From 6c1aa1587918f413dc6315ecc6815068fc32d9b4 Mon Sep 17 00:00:00 2001 From: shtse8 Date: Thu, 28 Sep 2017 11:44:33 +0000 Subject: [PATCH] Correct SERVER_NAME to HTTP_HOST to get a valid host url --- include/classes/user.class.php | 2 +- .../lib/swiftmailer/classes/Swift/Mime/SimpleMimeEntity.php | 2 +- .../classes/Swift/Transport/AbstractSmtpTransport.php | 6 +++--- include/pages/account/reset_failed.inc.php | 2 +- include/pages/login.inc.php | 2 +- public/index.php | 2 +- 6 files changed, 8 insertions(+), 8 deletions(-) diff --git a/include/classes/user.class.php b/include/classes/user.class.php index 0d761fde..8bfbbcca 100644 --- a/include/classes/user.class.php +++ b/include/classes/user.class.php @@ -666,7 +666,7 @@ class User extends Base { // Enforce a page reload and point towards login with referrer included, if supplied $port = ($_SERVER["SERVER_PORT"] == "80" || $_SERVER["SERVER_PORT"] == "443") ? "" : (":".$_SERVER["SERVER_PORT"]); $pushto = $_SERVER['SCRIPT_NAME'].'?page=login'; - $location = (@$_SERVER['HTTPS'] == 'on') ? 'https://' . $_SERVER['SERVER_NAME'] . $port . $pushto : 'http://' . $_SERVER['SERVER_NAME'] . $port . $pushto; + $location = (@$_SERVER['HTTPS'] == 'on') ? 'https://' . $_SERVER['HTTP_HOST'] . $port . $pushto : 'http://' . $_SERVER['HTTP_HOST'] . $port . $pushto; if (!headers_sent()) header('Location: ' . $location); exit(''); } diff --git a/include/lib/swiftmailer/classes/Swift/Mime/SimpleMimeEntity.php b/include/lib/swiftmailer/classes/Swift/Mime/SimpleMimeEntity.php index 96ac34b1..26190c1f 100644 --- a/include/lib/swiftmailer/classes/Swift/Mime/SimpleMimeEntity.php +++ b/include/lib/swiftmailer/classes/Swift/Mime/SimpleMimeEntity.php @@ -687,7 +687,7 @@ class Swift_Mime_SimpleMimeEntity implements Swift_Mime_MimeEntity protected function getRandomId() { $idLeft = md5(getmypid() . '.' . time() . '.' . uniqid(mt_rand(), true)); - $idRight = !empty($_SERVER['SERVER_NAME']) ? $_SERVER['SERVER_NAME'] : 'swift.generated'; + $idRight = !empty($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : 'swift.generated'; $id = $idLeft . '@' . $idRight; try { diff --git a/include/lib/swiftmailer/classes/Swift/Transport/AbstractSmtpTransport.php b/include/lib/swiftmailer/classes/Swift/Transport/AbstractSmtpTransport.php index e90da64a..1b91eee8 100644 --- a/include/lib/swiftmailer/classes/Swift/Transport/AbstractSmtpTransport.php +++ b/include/lib/swiftmailer/classes/Swift/Transport/AbstractSmtpTransport.php @@ -477,10 +477,10 @@ abstract class Swift_Transport_AbstractSmtpTransport implements Swift_Transport /** Try to determine the hostname of the server this is run on */ private function _lookupHostname() { - if (!empty($_SERVER['SERVER_NAME']) - && $this->_isFqdn($_SERVER['SERVER_NAME'])) + if (!empty($_SERVER['HTTP_HOST']) + && $this->_isFqdn($_SERVER['HTTP_HOST'])) { - $this->_domain = $_SERVER['SERVER_NAME']; + $this->_domain = $_SERVER['HTTP_HOST']; } elseif (!empty($_SERVER['SERVER_ADDR'])) { $this->_domain = sprintf('[%s]', $_SERVER['SERVER_ADDR']); } diff --git a/include/pages/account/reset_failed.inc.php b/include/pages/account/reset_failed.inc.php index 7ac0cda0..8aa095a2 100644 --- a/include/pages/account/reset_failed.inc.php +++ b/include/pages/account/reset_failed.inc.php @@ -6,7 +6,7 @@ if ($user->isAuthenticated()) { $user->setUserFailed($_SESSION['USERDATA']['id'], 0); $port = ($_SERVER["SERVER_PORT"] == "80" || $_SERVER["SERVER_PORT"] == "443") ? "" : (":".$_SERVER["SERVER_PORT"]); $pushto = $_SERVER['SCRIPT_NAME'].'?page=dashboard'; - $location = (@$_SERVER['HTTPS'] == 'on') ? 'https://' . $_SERVER['SERVER_NAME'] . $port . $pushto : 'http://' . $_SERVER['SERVER_NAME'] . $port . $pushto; + $location = (@$_SERVER['HTTPS'] == 'on') ? 'https://' . $_SERVER['HTTP_HOST'] . $port . $pushto : 'http://' . $_SERVER['HTTP_HOST'] . $port . $pushto; header("Location: " . $location); } // Somehow we still need to load this empty template diff --git a/include/pages/login.inc.php b/include/pages/login.inc.php index a40541a7..3b1530ab 100644 --- a/include/pages/login.inc.php +++ b/include/pages/login.inc.php @@ -29,7 +29,7 @@ if (!empty($_POST['username']) && !empty($_POST['password'])) { if ($user->checkLogin(@$_POST['username'], @$_POST['password']) ) { $port = ($_SERVER["SERVER_PORT"] == "80" || $_SERVER["SERVER_PORT"] == "443") ? "" : (":".$_SERVER["SERVER_PORT"]); $location = (@$_SERVER['HTTPS'] == "on") ? 'https://' : 'http://'; - $location .= $_SERVER['SERVER_NAME'] . $port . $_SERVER['SCRIPT_NAME']; + $location .= $_SERVER['HTTP_HOST'] . $port . $_SERVER['SCRIPT_NAME']; $location.= '?page=dashboard'; if (!headers_sent()) header('Location: ' . $location); exit(''); diff --git a/public/index.php b/public/index.php index fd305a8a..f74dd4cd 100644 --- a/public/index.php +++ b/public/index.php @@ -40,7 +40,7 @@ define("BASEPATH", dirname(__FILE__) . "/"); include_once(BASEPATH . '../include/bootstrap.php'); // switch to https if config option is enabled -$hts = ($config['https_only'] && (!empty($_SERVER['QUERY_STRING']))) ? "https://".$_SERVER['SERVER_NAME'].$_SERVER['SCRIPT_NAME']."?".$_SERVER['QUERY_STRING'] : "https://".$_SERVER['SERVER_NAME'].$_SERVER['SCRIPT_NAME']; +$hts = ($config['https_only'] && (!empty($_SERVER['QUERY_STRING']))) ? "https://".$_SERVER['HTTP_HOST'].$_SERVER['SCRIPT_NAME']."?".$_SERVER['QUERY_STRING'] : "https://".$_SERVER['HTTP_HOST'].$_SERVER['SCRIPT_NAME']; ($config['https_only'] && @!$_SERVER['HTTPS']) ? exit(header("Location: ".$hts)):0; // Rate limiting, we use our initilized memcache from bootstrap/autoloader