Pico::getBaseUrl(): Improve hostname detection with proxies
This commit is contained in:
Daniel Rudolf
parent
381b339b9f
commit
d9393df4fa
2 changed files with 13 additions and 3 deletions
|
|
@ -6,6 +6,7 @@ Released: -
|
|||
|
||||
```
|
||||
* [Changed] Improve documentation
|
||||
* [Fixed] Improve hostname detection with proxies
|
||||
```
|
||||
|
||||
### Version 1.0.4
|
||||
|
|
|
|||
15
lib/Pico.php
15
lib/Pico.php
|
|
@ -1237,6 +1237,10 @@ class Pico
|
|||
/**
|
||||
* Returns the base URL of this Pico instance
|
||||
*
|
||||
* Security Notice: You MUST configure Pico's base URL explicitly when
|
||||
* using the base URL in contexts that are potentially vulnerable to
|
||||
* HTTP Host Header Injection attacks (e.g. when generating emails).
|
||||
*
|
||||
* @return string the base url
|
||||
*/
|
||||
public function getBaseUrl()
|
||||
|
|
@ -1256,9 +1260,14 @@ class Pico
|
|||
$protocol = 'https';
|
||||
}
|
||||
|
||||
$this->config['base_url'] =
|
||||
$protocol . "://" . $_SERVER['HTTP_HOST']
|
||||
. rtrim(dirname($_SERVER['SCRIPT_NAME']), '/\\') . '/';
|
||||
$host = $_SERVER['SERVER_NAME'];
|
||||
if (!empty($_SERVER['HTTP_X_FORWARDED_HOST'])) {
|
||||
$host = $_SERVER['HTTP_X_FORWARDED_HOST'];
|
||||
} elseif (!empty($_SERVER['HTTP_HOST'])) {
|
||||
$host = $_SERVER['HTTP_HOST'];
|
||||
}
|
||||
|
||||
$this->config['base_url'] = $protocol . "://" . $host . rtrim(dirname($_SERVER['SCRIPT_NAME']), '/\\') . '/';
|
||||
|
||||
return $this->getConfig('base_url');
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue