Implemented additional check for using the 'X-Forwarded-Port' header.

[github/wallabag/wallabag.git] / inc / poche / Tools.class.php

diff --git a/inc/poche/Tools.class.php b/inc/poche/Tools.class.php
index c2c1bdab161c1a6e4823e595c367a3fae0480793..93ec3fc6a877bf93f00e7c0dfadfd2cdf2b412d8 100755 (executable)
--- a/inc/poche/Tools.class.php
+++ b/inc/poche/Tools.class.php
@@ -54,6 +54,10 @@ final class Tools
             || ($https && $_SERVER["SERVER_PORT"] == '443')
             || ($https && $_SERVER["SERVER_PORT"]==SSL_PORT) //Custom HTTPS port detection
             ? '' : ':' . $_SERVER["SERVER_PORT"]);
+        
+        if (isset($_SERVER["HTTP_X_FORWARDED_PORT"])) {
+            $serverport = ':' . $_SERVER["HTTP_X_FORWARDED_PORT"];
+        }
 
         $scriptname = str_replace('/index.php', '/', $_SERVER["SCRIPT_NAME"]);
 
@@ -294,23 +298,6 @@ final class Tools
         }
     }
 
-    /**
-     * Download the sqlite database
-     * Function not longer used for security reasons
-     */
-
-    // public static function downloadDb()
-    // {
-    //     header('Content-Disposition: attachment; filename="poche.sqlite.gz"');
-    //     self::_status(200);
-
-    //     header('Content-Transfer-Encoding: binary');
-    //     header('Content-Type: application/octet-stream');
-    //     echo gzencode(file_get_contents(STORAGE_SQLITE));
-
-    //     exit;
-    // }
-
     /**
      * Get the content for a given URL (by a call to FullTextFeed)
      *