From: ArthurHoaro <arthur@hoa.ro>
Date: Fri, 25 Aug 2017 17:47:57 +0000 (+0200)
Subject: Make  work behind a reverse proxy
X-Git-Tag: v0.9.4~7^2~6^2~1
X-Git-Url: https://git.immae.eu/?p=github%2Fshaarli%2FShaarli.git;a=commitdiff_plain;h=a3130d2c2f27052710d4dbd51d0001190b19b383

Make  work behind a reverse proxy

Without HTTP_X_FORWARDED_PORT check,  might be set to false even though the user is using HTTPS, thus disabling Firefox Social block display
---

diff --git a/application/HttpUtils.php b/application/HttpUtils.php
index 88a1efdb..00835966 100644
--- a/application/HttpUtils.php
+++ b/application/HttpUtils.php
@@ -401,3 +401,31 @@ function getIpAddressFromProxy($server, $trustedIps)
 
     return array_pop($ips);
 }
+
+/**
+ * Returns true if Shaarli's currently browsed in HTTPS.
+ * Supports reverse proxies (if the headers are correctly set).
+ *
+ * @param array $server $_SERVER.
+ *
+ * @return bool true if HTTPS, false otherwise.
+ */
+function is_https($server)
+{
+
+    if (isset($server['HTTP_X_FORWARDED_PORT'])) {
+        // Keep forwarded port
+        if (strpos($server['HTTP_X_FORWARDED_PORT'], ',') !== false) {
+            $ports = explode(',', $server['HTTP_X_FORWARDED_PORT']);
+            $port = trim($ports[0]);
+        } else {
+            $port = $server['HTTP_X_FORWARDED_PORT'];
+        }
+
+        if ($port == '443') {
+            return true;
+        }
+    }
+
+    return ! empty($server['HTTPS']);
+}
diff --git a/index.php b/index.php
index b4c4347a..de993f14 100644
--- a/index.php
+++ b/index.php
@@ -1063,10 +1063,10 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
     // -------- Display the Tools menu if requested (import/export/bookmarklet...)
     if ($targetPage == Router::$PAGE_TOOLS)
     {
-        $data = array(
+        $data = [
             'pageabsaddr' => index_url($_SERVER),
-            'sslenabled' => !empty($_SERVER['HTTPS'])
-        );
+            'sslenabled' => is_https($_SERVER),
+        ];
         $pluginManager->executeHooks('render_tools', $data);
 
         foreach ($data as $key => $value) {
diff --git a/tests/HttpUtils/IsHttpsTest.php b/tests/HttpUtils/IsHttpsTest.php
new file mode 100644
index 00000000..097f2bcf
--- /dev/null
+++ b/tests/HttpUtils/IsHttpsTest.php
@@ -0,0 +1,36 @@
+<?php
+
+
+/**
+ * Class IsHttpsTest
+ *
+ * Test class for is_https() function.
+ */
+class IsHttpsTest extends PHPUnit_Framework_TestCase
+{
+
+    /**
+     * Test is_https with HTTPS values.
+     */
+    public function testIsHttpsTrue()
+    {
+        $this->assertTrue(is_https(['HTTPS' => true]));
+        $this->assertTrue(is_https(['HTTPS' => '1']));
+        $this->assertTrue(is_https(['HTTPS' => false, 'HTTP_X_FORWARDED_PORT' => 443]));
+        $this->assertTrue(is_https(['HTTPS' => false, 'HTTP_X_FORWARDED_PORT' => '443']));
+        $this->assertTrue(is_https(['HTTPS' => false, 'HTTP_X_FORWARDED_PORT' => '443,123,456,']));
+    }
+
+    /**
+     * Test is_https with HTTP values.
+     */
+    public function testIsHttpsFalse()
+    {
+        $this->assertFalse(is_https([]));
+        $this->assertFalse(is_https(['HTTPS' => false]));
+        $this->assertFalse(is_https(['HTTPS' => '0']));
+        $this->assertFalse(is_https(['HTTPS' => false, 'HTTP_X_FORWARDED_PORT' => 123]));
+        $this->assertFalse(is_https(['HTTPS' => false, 'HTTP_X_FORWARDED_PORT' => '123']));
+        $this->assertFalse(is_https(['HTTPS' => false, 'HTTP_X_FORWARDED_PORT' => ',123,456,']));
+    }
+}