diff options
| author | Frank Karlitschek <frank@owncloud.org> | 2012-06-01 11:06:49 +0200 |
|---|---|---|
| committer | Frank Karlitschek <frank@owncloud.org> | 2012-06-01 11:06:49 +0200 |
| commit | 0d2d613f596ad8bbff36c851c9f0232cd17c2348 (patch) | |
| tree | 4ca8430ca71cad00116d58e3dbdde4320aab8fad | |
| parent | 670022cc8af93f685892d73ac53e8d62a6c6dbf5 (diff) | |
| download | nextcloud-server-0d2d613f596ad8bbff36c851c9f0232cd17c2348.tar.gz nextcloud-server-0d2d613f596ad8bbff36c851c9f0232cd17c2348.zip | |
added a serverProtocol function that correctly returns the used protocol even if the ssl connection is terminated at a reverse_proxy or at a load balancer
| -rw-r--r-- | lib/base.php | 16 | ||||
| -rw-r--r-- | lib/helper.php | 24 | ||||
| -rw-r--r-- | lib/public/util.php | 12 |
3 files changed, 40 insertions, 12 deletions
diff --git a/lib/base.php b/lib/base.php index b2ec38ffdb8..96215410ad7 100644 --- a/lib/base.php +++ b/lib/base.php @@ -210,12 +210,10 @@ class OC{ // redirect to https site if configured if( OC_Config::getValue( "forcessl", false )){ ini_set("session.cookie_secure", "on"); - if(!isset($_SERVER['HTTPS']) or $_SERVER['HTTPS'] != 'on') { - if(!isset($_SERVER['HTTP_X_FORWARDED_PROTO']) or $_SERVER['HTTP_X_FORWARDED_PROTO']=='http') { - $url = "https://". $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI']; - header("Location: $url"); - exit(); - } + if(OC_Helper::serverProtocol()<>'https') { + $url = "https://". OC_Helper::serverHost() . $_SERVER['REQUEST_URI']; + header("Location: $url"); + exit(); } } } @@ -373,10 +371,10 @@ class OC{ // CSRF protection if(isset($_SERVER['HTTP_REFERER'])) $referer=$_SERVER['HTTP_REFERER']; else $referer=''; - if(isset($_SERVER['HTTPS']) and $_SERVER['HTTPS']<>'') $protocol='https://'; else $protocol='http://'; - $server=$protocol.$_SERVER['SERVER_NAME']; + $protocol=OC_Helper::serverProtocol().'://'; + $server=$protocol.OC_Helper::serverHost(); if(($_SERVER['REQUEST_METHOD']=='POST') and (substr($referer,0,strlen($server))<>$server)) { - $url = $protocol.$_SERVER['SERVER_NAME'].OC::$WEBROOT.'/index.php'; + $url = $protocol.OC_Helper::serverProtocol().OC::$WEBROOT.'/index.php'; header("Location: $url"); exit(); } diff --git a/lib/helper.php b/lib/helper.php index 6a2b3a6897b..3de7b3fdc10 100644 --- a/lib/helper.php +++ b/lib/helper.php @@ -89,6 +89,26 @@ class OC_Helper { return $host; } + /** + * @brief Returns the server protocol + * @returns the server protocol + * + * Returns the server protocol. It respects reverse proxy servers and load balancers + */ + public static function serverProtocol() { + if (isset($_SERVER['HTTP_X_FORWARDED_PROTO'])) { + $proto = strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']); + }else{ + if(isset($_SERVER['HTTPS']) and !empty($_SERVER['HTTPS']) and ($_SERVER['HTTPS']!='off')) { + $proto = 'https'; + }else{ + $proto = 'http'; + } + } + return($proto); + } + + /** * @brief Creates an absolute url * @param $app app @@ -99,9 +119,7 @@ class OC_Helper { */ public static function linkToAbsolute( $app, $file ) { $urlLinkTo = self::linkTo( $app, $file ); - // Checking if the request was made through HTTPS. The last in line is for IIS - $protocol = isset($_SERVER['HTTPS']) && !empty($_SERVER['HTTPS']) && ($_SERVER['HTTPS']!='off'); - $urlLinkTo = ($protocol?'https':'http') . '://' . self::serverHost() . $urlLinkTo; + $urlLinkTo = OC_Helper::serverProtocol(). '://' . self::serverHost() . $urlLinkTo; return $urlLinkTo; } diff --git a/lib/public/util.php b/lib/public/util.php index 3d20c5a4635..2abffba4c4a 100644 --- a/lib/public/util.php +++ b/lib/public/util.php @@ -168,6 +168,18 @@ class Util { return(\OC_Helper::serverHost()); } + + /** + * @brief Returns the server protocol + * @returns the server protocol + * + * Returns the server protocol. It respects reverse proxy servers and load balancers + */ + public static function getServerProtocol() { + return(\OC_Helper::serverProtocol()); + } + + /** * @brief Creates path to an image * @param $app app |