Fix wrong getHeader refactoring (#2749)

* Fix wrong getHeader refactoring Fix regression introduced by https://github.com/FreshRSS/FreshRSS/pull/2373 The refactoring required a call to init() even for static functions, which is most of the time not done. Removed premature abstraction of `$_SERVER`, which was the root cause of the bug. https://github.com/FreshRSS/FreshRSS/issues/2748#issuecomment-569898931 * Refactoring: Move serverIsPublic to Minz_Request * Add mitigations for wrong configurations Due to the regression, we have some existing configurations with a bad base_url * Forgot one instance
author: Alexandre Alapetite <alexandre@alapetite.fr> 2020-01-04 23:35:42 +0100
committer: GitHub <noreply@github.com> 2020-01-04 23:35:42 +0100
commit: 2aff347b2e942286292b21e0b20d93ab85220a17 (patch)
tree: a00c587dbaafe36da019dafca00b77357c3f58a8 /lib
parent: acc50df0efef8bd9fa937a5d640314c0e78e9117 (diff)
3 files changed, 38 insertions, 37 deletions
diff --git a/lib/Minz/Request.php b/lib/Minz/Request.php
index ef641a0e9..b294abe26 100644
--- a/lib/Minz/Request.php
+++ b/lib/Minz/Request.php
@@ -11,7 +11,6 @@ class Minz_Request {
 	private static $controller_name = '';
 	private static $action_name = '';
 	private static $params = array();
-	private static $headers = array();
 
 	private static $default_controller_name = 'index';
 	private static $default_action_name = 'index';
@@ -101,7 +100,6 @@ class Minz_Request {
 	 * Initialise la Request
 	 */
 	public static function init() {
-		static::$headers = $_SERVER;
 		self::initJSON();
 	}
 
@@ -228,6 +226,42 @@ class Minz_Request {
 	}
 
 	/**
+	 * Test if a given server address is publicly accessible.
+	 *
+	 * Note: for the moment it tests only if address is corresponding to a
+	 * localhost address.
+	 *
+	 * @param $address the address to test, can be an IP or a URL.
+	 * @return true if server is accessible, false otherwise.
+	 * @todo improve test with a more valid technique (e.g. test with an external server?)
+	 */
+	public static function serverIsPublic($address) {
+		if (strlen($address) < strlen('http://a.bc')) {
+			return false;
+		}
+		$host = parse_url($address, PHP_URL_HOST);
+		if (!$host) {
+			return false;
+		}
+
+		$is_public = !in_array($host, array(
+			'localhost',
+			'localhost.localdomain',
+			'[::1]',
+			'ip6-localhost',
+			'localhost6',
+			'localhost6.localdomain6',
+		));
+
+		if ($is_public) {
+			$is_public &= !preg_match('/^(10|127|172[.]16|192[.]168)[.]/', $host);
+			$is_public &= !preg_match('/^(\[)?(::1$|fc00::|fe80::)/i', $host);
+		}
+
+		return (bool)$is_public;
+	}
+
+	/**
 	 * Relance une requête
 	 * @param $url l'url vers laquelle est relancée la requête
 	 * @param $redirect si vrai, force la redirection http
@@ -348,10 +382,7 @@ class Minz_Request {
 	 * @return mixed
 	 */
 	public static function getHeader($header, $default = null) {
-		if (isset(static::$headers[$header])) {
-			return static::$headers[$header];
-		}
-		return $default;
+		return isset($_SERVER[$header]) ? $_SERVER[$header] : $default;
 	}
 
 	/**
diff --git a/lib/Minz/Url.php b/lib/Minz/Url.php
index 1c222ce25..5828d47df 100644
--- a/lib/Minz/Url.php
+++ b/lib/Minz/Url.php
@@ -25,7 +25,7 @@ class Minz_Url {
 
 		if ($absolute) {
 			$url_string = Minz_Request::getBaseUrl();
-			if ($url_string == '') {
+			if (strlen($url_string) < strlen('http://a.bc')) {
 				$url_string = Minz_Request::guessBaseUrl();
 				if (PUBLIC_RELATIVE === '..') {
 					//TODO: Implement proper resolver of relative parts such as /test/./../
diff --git a/lib/lib_rss.php b/lib/lib_rss.php
index 1060ef5c5..972f650bd 100644
--- a/lib/lib_rss.php
+++ b/lib/lib_rss.php
@@ -118,36 +118,6 @@ function escapeToUnicodeAlternative($text, $extended = true) {
 	return trim(str_replace($problem, $replace, $text));
 }
 
-/**
- * Test if a given server address is publicly accessible.
- *
- * Note: for the moment it tests only if address is corresponding to a
- * localhost address.
- *
- * @param $address the address to test, can be an IP or a URL.
- * @return true if server is accessible, false otherwise.
- * @todo improve test with a more valid technique (e.g. test with an external server?)
- */
-function server_is_public($address) {
-	$host = parse_url($address, PHP_URL_HOST);
-
-	$is_public = !in_array($host, array(
-		'localhost',
-		'localhost.localdomain',
-		'[::1]',
-		'ip6-localhost',
-		'localhost6',
-		'localhost6.localdomain6',
-	));
-
-	if ($is_public) {
-		$is_public &= !preg_match('/^(10|127|172[.]16|192[.]168)[.]/', $host);
-		$is_public &= !preg_match('/^(\[)?(::1$|fc00::|fe80::)/i', $host);
-	}
-
-	return (bool)$is_public;
-}
-
 function format_number($n, $precision = 0) {
 	// number_format does not seem to be Unicode-compatible
 	return str_replace(' ', ' ',  //Espace fine insécable
author	Alexandre Alapetite <alexandre@alapetite.fr>	2020-01-04 23:35:42 +0100
committer	GitHub <noreply@github.com>	2020-01-04 23:35:42 +0100
commit	2aff347b2e942286292b21e0b20d93ab85220a17 (patch)
tree	a00c587dbaafe36da019dafca00b77357c3f58a8 /lib
parent	acc50df0efef8bd9fa937a5d640314c0e78e9117 (diff)