improve documentation * [Changed] Improve documentation
* [Fixed] Improve hostname detection with proxies
``` ```
### Version 1.0.4 ### Version 1.0.4

15
lib/Pico.php
View file

@ -1237,6 +1237,10 @@ class Pico
/** /**
* Returns the base URL of this Pico instance * Returns the base URL of this Pico instance
* *
* Security Notice: You MUST configure Pico's base URL explicitly when
* using the base URL in contexts that are potentially vulnerable to
* HTTP Host Header Injection attacks (e.g. when generating emails).
*
* @return string the base url * @return string the base url
*/ */
public function getBaseUrl() public function getBaseUrl()
@ -1256,9 +1260,14 @@ class Pico
$protocol = 'https'; $protocol = 'https';
} }
$this->config['base_url'] = $host = $_SERVER['SERVER_NAME'];
$protocol . "://" . $_SERVER['HTTP_HOST'] if (!empty($_SERVER['HTTP_X_FORWARDED_HOST'])) {
. rtrim(dirname($_SERVER['SCRIPT_NAME']), '/\\') . '/'; $host = $_SERVER['HTTP_X_FORWARDED_HOST'];
} elseif (!empty($_SERVER['HTTP_HOST'])) {
$host = $_SERVER['HTTP_HOST'];
}
$this->config['base_url'] = $protocol . "://" . $host . rtrim(dirname($_SERVER['SCRIPT_NAME']), '/\\') . '/';
return $this->getConfig('base_url'); return $this->getConfig('base_url');
} }