From 27d2b88a19345dfc665dc086d3c2b2e4547e1b7f Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Sat, 23 May 2015 02:23:38 +0200
Subject: Minz getBaseUrl correction and RSS template bug

https://github.com/FreshRSS/FreshRSS/issues/848
Corrections in Minz (HTTP_HOST was not sanitized, getURI() was never
used and not working anyway with absolute base_url)
$this->url was not defined in rss.phtml
---
 lib/Minz/Request.php | 46 ++++++++++++++--------------------------------
 1 file changed, 14 insertions(+), 32 deletions(-)

(limited to 'lib/Minz/Request.php')

diff --git a/lib/Minz/Request.php b/lib/Minz/Request.php
index 6db2e9c7a..b9eda82a5 100644
--- a/lib/Minz/Request.php
+++ b/lib/Minz/Request.php
@@ -84,45 +84,27 @@ class Minz_Request {
 		self::magicQuotesOff();
 	}
 
-	/**
-	 * Retourn le nom de domaine du site
-	 */
-	public static function getDomainName() {
-		return $_SERVER['HTTP_HOST'];
-	}
-
 	/**
 	 * Détermine la base de l'url
 	 * @return la base de l'url
 	 */
-	public static function getBaseUrl() {
+	public static function getBaseUrl($baseUrlSuffix = '') {
 		$conf = Minz_Configuration::get('system');
-		$defaultBaseUrl = $conf->base_url;
-		if (!empty($defaultBaseUrl)) {
-			return $defaultBaseUrl;
-		} elseif (isset($_SERVER['REQUEST_URI'])) {
-			return dirname($_SERVER['REQUEST_URI']) . '/';
-		} else {
-			return '/';
-		}
-	}
-
-	/**
-	 * Récupère l'URI de la requête
-	 * @return l'URI
-	 */
-	public static function getURI() {
-		if (isset($_SERVER['REQUEST_URI'])) {
-			$base_url = self::getBaseUrl();
-			$uri = $_SERVER['REQUEST_URI'];
-
-			$len_base_url = strlen($base_url);
-			$real_uri = substr($uri, $len_base_url);
+		$url = $conf->base_url;
+		if ($url == '' || !preg_match('%^https?://%i', $url)) {
+			$url = 'http';
+			$host = empty($_SERVER['HTTP_HOST']) ? $_SERVER['SERVER_NAME'] : $_SERVER['HTTP_HOST'];
+			$port = empty($_SERVER['SERVER_PORT']) ? 80 : $_SERVER['SERVER_PORT'];
+			if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on') {
+				$url .= 's://' . $host . ($port == 443 ? '' : ':' . $port);
+			} else {
+				$url .= '://' . $host . ($port == 80 ? '' : ':' . $port);
+			}
+			$url .= isset($_SERVER['REQUEST_URI']) ? dirname($_SERVER['REQUEST_URI']) : '';
 		} else {
-			$real_uri = '';
+			$url = rtrim($url, '/\\') . $baseUrlSuffix;
 		}
-
-		return $real_uri;
+		return filter_var($url . '/', FILTER_SANITIZE_URL);
 	}
 
 	/**
-- 
cgit v1.2.3


From 2d22bf300a8dabcc77237f4bb56bf6532486fca2 Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Fri, 17 Jul 2015 23:43:43 +0200
Subject: dirname problem

https://github.com/FreshRSS/FreshRSS/issues/906
---
 lib/Minz/Request.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'lib/Minz/Request.php')

diff --git a/lib/Minz/Request.php b/lib/Minz/Request.php
index b9eda82a5..67fbae126 100644
--- a/lib/Minz/Request.php
+++ b/lib/Minz/Request.php
@@ -100,7 +100,10 @@ class Minz_Request {
 			} else {
 				$url .= '://' . $host . ($port == 80 ? '' : ':' . $port);
 			}
-			$url .= isset($_SERVER['REQUEST_URI']) ? dirname($_SERVER['REQUEST_URI']) : '';
+			if (isset($_SERVER['REQUEST_URI'])) {
+				$path = $_SERVER['REQUEST_URI'];
+				$url .= substr($path, -1) === '/' ? substr($path, 0, -1) : dirname($path);
+			}
 		} else {
 			$url = rtrim($url, '/\\') . $baseUrlSuffix;
 		}
-- 
cgit v1.2.3


From 6db09411968ff0eac722efde79628b501b8dbe5e Mon Sep 17 00:00:00 2001
From: Marien Fressinaud <dev@marienfressinaud.fr>
Date: Thu, 23 Jul 2015 10:05:32 +0200
Subject: Fix unexpected behaviour in getBaseUrl

- getBaseUrl() returns info from configuration only and always append
  the suffix
- add a guessBaseUrl() to extract base_url from $_SERVER info
- fix Url::display() to take this change in consideration

Fix https://github.com/FreshRSS/FreshRSS/issues/906
Use https://github.com/FreshRSS/FreshRSS/pull/910
---
 lib/Minz/Request.php | 48 ++++++++++++++++++++++++++++--------------------
 lib/Minz/Url.php     |  3 +++
 2 files changed, 31 insertions(+), 20 deletions(-)

(limited to 'lib/Minz/Request.php')

diff --git a/lib/Minz/Request.php b/lib/Minz/Request.php
index 67fbae126..059b4359c 100644
--- a/lib/Minz/Request.php
+++ b/lib/Minz/Request.php
@@ -85,29 +85,37 @@ class Minz_Request {
 	}
 
 	/**
-	 * Détermine la base de l'url
-	 * @return la base de l'url
+	 * Try to guess the base URL from $_SERVER information
+	 *
+	 * @return the base url (e.g. http://example.com/)
 	 */
-	public static function getBaseUrl($baseUrlSuffix = '') {
-		$conf = Minz_Configuration::get('system');
-		$url = $conf->base_url;
-		if ($url == '' || !preg_match('%^https?://%i', $url)) {
-			$url = 'http';
-			$host = empty($_SERVER['HTTP_HOST']) ? $_SERVER['SERVER_NAME'] : $_SERVER['HTTP_HOST'];
-			$port = empty($_SERVER['SERVER_PORT']) ? 80 : $_SERVER['SERVER_PORT'];
-			if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on') {
-				$url .= 's://' . $host . ($port == 443 ? '' : ':' . $port);
-			} else {
-				$url .= '://' . $host . ($port == 80 ? '' : ':' . $port);
-			}
-			if (isset($_SERVER['REQUEST_URI'])) {
-				$path = $_SERVER['REQUEST_URI'];
-				$url .= substr($path, -1) === '/' ? substr($path, 0, -1) : dirname($path);
-			}
+	public static function guessBaseUrl() {
+		$url = 'http';
+		$host = empty($_SERVER['HTTP_HOST']) ? $_SERVER['SERVER_NAME'] : $_SERVER['HTTP_HOST'];
+		$port = empty($_SERVER['SERVER_PORT']) ? 80 : $_SERVER['SERVER_PORT'];
+		if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on') {
+			$url .= 's://' . $host . ($port == 443 ? '' : ':' . $port);
 		} else {
-			$url = rtrim($url, '/\\') . $baseUrlSuffix;
+			$url .= '://' . $host . ($port == 80 ? '' : ':' . $port);
+		}
+		if (isset($_SERVER['REQUEST_URI'])) {
+			$path = $_SERVER['REQUEST_URI'];
+			$url .= substr($path, -1) === '/' ? substr($path, 0, -1) : dirname($path);
 		}
-		return filter_var($url . '/', FILTER_SANITIZE_URL);
+
+		return $url;
+	}
+
+	/**
+	 * Return the base_url from configuration and add a suffix if given.
+	 *
+	 * @param $base_url_suffix a string to add at base_url (default: empty string)
+	 * @return the base_url with a suffix.
+	 */
+	public static function getBaseUrl($base_url_suffix = '') {
+		$conf = Minz_Configuration::get('system');
+		$url = rtrim($conf->base_url, '/\\') . $base_url_suffix;
+		return filter_var($url, FILTER_SANITIZE_URL);
 	}
 
 	/**
diff --git a/lib/Minz/Url.php b/lib/Minz/Url.php
index a2809257d..4279b045b 100644
--- a/lib/Minz/Url.php
+++ b/lib/Minz/Url.php
@@ -25,6 +25,9 @@ class Minz_Url {
 
 		if ($absolute) {
 			$url_string = Minz_Request::getBaseUrl(PUBLIC_TO_INDEX_PATH);
+			if ($url_string === PUBLIC_TO_INDEX_PATH) {
+				$url_string = Minz_Request::guessBaseUrl();
+			}
 		} else {
 			$url_string = $isArray ? '.' : PUBLIC_RELATIVE;
 		}
-- 
cgit v1.2.3


From 1e65fd687e030a24773e88a2e7fb173e8439a99a Mon Sep 17 00:00:00 2001
From: Marien Fressinaud <dev@marienfressinaud.fr>
Date: Thu, 23 Jul 2015 11:38:56 +0200
Subject: Use filter_var in guessBaseUrl

See https://github.com/FreshRSS/FreshRSS/issues/906
See https://github.com/FreshRSS/FreshRSS/pull/915/files#r35304704
---
 lib/Minz/Request.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lib/Minz/Request.php')

diff --git a/lib/Minz/Request.php b/lib/Minz/Request.php
index 059b4359c..bf01bc26f 100644
--- a/lib/Minz/Request.php
+++ b/lib/Minz/Request.php
@@ -103,7 +103,7 @@ class Minz_Request {
 			$url .= substr($path, -1) === '/' ? substr($path, 0, -1) : dirname($path);
 		}
 
-		return $url;
+		return filter_var($url, FILTER_SANITIZE_URL);
 	}
 
 	/**
-- 
cgit v1.2.3


From bfae186e3668af8155b77abb5c4b3dc5f151e14c Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Sun, 25 Oct 2015 01:27:15 +0200
Subject: Use HTTP_X_FORWARDED_

https://github.com/FreshRSS/FreshRSS/issues/975
---
 lib/Minz/Request.php | 27 ++++++++++++++++++++++++---
 1 file changed, 24 insertions(+), 3 deletions(-)

(limited to 'lib/Minz/Request.php')

diff --git a/lib/Minz/Request.php b/lib/Minz/Request.php
index bf01bc26f..effb9943c 100644
--- a/lib/Minz/Request.php
+++ b/lib/Minz/Request.php
@@ -91,9 +91,30 @@ class Minz_Request {
 	 */
 	public static function guessBaseUrl() {
 		$url = 'http';
-		$host = empty($_SERVER['HTTP_HOST']) ? $_SERVER['SERVER_NAME'] : $_SERVER['HTTP_HOST'];
-		$port = empty($_SERVER['SERVER_PORT']) ? 80 : $_SERVER['SERVER_PORT'];
-		if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on') {
+
+		if (isset($_SERVER['HTTP_X_FORWARDED_PROTO'])) {
+			$https = strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) === 'https';
+		} else {
+			$https = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on';
+		}
+
+		if (!empty($_SERVER['HTTP_HOST'])) {
+			$host = $_SERVER['HTTP_HOST'];
+		} elseif (!empty($_SERVER['SERVER_NAME'])) {
+			$host = $_SERVER['SERVER_NAME'];
+		} else {
+			$host = 'localhost';
+		}
+
+		if (!empty($_SERVER['HTTP_X_FORWARDED_PORT'])) {
+			$port = intval($_SERVER['HTTP_X_FORWARDED_PORT']);
+		} elseif (!empty($_SERVER['SERVER_PORT'])) {
+			$port = intval($_SERVER['SERVER_PORT']);
+		} else {
+			$port = $https ? 443 : 80;
+		}
+
+		if ($https) {
 			$url .= 's://' . $host . ($port == 443 ? '' : ':' . $port);
 		} else {
 			$url .= '://' . $host . ($port == 80 ? '' : ':' . $port);
-- 
cgit v1.2.3