Make work behind a reverse proxy

Without HTTP_X_FORWARDED_PORT check, might be set to false even though the user is using HTTPS, thus disabling Firefox Social block display
author: ArthurHoaro <arthur@hoa.ro> 2017-08-25 19:47:57 +0200
committer: ArthurHoaro <arthur@hoa.ro> 2017-09-02 13:50:49 +0200
commit: a3130d2c2f27052710d4dbd51d0001190b19b383 (patch)
tree: 8a8d86ce757ac0796c6bf8b0e3546fed872d2088
parent: 2a1292359b79ec77257583ea9d97891dfd2ddb1b (diff)
download: Shaarli-a3130d2c2f27052710d4dbd51d0001190b19b383.tar.gz
Shaarli-a3130d2c2f27052710d4dbd51d0001190b19b383.tar.zst
Shaarli-a3130d2c2f27052710d4dbd51d0001190b19b383.zip
3 files changed, 67 insertions, 3 deletions
diff --git a/application/HttpUtils.php b/application/HttpUtils.php
index 88a1efdb..00835966 100644
--- a/application/HttpUtils.php
+++ b/application/HttpUtils.php
@@ -401,3 +401,31 @@ function getIpAddressFromProxy($server, $trustedIps)
    return array_pop($ips);
 }
+/**
+ * Returns true if Shaarli's currently browsed in HTTPS.
+ * Supports reverse proxies (if the headers are correctly set).
+ *
+ * @param array $server $_SERVER.
+ *
+ * @return bool true if HTTPS, false otherwise.
+ */
+function is_https($server)
+{
+    if (isset($server['HTTP_X_FORWARDED_PORT'])) {
+        // Keep forwarded port
+        if (strpos($server['HTTP_X_FORWARDED_PORT'], ',') !== false) {
+            $ports = explode(',', $server['HTTP_X_FORWARDED_PORT']);
+            $port = trim($ports[0]);
+        } else {
+            $port = $server['HTTP_X_FORWARDED_PORT'];
+        }
+        if ($port == '443') {
+            return true;
+        }
+    }
+    return ! empty($server['HTTPS']);
+}
diff --git a/index.php b/index.php
index b4c4347a..de993f14 100644
--- a/index.php
+++ b/index.php
@@ -1063,10 +1063,10 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
    // -------- Display the Tools menu if requested (import/export/bookmarklet...)
    if ($targetPage == Router::$PAGE_TOOLS)
    {
-        $data = array(
+        $data = [
            'pageabsaddr' => index_url($_SERVER),
-            'sslenabled' => !empty($_SERVER['HTTPS'])
+            'sslenabled' => is_https($_SERVER),
-        );
+        ];
        $pluginManager->executeHooks('render_tools', $data);
        foreach ($data as $key => $value) {
diff --git a/tests/HttpUtils/IsHttpsTest.php b/tests/HttpUtils/IsHttpsTest.php
new file mode 100644
index 00000000..097f2bcf
--- /dev/null
+++ b/tests/HttpUtils/IsHttpsTest.php
@@ -0,0 +1,36 @@
+<?php
+/**
+ * Class IsHttpsTest
+ *
+ * Test class for is_https() function.
+ */
+class IsHttpsTest extends PHPUnit_Framework_TestCase
+{
+    /**
+     * Test is_https with HTTPS values.
+     */
+    public function testIsHttpsTrue()
+    {
+        $this->assertTrue(is_https(['HTTPS' => true]));
+        $this->assertTrue(is_https(['HTTPS' => '1']));
+        $this->assertTrue(is_https(['HTTPS' => false, 'HTTP_X_FORWARDED_PORT' => 443]));
+        $this->assertTrue(is_https(['HTTPS' => false, 'HTTP_X_FORWARDED_PORT' => '443']));
+        $this->assertTrue(is_https(['HTTPS' => false, 'HTTP_X_FORWARDED_PORT' => '443,123,456,']));
+    }
+    /**
+     * Test is_https with HTTP values.
+     */
+    public function testIsHttpsFalse()
+    {
+        $this->assertFalse(is_https([]));
+        $this->assertFalse(is_https(['HTTPS' => false]));
+        $this->assertFalse(is_https(['HTTPS' => '0']));
+        $this->assertFalse(is_https(['HTTPS' => false, 'HTTP_X_FORWARDED_PORT' => 123]));
+        $this->assertFalse(is_https(['HTTPS' => false, 'HTTP_X_FORWARDED_PORT' => '123']));
+        $this->assertFalse(is_https(['HTTPS' => false, 'HTTP_X_FORWARDED_PORT' => ',123,456,']));
+    }
+}
author	ArthurHoaro <arthur@hoa.ro>	2017-08-25 19:47:57 +0200
committer	ArthurHoaro <arthur@hoa.ro>	2017-09-02 13:50:49 +0200
commit	a3130d2c2f27052710d4dbd51d0001190b19b383 (patch)
tree	8a8d86ce757ac0796c6bf8b0e3546fed872d2088
parent	2a1292359b79ec77257583ea9d97891dfd2ddb1b (diff)
download	Shaarli-a3130d2c2f27052710d4dbd51d0001190b19b383.tar.gz Shaarli-a3130d2c2f27052710d4dbd51d0001190b19b383.tar.zst Shaarli-a3130d2c2f27052710d4dbd51d0001190b19b383.zip

diff --git a/application/HttpUtils.php b/application/HttpUtils.php index 88a1efdb..00835966 100644 --- a/application/HttpUtils.php +++ b/application/HttpUtils.php
@@ -401,3 +401,31 @@ function getIpAddressFromProxy($server, $trustedIps)
401		401
402	return array_pop($ips);	402	return array_pop($ips);
403	}	403	}
		404
		405	/**
		406	* Returns true if Shaarli's currently browsed in HTTPS.
		407	* Supports reverse proxies (if the headers are correctly set).
		408	*
		409	* @param array $server $_SERVER.
		410	*
		411	* @return bool true if HTTPS, false otherwise.
		412	*/
		413	function is_https($server)
		414	{
		415
		416	if (isset($server['HTTP_X_FORWARDED_PORT'])) {
		417	// Keep forwarded port
		418	if (strpos($server['HTTP_X_FORWARDED_PORT'], ',') !== false) {
		419	$ports = explode(',', $server['HTTP_X_FORWARDED_PORT']);
		420	$port = trim($ports[0]);
		421	} else {
		422	$port = $server['HTTP_X_FORWARDED_PORT'];
		423	}
		424
		425	if ($port == '443') {
		426	return true;
		427	}
		428	}
		429
		430	return ! empty($server['HTTPS']);
		431	}


diff --git a/index.php b/index.php index b4c4347a..de993f14 100644 --- a/index.php +++ b/index.php
@@ -1063,10 +1063,10 @@ function renderPage($conf, $pluginManager, $LINKSDB, $history)
1063	// -------- Display the Tools menu if requested (import/export/bookmarklet...)	1063	// -------- Display the Tools menu if requested (import/export/bookmarklet...)
1064	if ($targetPage == Router::$PAGE_TOOLS)	1064	if ($targetPage == Router::$PAGE_TOOLS)
1065	{	1065	{
1066	$data = array(	1066	$data = [
1067	'pageabsaddr' => index_url($_SERVER),	1067	'pageabsaddr' => index_url($_SERVER),
1068	'sslenabled' => !empty($_SERVER['HTTPS'])	1068	'sslenabled' => is_https($_SERVER),
1069	);	1069	];
1070	$pluginManager->executeHooks('render_tools', $data);	1070	$pluginManager->executeHooks('render_tools', $data);
1071		1071
1072	foreach ($data as $key => $value) {	1072	foreach ($data as $key => $value) {


diff --git a/tests/HttpUtils/IsHttpsTest.php b/tests/HttpUtils/IsHttpsTest.php new file mode 100644 index 00000000..097f2bcf --- /dev/null +++ b/tests/HttpUtils/IsHttpsTest.php
@@ -0,0 +1,36 @@
		1	<?php
		2
		3
		4	/**
		5	* Class IsHttpsTest
		6	*
		7	* Test class for is_https() function.
		8	*/
		9	class IsHttpsTest extends PHPUnit_Framework_TestCase
		10	{
		11
		12	/**
		13	* Test is_https with HTTPS values.
		14	*/
		15	public function testIsHttpsTrue()
		16	{
		17	$this->assertTrue(is_https(['HTTPS' => true]));
		18	$this->assertTrue(is_https(['HTTPS' => '1']));
		19	$this->assertTrue(is_https(['HTTPS' => false, 'HTTP_X_FORWARDED_PORT' => 443]));
		20	$this->assertTrue(is_https(['HTTPS' => false, 'HTTP_X_FORWARDED_PORT' => '443']));
		21	$this->assertTrue(is_https(['HTTPS' => false, 'HTTP_X_FORWARDED_PORT' => '443,123,456,']));
		22	}
		23
		24	/**
		25	* Test is_https with HTTP values.
		26	*/
		27	public function testIsHttpsFalse()
		28	{
		29	$this->assertFalse(is_https([]));
		30	$this->assertFalse(is_https(['HTTPS' => false]));
		31	$this->assertFalse(is_https(['HTTPS' => '0']));
		32	$this->assertFalse(is_https(['HTTPS' => false, 'HTTP_X_FORWARDED_PORT' => 123]));
		33	$this->assertFalse(is_https(['HTTPS' => false, 'HTTP_X_FORWARDED_PORT' => '123']));
		34	$this->assertFalse(is_https(['HTTPS' => false, 'HTTP_X_FORWARDED_PORT' => ',123,456,']));
		35	}
		36	}