From 217c191a1ba3ac03b847d261a32e19975380fcad Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Mon, 11 May 2015 22:42:41 +0200 Subject: More SQLite compatibility Additional changes to add compatibility with SQLite for the new hash/lastSeen mode of updating articles. --- lib/Minz/ModelPdo.php | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'lib/Minz') diff --git a/lib/Minz/ModelPdo.php b/lib/Minz/ModelPdo.php index ac7a1bed7..3e8ec1f43 100644 --- a/lib/Minz/ModelPdo.php +++ b/lib/Minz/ModelPdo.php @@ -134,4 +134,9 @@ class MinzPDO extends PDO { MinzPDO::check($statement); return parent::exec($statement); } + + public function query($statement) { + MinzPDO::check($statement); + return parent::query($statement); + } } -- cgit v1.2.3 From 27d2b88a19345dfc665dc086d3c2b2e4547e1b7f Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Sat, 23 May 2015 02:23:38 +0200 Subject: Minz getBaseUrl correction and RSS template bug https://github.com/FreshRSS/FreshRSS/issues/848 Corrections in Minz (HTTP_HOST was not sanitized, getURI() was never used and not working anyway with absolute base_url) $this->url was not defined in rss.phtml --- app/Controllers/indexController.php | 1 + constants.php | 3 ++- lib/Minz/Request.php | 46 +++++++++++-------------------------- lib/Minz/Url.php | 10 +------- 4 files changed, 18 insertions(+), 42 deletions(-) (limited to 'lib/Minz') diff --git a/app/Controllers/indexController.php b/app/Controllers/indexController.php index c1aaca53f..baaf99065 100755 --- a/app/Controllers/indexController.php +++ b/app/Controllers/indexController.php @@ -137,6 +137,7 @@ class FreshRSS_index_Controller extends Minz_ActionController { } // No layout for RSS output. + $this->view->url = empty($_SERVER['QUERY_STRING']) ? '' : '?' . $_SERVER['QUERY_STRING']; $this->view->rss_title = FreshRSS_Context::$name . ' | ' . Minz_View::title(); $this->view->_useLayout(false); header('Content-Type: application/rss+xml; charset=utf-8'); diff --git a/constants.php b/constants.php index b20bf0710..d32fdfa9b 100644 --- a/constants.php +++ b/constants.php @@ -11,7 +11,8 @@ define('PHP_COMPRESSION', false); define('FRESHRSS_PATH', dirname(__FILE__)); define('PUBLIC_PATH', FRESHRSS_PATH . '/p'); - define('INDEX_PATH', PUBLIC_PATH . '/i'); + define('PUBLIC_TO_INDEX_PATH', '/i'); + define('INDEX_PATH', PUBLIC_PATH . PUBLIC_TO_INDEX_PATH); define('PUBLIC_RELATIVE', '..'); define('DATA_PATH', FRESHRSS_PATH . '/data'); diff --git a/lib/Minz/Request.php b/lib/Minz/Request.php index 6db2e9c7a..b9eda82a5 100644 --- a/lib/Minz/Request.php +++ b/lib/Minz/Request.php @@ -84,45 +84,27 @@ class Minz_Request { self::magicQuotesOff(); } - /** - * Retourn le nom de domaine du site - */ - public static function getDomainName() { - return $_SERVER['HTTP_HOST']; - } - /** * Détermine la base de l'url * @return la base de l'url */ - public static function getBaseUrl() { + public static function getBaseUrl($baseUrlSuffix = '') { $conf = Minz_Configuration::get('system'); - $defaultBaseUrl = $conf->base_url; - if (!empty($defaultBaseUrl)) { - return $defaultBaseUrl; - } elseif (isset($_SERVER['REQUEST_URI'])) { - return dirname($_SERVER['REQUEST_URI']) . '/'; - } else { - return '/'; - } - } - - /** - * Récupère l'URI de la requête - * @return l'URI - */ - public static function getURI() { - if (isset($_SERVER['REQUEST_URI'])) { - $base_url = self::getBaseUrl(); - $uri = $_SERVER['REQUEST_URI']; - - $len_base_url = strlen($base_url); - $real_uri = substr($uri, $len_base_url); + $url = $conf->base_url; + if ($url == '' || !preg_match('%^https?://%i', $url)) { + $url = 'http'; + $host = empty($_SERVER['HTTP_HOST']) ? $_SERVER['SERVER_NAME'] : $_SERVER['HTTP_HOST']; + $port = empty($_SERVER['SERVER_PORT']) ? 80 : $_SERVER['SERVER_PORT']; + if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on') { + $url .= 's://' . $host . ($port == 443 ? '' : ':' . $port); + } else { + $url .= '://' . $host . ($port == 80 ? '' : ':' . $port); + } + $url .= isset($_SERVER['REQUEST_URI']) ? dirname($_SERVER['REQUEST_URI']) : ''; } else { - $real_uri = ''; + $url = rtrim($url, '/\\') . $baseUrlSuffix; } - - return $real_uri; + return filter_var($url . '/', FILTER_SANITIZE_URL); } /** diff --git a/lib/Minz/Url.php b/lib/Minz/Url.php index af555a277..a47d8f1a6 100644 --- a/lib/Minz/Url.php +++ b/lib/Minz/Url.php @@ -10,7 +10,6 @@ class Minz_Url { * $url['c'] = controller * $url['a'] = action * $url['params'] = tableau des paramètres supplémentaires - * $url['protocol'] = protocole à utiliser (http par défaut) * ou comme une chaîne de caractère * @param $encodage pour indiquer comment encoder les & (& ou & pour html) * @return l'url formatée @@ -25,14 +24,7 @@ class Minz_Url { $url_string = ''; if ($absolute) { - if ($isArray && isset ($url['protocol'])) { - $protocol = $url['protocol']; - } elseif (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') { - $protocol = 'https:'; - } else { - $protocol = 'http:'; - } - $url_string = $protocol . '//' . Minz_Request::getDomainName () . Minz_Request::getBaseUrl (); + $url_string = Minz_Request::getBaseUrl(PUBLIC_TO_INDEX_PATH); } else { $url_string = $isArray ? '.' : PUBLIC_RELATIVE; } -- cgit v1.2.3 From a5a24108ef923c47422f6b10db57863739a996cd Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Sat, 30 May 2015 19:25:20 +0200 Subject: Minz URL encoding bug See also https://github.com/FreshRSS/FreshRSS/pull/849 --- lib/Minz/Url.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'lib/Minz') diff --git a/lib/Minz/Url.php b/lib/Minz/Url.php index a47d8f1a6..879077d0f 100644 --- a/lib/Minz/Url.php +++ b/lib/Minz/Url.php @@ -18,7 +18,7 @@ class Minz_Url { $isArray = is_array($url); if ($isArray) { - $url = self::checkUrl ($url); + $url = self::checkUrl($url); } $url_string = ''; @@ -30,9 +30,9 @@ class Minz_Url { } if ($isArray) { - $url_string .= self::printUri ($url, $encodage); + $url_string .= self::printUri($url, $encodage); } else { - $url_string .= $url; + $url_string = Minz_Helper::htmlspecialchars_utf8($url_string . $url); } return $url_string; -- cgit v1.2.3 From 568ab2313d5a922e06d7f0c33b3e39dd152d43db Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Wed, 3 Jun 2015 22:07:25 +0200 Subject: PDO options for e.g. SSL https://github.com/FreshRSS/FreshRSS/issues/868 --- data/config.default.php | 3 +++ lib/Minz/ModelPdo.php | 10 ++++------ 2 files changed, 7 insertions(+), 6 deletions(-) (limited to 'lib/Minz') diff --git a/data/config.default.php b/data/config.default.php index 80d331df7..7c179c8a0 100644 --- a/data/config.default.php +++ b/data/config.default.php @@ -99,6 +99,9 @@ return array( # MySQL table prefix. 'prefix' => '', + 'pdo_options' => array( + ), + ), # List of enabled FreshRSS extensions. diff --git a/lib/Minz/ModelPdo.php b/lib/Minz/ModelPdo.php index 3e8ec1f43..e82c1f30a 100644 --- a/lib/Minz/ModelPdo.php +++ b/lib/Minz/ModelPdo.php @@ -53,21 +53,19 @@ class Minz_ModelPdo { $this->current_user = $currentUser; self::$sharedCurrentUser = $currentUser; + $driver_options = is_array($conf->db['pdo_options']) ? $conf->db['pdo_options'] : array(); + try { $type = $db['type']; if ($type === 'mysql') { $string = 'mysql:host=' . $db['host'] . ';dbname=' . $db['base'] . ';charset=utf8'; - $driver_options = array( - PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES utf8', - ); + $driver_options[PDO::MYSQL_ATTR_INIT_COMMAND] = 'SET NAMES utf8'; $this->prefix = $db['prefix'] . $currentUser . '_'; } elseif ($type === 'sqlite') { $string = 'sqlite:' . join_path(DATA_PATH, 'users', $currentUser, 'db.sqlite'); - $driver_options = array( - //PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, - ); + //$driver_options[PDO::ATTR_ERRMODE] = PDO::ERRMODE_EXCEPTION; $this->prefix = ''; } else { throw new Minz_PDOConnectionException( -- cgit v1.2.3 From 9b512b82e2e65c6ca18199ed328de2645a7bc84e Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Wed, 3 Jun 2015 22:17:40 +0200 Subject: PDO config isset https://github.com/FreshRSS/FreshRSS/issues/868 --- lib/Minz/ModelPdo.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/Minz') diff --git a/lib/Minz/ModelPdo.php b/lib/Minz/ModelPdo.php index e82c1f30a..25999f02b 100644 --- a/lib/Minz/ModelPdo.php +++ b/lib/Minz/ModelPdo.php @@ -53,7 +53,7 @@ class Minz_ModelPdo { $this->current_user = $currentUser; self::$sharedCurrentUser = $currentUser; - $driver_options = is_array($conf->db['pdo_options']) ? $conf->db['pdo_options'] : array(); + $driver_options = isset($conf->db['pdo_options']) && is_array($conf->db['pdo_options']) ? $conf->db['pdo_options'] : array(); try { $type = $db['type']; -- cgit v1.2.3 From da5033859ba990ef1f5f3dfbc1f5d7a2f4d4d6f8 Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Sat, 6 Jun 2015 15:10:37 +0200 Subject: Force HTML content-type with charset Force UTF-8 https://github.com/FreshRSS/FreshRSS/issues/870 --- lib/Minz/View.php | 1 + 1 file changed, 1 insertion(+) (limited to 'lib/Minz') diff --git a/lib/Minz/View.php b/lib/Minz/View.php index ff5cce4a5..8c5230ab6 100644 --- a/lib/Minz/View.php +++ b/lib/Minz/View.php @@ -91,6 +91,7 @@ class Minz_View { * Construit le layout */ public function buildLayout () { + header('Content-Type: text/html; charset=UTF-8'); $this->includeFile(self::LAYOUT_PATH_NAME . self::LAYOUT_FILENAME); } -- cgit v1.2.3 From 241086fa672226cf799a82daad364fb82272da3b Mon Sep 17 00:00:00 2001 From: Marien Fressinaud Date: Mon, 13 Jul 2015 23:11:05 +0200 Subject: Fix broken links for extension script/style files Fix https://github.com/FreshRSS/FreshRSS/issues/862 --- lib/Minz/Extension.php | 2 +- lib/Minz/Url.php | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) (limited to 'lib/Minz') diff --git a/lib/Minz/Extension.php b/lib/Minz/Extension.php index d7ee8fe81..78b8a2725 100644 --- a/lib/Minz/Extension.php +++ b/lib/Minz/Extension.php @@ -168,7 +168,7 @@ class Minz_Extension { $url = '/ext.php?f=' . $file_name_url . '&t=' . $type . '&' . $mtime; - return Minz_Url::display($url); + return Minz_Url::display($url, 'php'); } /** diff --git a/lib/Minz/Url.php b/lib/Minz/Url.php index 879077d0f..a2809257d 100644 --- a/lib/Minz/Url.php +++ b/lib/Minz/Url.php @@ -31,8 +31,10 @@ class Minz_Url { if ($isArray) { $url_string .= self::printUri($url, $encodage); - } else { + } elseif ($encodage === 'html') { $url_string = Minz_Helper::htmlspecialchars_utf8($url_string . $url); + } else { + $url_string .= $url; } return $url_string; -- cgit v1.2.3 From 2d22bf300a8dabcc77237f4bb56bf6532486fca2 Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Fri, 17 Jul 2015 23:43:43 +0200 Subject: dirname problem https://github.com/FreshRSS/FreshRSS/issues/906 --- lib/Minz/Request.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'lib/Minz') diff --git a/lib/Minz/Request.php b/lib/Minz/Request.php index b9eda82a5..67fbae126 100644 --- a/lib/Minz/Request.php +++ b/lib/Minz/Request.php @@ -100,7 +100,10 @@ class Minz_Request { } else { $url .= '://' . $host . ($port == 80 ? '' : ':' . $port); } - $url .= isset($_SERVER['REQUEST_URI']) ? dirname($_SERVER['REQUEST_URI']) : ''; + if (isset($_SERVER['REQUEST_URI'])) { + $path = $_SERVER['REQUEST_URI']; + $url .= substr($path, -1) === '/' ? substr($path, 0, -1) : dirname($path); + } } else { $url = rtrim($url, '/\\') . $baseUrlSuffix; } -- cgit v1.2.3 From 6db09411968ff0eac722efde79628b501b8dbe5e Mon Sep 17 00:00:00 2001 From: Marien Fressinaud Date: Thu, 23 Jul 2015 10:05:32 +0200 Subject: Fix unexpected behaviour in getBaseUrl - getBaseUrl() returns info from configuration only and always append the suffix - add a guessBaseUrl() to extract base_url from $_SERVER info - fix Url::display() to take this change in consideration Fix https://github.com/FreshRSS/FreshRSS/issues/906 Use https://github.com/FreshRSS/FreshRSS/pull/910 --- lib/Minz/Request.php | 48 ++++++++++++++++++++++++++++-------------------- lib/Minz/Url.php | 3 +++ 2 files changed, 31 insertions(+), 20 deletions(-) (limited to 'lib/Minz') diff --git a/lib/Minz/Request.php b/lib/Minz/Request.php index 67fbae126..059b4359c 100644 --- a/lib/Minz/Request.php +++ b/lib/Minz/Request.php @@ -85,29 +85,37 @@ class Minz_Request { } /** - * Détermine la base de l'url - * @return la base de l'url + * Try to guess the base URL from $_SERVER information + * + * @return the base url (e.g. http://example.com/) */ - public static function getBaseUrl($baseUrlSuffix = '') { - $conf = Minz_Configuration::get('system'); - $url = $conf->base_url; - if ($url == '' || !preg_match('%^https?://%i', $url)) { - $url = 'http'; - $host = empty($_SERVER['HTTP_HOST']) ? $_SERVER['SERVER_NAME'] : $_SERVER['HTTP_HOST']; - $port = empty($_SERVER['SERVER_PORT']) ? 80 : $_SERVER['SERVER_PORT']; - if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on') { - $url .= 's://' . $host . ($port == 443 ? '' : ':' . $port); - } else { - $url .= '://' . $host . ($port == 80 ? '' : ':' . $port); - } - if (isset($_SERVER['REQUEST_URI'])) { - $path = $_SERVER['REQUEST_URI']; - $url .= substr($path, -1) === '/' ? substr($path, 0, -1) : dirname($path); - } + public static function guessBaseUrl() { + $url = 'http'; + $host = empty($_SERVER['HTTP_HOST']) ? $_SERVER['SERVER_NAME'] : $_SERVER['HTTP_HOST']; + $port = empty($_SERVER['SERVER_PORT']) ? 80 : $_SERVER['SERVER_PORT']; + if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on') { + $url .= 's://' . $host . ($port == 443 ? '' : ':' . $port); } else { - $url = rtrim($url, '/\\') . $baseUrlSuffix; + $url .= '://' . $host . ($port == 80 ? '' : ':' . $port); + } + if (isset($_SERVER['REQUEST_URI'])) { + $path = $_SERVER['REQUEST_URI']; + $url .= substr($path, -1) === '/' ? substr($path, 0, -1) : dirname($path); } - return filter_var($url . '/', FILTER_SANITIZE_URL); + + return $url; + } + + /** + * Return the base_url from configuration and add a suffix if given. + * + * @param $base_url_suffix a string to add at base_url (default: empty string) + * @return the base_url with a suffix. + */ + public static function getBaseUrl($base_url_suffix = '') { + $conf = Minz_Configuration::get('system'); + $url = rtrim($conf->base_url, '/\\') . $base_url_suffix; + return filter_var($url, FILTER_SANITIZE_URL); } /** diff --git a/lib/Minz/Url.php b/lib/Minz/Url.php index a2809257d..4279b045b 100644 --- a/lib/Minz/Url.php +++ b/lib/Minz/Url.php @@ -25,6 +25,9 @@ class Minz_Url { if ($absolute) { $url_string = Minz_Request::getBaseUrl(PUBLIC_TO_INDEX_PATH); + if ($url_string === PUBLIC_TO_INDEX_PATH) { + $url_string = Minz_Request::guessBaseUrl(); + } } else { $url_string = $isArray ? '.' : PUBLIC_RELATIVE; } -- cgit v1.2.3 From 1e65fd687e030a24773e88a2e7fb173e8439a99a Mon Sep 17 00:00:00 2001 From: Marien Fressinaud Date: Thu, 23 Jul 2015 11:38:56 +0200 Subject: Use filter_var in guessBaseUrl See https://github.com/FreshRSS/FreshRSS/issues/906 See https://github.com/FreshRSS/FreshRSS/pull/915/files#r35304704 --- lib/Minz/Request.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/Minz') diff --git a/lib/Minz/Request.php b/lib/Minz/Request.php index 059b4359c..bf01bc26f 100644 --- a/lib/Minz/Request.php +++ b/lib/Minz/Request.php @@ -103,7 +103,7 @@ class Minz_Request { $url .= substr($path, -1) === '/' ? substr($path, 0, -1) : dirname($path); } - return $url; + return filter_var($url, FILTER_SANITIZE_URL); } /** -- cgit v1.2.3 From c1a44a8761778da81bde608f6d20f5decdd8b9b6 Mon Sep 17 00:00:00 2001 From: Marien Fressinaud Date: Mon, 27 Jul 2015 14:46:41 +0200 Subject: Load configuration by recursion - Remove Minz_Configuration::$data_default - Default values are loaded first in $data - $data values are replaced by values from config file Fix https://github.com/FreshRSS/FreshRSS/issues/923 --- lib/Minz/Configuration.php | 26 ++++++++++---------------- 1 file changed, 10 insertions(+), 16 deletions(-) (limited to 'lib/Minz') diff --git a/lib/Minz/Configuration.php b/lib/Minz/Configuration.php index ab5bb4fc2..1db8e2daf 100644 --- a/lib/Minz/Configuration.php +++ b/lib/Minz/Configuration.php @@ -84,11 +84,6 @@ class Minz_Configuration { */ private $data = array(); - /** - * The default values, an empty array by default. - */ - private $data_default = array(); - /** * An object which help to set good values in configuration. */ @@ -119,21 +114,22 @@ class Minz_Configuration { $configuration_setter = null) { $this->namespace = $namespace; $this->config_filename = $config_filename; + $this->default_filename = $default_filename; + $this->_configurationSetter($configuration_setter); + + if (!is_null($this->default_filename)) { + $this->data = self::load($this->default_filename); + } try { - $this->data = self::load($this->config_filename); + $this->data = array_replace_recursive( + $this->data, self::load($this->config_filename) + ); } catch (Minz_FileNotExistException $e) { - if (is_null($default_filename)) { + if (is_null($this->default_filename)) { throw $e; } } - - $this->default_filename = $default_filename; - if (!is_null($this->default_filename)) { - $this->data_default = self::load($this->default_filename); - } - - $this->_configurationSetter($configuration_setter); } /** @@ -160,8 +156,6 @@ class Minz_Configuration { return $this->data[$key]; } elseif (!is_null($default)) { return $default; - } elseif (isset($this->data_default[$key])) { - return $this->data_default[$key]; } else { Minz_Log::warning($key . ' does not exist in configuration'); return null; -- cgit v1.2.3 From 6dbe33c51e83bbfc1e18c5bdf764411799502a99 Mon Sep 17 00:00:00 2001 From: Marien Fressinaud Date: Wed, 29 Jul 2015 07:59:05 +0200 Subject: Don't hide errors in configuration Fix https://github.com/FreshRSS/FreshRSS/issues/920 --- lib/Minz/Configuration.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/Minz') diff --git a/lib/Minz/Configuration.php b/lib/Minz/Configuration.php index 1db8e2daf..d695d4a53 100644 --- a/lib/Minz/Configuration.php +++ b/lib/Minz/Configuration.php @@ -39,7 +39,7 @@ class Minz_Configuration { throw new Minz_FileNotExistException($filename); } - $data = @include($filename); + $data = include($filename); if (is_array($data)) { return $data; } else { -- cgit v1.2.3 From f7190c34e1a1ea36bbc81a7dea8dcb7a39cea7cf Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Thu, 30 Jul 2015 23:42:28 +0200 Subject: Minz session cookie path bug https://github.com/FreshRSS/FreshRSS/issues/924#issuecomment-126499403 --- lib/Minz/Session.php | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) (limited to 'lib/Minz') diff --git a/lib/Minz/Session.php b/lib/Minz/Session.php index 058685ada..14a093bf7 100644 --- a/lib/Minz/Session.php +++ b/lib/Minz/Session.php @@ -65,10 +65,9 @@ class Minz_Session { * @param $l la durée de vie */ public static function keepCookie($l) { - // Get the script_name (e.g. /p/i/index.php) and keep only the path. - $cookie_dir = empty($_SERVER['SCRIPT_NAME']) ? '' : $_SERVER['SCRIPT_NAME']; - $cookie_dir = dirname($cookie_dir); - session_set_cookie_params($l, $cookie_dir, '', false, true); + // Get the script_name (e.g. /p/i/index.php) and keep only the path. + $cookie_dir = dirname(empty($_SERVER['REQUEST_URI']) ? '/' : dirname($_SERVER['REQUEST_URI'])); + session_set_cookie_params($l, $cookie_dir, '', false, false); } -- cgit v1.2.3 From 59daed3d4eca6bf6260a8dc422c54f470895ac63 Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Fri, 31 Jul 2015 00:12:55 +0200 Subject: Minz slight change in session cookie path https://github.com/FreshRSS/FreshRSS/issues/924#issuecomment-126499403 --- lib/Minz/Session.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'lib/Minz') diff --git a/lib/Minz/Session.php b/lib/Minz/Session.php index 14a093bf7..705aae2ec 100644 --- a/lib/Minz/Session.php +++ b/lib/Minz/Session.php @@ -66,7 +66,10 @@ class Minz_Session { */ public static function keepCookie($l) { // Get the script_name (e.g. /p/i/index.php) and keep only the path. - $cookie_dir = dirname(empty($_SERVER['REQUEST_URI']) ? '/' : dirname($_SERVER['REQUEST_URI'])); + $cookie_dir = empty($_SERVER['REQUEST_URI']) ? '/' : $_SERVER['REQUEST_URI']; + if (substr($cookie_dir, -1) !== '/') { + $cookie_dir = dirname($cookie_dir) . '/'; + } session_set_cookie_params($l, $cookie_dir, '', false, false); } -- cgit v1.2.3 From 760ec5f223c4a18c8e8c8f3ecdf6b7140aa70611 Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Fri, 31 Jul 2015 00:17:32 +0200 Subject: Whitespace --- lib/Minz/Session.php | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'lib/Minz') diff --git a/lib/Minz/Session.php b/lib/Minz/Session.php index 705aae2ec..de671f173 100644 --- a/lib/Minz/Session.php +++ b/lib/Minz/Session.php @@ -65,12 +65,12 @@ class Minz_Session { * @param $l la durée de vie */ public static function keepCookie($l) { - // Get the script_name (e.g. /p/i/index.php) and keep only the path. - $cookie_dir = empty($_SERVER['REQUEST_URI']) ? '/' : $_SERVER['REQUEST_URI']; - if (substr($cookie_dir, -1) !== '/') { - $cookie_dir = dirname($cookie_dir) . '/'; - } - session_set_cookie_params($l, $cookie_dir, '', false, false); + // Get the script_name (e.g. /p/i/index.php) and keep only the path. + $cookie_dir = empty($_SERVER['REQUEST_URI']) ? '/' : $_SERVER['REQUEST_URI']; + if (substr($cookie_dir, -1) !== '/') { + $cookie_dir = dirname($cookie_dir) . '/'; + } + session_set_cookie_params($l, $cookie_dir, '', false, false); } -- cgit v1.2.3 From 189e790f32d4e389cf1dc6da669a579717fff436 Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Fri, 31 Jul 2015 11:26:57 +0200 Subject: Minz cookie session httpOnly https://github.com/FreshRSS/FreshRSS/issues/924 https://github.com/FreshRSS/FreshRSS/pull/936/files#r35948311 --- lib/Minz/Session.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/Minz') diff --git a/lib/Minz/Session.php b/lib/Minz/Session.php index de671f173..057e7746a 100644 --- a/lib/Minz/Session.php +++ b/lib/Minz/Session.php @@ -70,7 +70,7 @@ class Minz_Session { if (substr($cookie_dir, -1) !== '/') { $cookie_dir = dirname($cookie_dir) . '/'; } - session_set_cookie_params($l, $cookie_dir, '', false, false); + session_set_cookie_params($l, $cookie_dir, '', false, true); } -- cgit v1.2.3 From bfae186e3668af8155b77abb5c4b3dc5f151e14c Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Sun, 25 Oct 2015 01:27:15 +0200 Subject: Use HTTP_X_FORWARDED_ https://github.com/FreshRSS/FreshRSS/issues/975 --- lib/Minz/Request.php | 27 ++++++++++++++++++++++++--- 1 file changed, 24 insertions(+), 3 deletions(-) (limited to 'lib/Minz') diff --git a/lib/Minz/Request.php b/lib/Minz/Request.php index bf01bc26f..effb9943c 100644 --- a/lib/Minz/Request.php +++ b/lib/Minz/Request.php @@ -91,9 +91,30 @@ class Minz_Request { */ public static function guessBaseUrl() { $url = 'http'; - $host = empty($_SERVER['HTTP_HOST']) ? $_SERVER['SERVER_NAME'] : $_SERVER['HTTP_HOST']; - $port = empty($_SERVER['SERVER_PORT']) ? 80 : $_SERVER['SERVER_PORT']; - if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on') { + + if (isset($_SERVER['HTTP_X_FORWARDED_PROTO'])) { + $https = strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) === 'https'; + } else { + $https = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on'; + } + + if (!empty($_SERVER['HTTP_HOST'])) { + $host = $_SERVER['HTTP_HOST']; + } elseif (!empty($_SERVER['SERVER_NAME'])) { + $host = $_SERVER['SERVER_NAME']; + } else { + $host = 'localhost'; + } + + if (!empty($_SERVER['HTTP_X_FORWARDED_PORT'])) { + $port = intval($_SERVER['HTTP_X_FORWARDED_PORT']); + } elseif (!empty($_SERVER['SERVER_PORT'])) { + $port = intval($_SERVER['SERVER_PORT']); + } else { + $port = $https ? 443 : 80; + } + + if ($https) { $url .= 's://' . $host . ($port == 443 ? '' : ':' . $port); } else { $url .= '://' . $host . ($port == 80 ? '' : ':' . $port); -- cgit v1.2.3