diff options
author | Sebastien SAUVAGE <sebsauvage@sebsauvage.net> | 2013-08-03 22:00:09 +0200 |
---|---|---|
committer | Sebastien SAUVAGE <sebsauvage@sebsauvage.net> | 2013-08-03 22:00:09 +0200 |
commit | f6a6ca0aec6cc09ee76d827cc07d3c0ed66c8eb0 (patch) | |
tree | 794e176de5069663765e8de543ea61b41ced552f | |
parent | 99954e12900401c5c725e65bce28cc1711653e45 (diff) | |
download | Shaarli-f6a6ca0aec6cc09ee76d827cc07d3c0ed66c8eb0.tar.gz Shaarli-f6a6ca0aec6cc09ee76d827cc07d3c0ed66c8eb0.tar.zst Shaarli-f6a6ca0aec6cc09ee76d827cc07d3c0ed66c8eb0.zip |
SERVER_NAME changed to HTTP_HOST
SERVER_NAME changed to HTTP_HOST because SERVER_NAME can cause problems
on some misconfigured hosts. HTTP_HOST is usually more reliable with
those servers. (cf.
http://stackoverflow.com/questions/2297403/http-host-vs-server-name).
This should cause less problem on most hosts.
-rw-r--r-- | index.php | 14 |
1 files changed, 7 insertions, 7 deletions
@@ -41,7 +41,7 @@ define('PHPSUFFIX',' */ ?>'); // Suffix to encapsulate data in php code. | |||
41 | // Force cookie path (but do not change lifetime) | 41 | // Force cookie path (but do not change lifetime) |
42 | $cookie=session_get_cookie_params(); | 42 | $cookie=session_get_cookie_params(); |
43 | $cookiedir = ''; if(dirname($_SERVER['SCRIPT_NAME'])!='/') $cookiedir=dirname($_SERVER["SCRIPT_NAME"]).'/'; | 43 | $cookiedir = ''; if(dirname($_SERVER['SCRIPT_NAME'])!='/') $cookiedir=dirname($_SERVER["SCRIPT_NAME"]).'/'; |
44 | session_set_cookie_params($cookie['lifetime'],$cookiedir,$_SERVER['SERVER_NAME']); // Set default cookie expiration and path. | 44 | session_set_cookie_params($cookie['lifetime'],$cookiedir,$_SERVER['HTTP_HOST']); // Set default cookie expiration and path. |
45 | 45 | ||
46 | // Set session parameters on server side. | 46 | // Set session parameters on server side. |
47 | define('INACTIVITY_TIMEOUT',3600); // (in seconds). If the user does not access any page within this time, his/her session is considered expired. | 47 | define('INACTIVITY_TIMEOUT',3600); // (in seconds). If the user does not access any page within this time, his/her session is considered expired. |
@@ -400,14 +400,14 @@ if (isset($_POST['login'])) | |||
400 | $_SESSION['expires_on']=time()+$_SESSION['longlastingsession']; // Set session expiration on server-side. | 400 | $_SESSION['expires_on']=time()+$_SESSION['longlastingsession']; // Set session expiration on server-side. |
401 | 401 | ||
402 | $cookiedir = ''; if(dirname($_SERVER['SCRIPT_NAME'])!='/') $cookiedir=dirname($_SERVER["SCRIPT_NAME"]).'/'; | 402 | $cookiedir = ''; if(dirname($_SERVER['SCRIPT_NAME'])!='/') $cookiedir=dirname($_SERVER["SCRIPT_NAME"]).'/'; |
403 | session_set_cookie_params($_SESSION['longlastingsession'],$cookiedir,$_SERVER['SERVER_NAME']); // Set session cookie expiration on client side | 403 | session_set_cookie_params($_SESSION['longlastingsession'],$cookiedir,$_SERVER['HTTP_HOST']); // Set session cookie expiration on client side |
404 | // Note: Never forget the trailing slash on the cookie path ! | 404 | // Note: Never forget the trailing slash on the cookie path ! |
405 | session_regenerate_id(true); // Send cookie with new expiration date to browser. | 405 | session_regenerate_id(true); // Send cookie with new expiration date to browser. |
406 | } | 406 | } |
407 | else // Standard session expiration (=when browser closes) | 407 | else // Standard session expiration (=when browser closes) |
408 | { | 408 | { |
409 | $cookiedir = ''; if(dirname($_SERVER['SCRIPT_NAME'])!='/') $cookiedir=dirname($_SERVER["SCRIPT_NAME"]).'/'; | 409 | $cookiedir = ''; if(dirname($_SERVER['SCRIPT_NAME'])!='/') $cookiedir=dirname($_SERVER["SCRIPT_NAME"]).'/'; |
410 | session_set_cookie_params(0,$cookiedir,$_SERVER['SERVER_NAME']); // 0 means "When browser closes" | 410 | session_set_cookie_params(0,$cookiedir,$_SERVER['HTTP_HOST']); // 0 means "When browser closes" |
411 | session_regenerate_id(true); | 411 | session_regenerate_id(true); |
412 | } | 412 | } |
413 | // Optional redirect after login: | 413 | // Optional redirect after login: |
@@ -439,7 +439,7 @@ function serverUrl() | |||
439 | { | 439 | { |
440 | $https = (!empty($_SERVER['HTTPS']) && (strtolower($_SERVER['HTTPS'])=='on')) || $_SERVER["SERVER_PORT"]=='443'; // HTTPS detection. | 440 | $https = (!empty($_SERVER['HTTPS']) && (strtolower($_SERVER['HTTPS'])=='on')) || $_SERVER["SERVER_PORT"]=='443'; // HTTPS detection. |
441 | $serverport = ($_SERVER["SERVER_PORT"]=='80' || ($https && $_SERVER["SERVER_PORT"]=='443') ? '' : ':'.$_SERVER["SERVER_PORT"]); | 441 | $serverport = ($_SERVER["SERVER_PORT"]=='80' || ($https && $_SERVER["SERVER_PORT"]=='443') ? '' : ':'.$_SERVER["SERVER_PORT"]); |
442 | return 'http'.($https?'s':'').'://'.$_SERVER["SERVER_NAME"].$serverport; | 442 | return 'http'.($https?'s':'').'://'.$_SERVER['HTTP_HOST'].$serverport; |
443 | } | 443 | } |
444 | 444 | ||
445 | // Returns the absolute URL of current script, without the query. | 445 | // Returns the absolute URL of current script, without the query. |
@@ -1279,7 +1279,7 @@ function renderPage() | |||
1279 | if (is_numeric($_GET['linksperpage'])) { $_SESSION['LINKS_PER_PAGE']=abs(intval($_GET['linksperpage'])); } | 1279 | if (is_numeric($_GET['linksperpage'])) { $_SESSION['LINKS_PER_PAGE']=abs(intval($_GET['linksperpage'])); } |
1280 | // Make sure the referer is from Shaarli itself. | 1280 | // Make sure the referer is from Shaarli itself. |
1281 | $referer = '?'; | 1281 | $referer = '?'; |
1282 | if (!empty($_SERVER['HTTP_REFERER']) && strcmp(parse_url($_SERVER['HTTP_REFERER'],PHP_URL_HOST),$_SERVER['SERVER_NAME'])==0) | 1282 | if (!empty($_SERVER['HTTP_REFERER']) && strcmp(parse_url($_SERVER['HTTP_REFERER'],PHP_URL_HOST),$_SERVER['HTTP_HOST'])==0) |
1283 | $referer = $_SERVER['HTTP_REFERER']; | 1283 | $referer = $_SERVER['HTTP_REFERER']; |
1284 | header('Location: '.$referer); | 1284 | header('Location: '.$referer); |
1285 | exit; | 1285 | exit; |
@@ -1298,7 +1298,7 @@ function renderPage() | |||
1298 | } | 1298 | } |
1299 | // Make sure the referer is from Shaarli itself. | 1299 | // Make sure the referer is from Shaarli itself. |
1300 | $referer = '?'; | 1300 | $referer = '?'; |
1301 | if (!empty($_SERVER['HTTP_REFERER']) && strcmp(parse_url($_SERVER['HTTP_REFERER'],PHP_URL_HOST),$_SERVER['SERVER_NAME'])==0) | 1301 | if (!empty($_SERVER['HTTP_REFERER']) && strcmp(parse_url($_SERVER['HTTP_REFERER'],PHP_URL_HOST),$_SERVER['HTTP_HOST'])==0) |
1302 | $referer = $_SERVER['HTTP_REFERER']; | 1302 | $referer = $_SERVER['HTTP_REFERER']; |
1303 | header('Location: '.$referer); | 1303 | header('Location: '.$referer); |
1304 | exit; | 1304 | exit; |
@@ -2009,7 +2009,7 @@ function lazyThumbnail($url,$href=false) | |||
2009 | function install() | 2009 | function install() |
2010 | { | 2010 | { |
2011 | // On free.fr host, make sure the /sessions directory exists, otherwise login will not work. | 2011 | // On free.fr host, make sure the /sessions directory exists, otherwise login will not work. |
2012 | if (endsWith($_SERVER['SERVER_NAME'],'.free.fr') && !is_dir($_SERVER['DOCUMENT_ROOT'].'/sessions')) mkdir($_SERVER['DOCUMENT_ROOT'].'/sessions',0705); | 2012 | if (endsWith($_SERVER['HTTP_HOST'],'.free.fr') && !is_dir($_SERVER['DOCUMENT_ROOT'].'/sessions')) mkdir($_SERVER['DOCUMENT_ROOT'].'/sessions',0705); |
2013 | 2013 | ||
2014 | 2014 | ||
2015 | // This part makes sure sessions works correctly. | 2015 | // This part makes sure sessions works correctly. |