aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorVirtualTam <virtualtam@flibidi.net>2015-09-06 21:31:37 +0200
committerVirtualTam <virtualtam@flibidi.net>2015-09-14 20:27:16 +0200
commit482d67bd523bf12f36508a0131d09fe299ee02f4 (patch)
treeb4e7c6ddaa1d88cc49bc96c2524f12431d8fcce0
parent7b114771d337af3bfd51d8fda1e8f2fd5b39535d (diff)
downloadShaarli-482d67bd523bf12f36508a0131d09fe299ee02f4.tar.gz
Shaarli-482d67bd523bf12f36508a0131d09fe299ee02f4.tar.zst
Shaarli-482d67bd523bf12f36508a0131d09fe299ee02f4.zip
HTTP: move server URL functions to `HttpUtils.php`
Relates to #333 Modifications: - refactor server URL utility functions - do not access global `$_SERVER` variables - add test coverage - improve readability - apply coding conventions Signed-off-by: VirtualTam <virtualtam@flibidi.net>
-rw-r--r--application/HttpUtils.php80
-rwxr-xr-xindex.php78
-rw-r--r--tests/HttpUtils/GetHttpUrlTest.php (renamed from tests/HttpUtilsTest.php)0
-rw-r--r--tests/HttpUtils/IndexUrlTest.php72
-rw-r--r--tests/HttpUtils/PageUrlTest.php76
-rw-r--r--tests/HttpUtils/ServerUrlTest.php135
6 files changed, 388 insertions, 53 deletions
diff --git a/application/HttpUtils.php b/application/HttpUtils.php
index 175333ae..499220c5 100644
--- a/application/HttpUtils.php
+++ b/application/HttpUtils.php
@@ -50,3 +50,83 @@ function get_http_url($url, $timeout = 30, $maxBytes = 4194304)
50 50
51 return array(get_headers($url, 1), $content); 51 return array(get_headers($url, 1), $content);
52} 52}
53
54/**
55 * Returns the server's base URL: scheme://domain.tld[:port]
56 *
57 * @param array $server the $_SERVER array
58 *
59 * @return string the server's base URL
60 *
61 * @see http://www.ietf.org/rfc/rfc7239.txt
62 * @see http://www.ietf.org/rfc/rfc6648.txt
63 * @see http://stackoverflow.com/a/3561399
64 * @see http://stackoverflow.com/q/452375
65 */
66function server_url($server)
67{
68 $scheme = 'http';
69 $port = '';
70
71 // Shaarli is served behind a proxy
72 if (isset($server['HTTP_X_FORWARDED_PROTO'])) {
73 // Keep forwarded scheme
74 $scheme = $server['HTTP_X_FORWARDED_PROTO'];
75
76 if (isset($server['HTTP_X_FORWARDED_PORT'])) {
77 // Keep forwarded port
78 $port = ':'.$server['HTTP_X_FORWARDED_PORT'];
79 }
80
81 return $scheme.'://'.$server['SERVER_NAME'].$port;
82 }
83
84 // SSL detection
85 if ((! empty($server['HTTPS']) && strtolower($server['HTTPS']) == 'on')
86 || (isset($server['SERVER_PORT']) && $server['SERVER_PORT'] == '443')) {
87 $scheme = 'https';
88 }
89
90 // Do not append standard port values
91 if (($scheme == 'http' && $server['SERVER_PORT'] != '80')
92 || ($scheme == 'https' && $server['SERVER_PORT'] != '443')) {
93 $port = ':'.$server['SERVER_PORT'];
94 }
95
96 return $scheme.'://'.$server['SERVER_NAME'].$port;
97}
98
99/**
100 * Returns the absolute URL of the current script, without the query
101 *
102 * If the resource is "index.php", then it is removed (for better-looking URLs)
103 *
104 * @param array $server the $_SERVER array
105 *
106 * @return string the absolute URL of the current script, without the query
107 */
108function index_url($server)
109{
110 $scriptname = $server['SCRIPT_NAME'];
111 if (endswith($scriptname, 'index.php')) {
112 $scriptname = substr($scriptname, 0, -9);
113 }
114 return server_url($server) . $scriptname;
115}
116
117/**
118 * Returns the absolute URL of the current script, with the query
119 *
120 * If the resource is "index.php", then it is removed (for better-looking URLs)
121 *
122 * @param array $server the $_SERVER array
123 *
124 * @return string the absolute URL of the current script, with the query
125 */
126function page_url($server)
127{
128 if (! empty($server['QUERY_STRING'])) {
129 return index_url($server).'?'.$server['QUERY_STRING'];
130 }
131 return index_url($server);
132}
diff --git a/index.php b/index.php
index 7818ee88..c1ddf4b7 100755
--- a/index.php
+++ b/index.php
@@ -131,7 +131,7 @@ header("Pragma: no-cache");
131if (!is_writable(realpath(dirname(__FILE__)))) die('<pre>ERROR: Shaarli does not have the right to write in its own directory.</pre>'); 131if (!is_writable(realpath(dirname(__FILE__)))) die('<pre>ERROR: Shaarli does not have the right to write in its own directory.</pre>');
132 132
133// Handling of old config file which do not have the new parameters. 133// Handling of old config file which do not have the new parameters.
134if (empty($GLOBALS['title'])) $GLOBALS['title']='Shared links on '.escape(indexUrl()); 134if (empty($GLOBALS['title'])) $GLOBALS['title']='Shared links on '.escape(index_url($_SERVER));
135if (empty($GLOBALS['timezone'])) $GLOBALS['timezone']=date_default_timezone_get(); 135if (empty($GLOBALS['timezone'])) $GLOBALS['timezone']=date_default_timezone_get();
136if (empty($GLOBALS['redirector'])) $GLOBALS['redirector']=''; 136if (empty($GLOBALS['redirector'])) $GLOBALS['redirector']='';
137if (empty($GLOBALS['disablesessionprotection'])) $GLOBALS['disablesessionprotection']=false; 137if (empty($GLOBALS['disablesessionprotection'])) $GLOBALS['disablesessionprotection']=false;
@@ -277,8 +277,8 @@ function pubsubhub()
277 { 277 {
278 $p = new Publisher($GLOBALS['config']['PUBSUBHUB_URL']); 278 $p = new Publisher($GLOBALS['config']['PUBSUBHUB_URL']);
279 $topic_url = array ( 279 $topic_url = array (
280 indexUrl().'?do=atom', 280 index_url($_SERVER).'?do=atom',
281 indexUrl().'?do=rss' 281 index_url($_SERVER).'?do=rss'
282 ); 282 );
283 $p->publish_update($topic_url); 283 $p->publish_update($topic_url);
284 } 284 }
@@ -458,34 +458,6 @@ if (isset($_POST['login']))
458// ------------------------------------------------------------------------------------------ 458// ------------------------------------------------------------------------------------------
459// Misc utility functions: 459// Misc utility functions:
460 460
461// Returns the server URL (including port and http/https), without path.
462// e.g. "http://myserver.com:8080"
463// You can append $_SERVER['SCRIPT_NAME'] to get the current script URL.
464function serverUrl()
465{
466 $https = (!empty($_SERVER['HTTPS']) && (strtolower($_SERVER['HTTPS'])=='on')) || $_SERVER["SERVER_PORT"]=='443' || (!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https'); // HTTPS detection.
467 $serverport = ($_SERVER["SERVER_PORT"]=='80' || ($https && $_SERVER["SERVER_PORT"]=='443') ? '' : ':'.$_SERVER["SERVER_PORT"]);
468 return 'http'.($https?'s':'').'://'.$_SERVER['SERVER_NAME'].$serverport;
469}
470
471// Returns the absolute URL of current script, without the query.
472// (e.g. http://sebsauvage.net/links/)
473function indexUrl()
474{
475 $scriptname = $_SERVER["SCRIPT_NAME"];
476 // If the script is named 'index.php', we remove it (for better looking URLs,
477 // e.g. http://mysite.com/shaarli/?abcde instead of http://mysite.com/shaarli/index.php?abcde)
478 if (endswith($scriptname,'index.php')) $scriptname = substr($scriptname,0,strlen($scriptname)-9);
479 return serverUrl() . $scriptname;
480}
481
482// Returns the absolute URL of current script, WITH the query.
483// (e.g. http://sebsauvage.net/links/?toto=titi&spamspamspam=humbug)
484function pageUrl()
485{
486 return indexUrl().(!empty($_SERVER["QUERY_STRING"]) ? '?'.$_SERVER["QUERY_STRING"] : '');
487}
488
489// Convert post_max_size/upload_max_filesize (e.g. '16M') parameters to bytes. 461// Convert post_max_size/upload_max_filesize (e.g. '16M') parameters to bytes.
490function return_bytes($val) 462function return_bytes($val)
491{ 463{
@@ -591,14 +563,14 @@ class pageBuilder
591 { 563 {
592 $this->tpl = new RainTPL; 564 $this->tpl = new RainTPL;
593 $this->tpl->assign('newversion',escape(checkUpdate())); 565 $this->tpl->assign('newversion',escape(checkUpdate()));
594 $this->tpl->assign('feedurl',escape(indexUrl())); 566 $this->tpl->assign('feedurl',escape(index_url($_SERVER)));
595 $searchcrits=''; // Search criteria 567 $searchcrits=''; // Search criteria
596 if (!empty($_GET['searchtags'])) $searchcrits.='&searchtags='.urlencode($_GET['searchtags']); 568 if (!empty($_GET['searchtags'])) $searchcrits.='&searchtags='.urlencode($_GET['searchtags']);
597 elseif (!empty($_GET['searchterm'])) $searchcrits.='&searchterm='.urlencode($_GET['searchterm']); 569 elseif (!empty($_GET['searchterm'])) $searchcrits.='&searchterm='.urlencode($_GET['searchterm']);
598 $this->tpl->assign('searchcrits',$searchcrits); 570 $this->tpl->assign('searchcrits',$searchcrits);
599 $this->tpl->assign('source',indexUrl()); 571 $this->tpl->assign('source',index_url($_SERVER));
600 $this->tpl->assign('version',shaarli_version); 572 $this->tpl->assign('version',shaarli_version);
601 $this->tpl->assign('scripturl',indexUrl()); 573 $this->tpl->assign('scripturl',index_url($_SERVER));
602 $this->tpl->assign('pagetitle','Shaarli'); 574 $this->tpl->assign('pagetitle','Shaarli');
603 $this->tpl->assign('privateonly',!empty($_SESSION['privateonly'])); // Show only private links? 575 $this->tpl->assign('privateonly',!empty($_SESSION['privateonly'])); // Show only private links?
604 if (!empty($GLOBALS['title'])) $this->tpl->assign('pagetitle',$GLOBALS['title']); 576 if (!empty($GLOBALS['title'])) $this->tpl->assign('pagetitle',$GLOBALS['title']);
@@ -639,7 +611,7 @@ function showRSS()
639 $query = $_SERVER["QUERY_STRING"]; 611 $query = $_SERVER["QUERY_STRING"];
640 $cache = new CachedPage( 612 $cache = new CachedPage(
641 $GLOBALS['config']['PAGECACHE'], 613 $GLOBALS['config']['PAGECACHE'],
642 pageUrl(), 614 page_url($_SERVER),
643 startsWith($query,'do=rss') && !isLoggedIn() 615 startsWith($query,'do=rss') && !isLoggedIn()
644 ); 616 );
645 $cached = $cache->cachedVersion(); 617 $cached = $cache->cachedVersion();
@@ -668,7 +640,7 @@ function showRSS()
668 $nblinksToDisplay = $_GET['nb']=='all' ? count($linksToDisplay) : max($_GET['nb']+0,1) ; 640 $nblinksToDisplay = $_GET['nb']=='all' ? count($linksToDisplay) : max($_GET['nb']+0,1) ;
669 } 641 }
670 642
671 $pageaddr=escape(indexUrl()); 643 $pageaddr=escape(index_url($_SERVER));
672 echo '<?xml version="1.0" encoding="UTF-8"?><rss version="2.0" xmlns:content="http://purl.org/rss/1.0/modules/content/">'; 644 echo '<?xml version="1.0" encoding="UTF-8"?><rss version="2.0" xmlns:content="http://purl.org/rss/1.0/modules/content/">';
673 echo '<channel><title>'.$GLOBALS['title'].'</title><link>'.$pageaddr.'</link>'; 645 echo '<channel><title>'.$GLOBALS['title'].'</title><link>'.$pageaddr.'</link>';
674 echo '<description>Shared links</description><language>en-en</language><copyright>'.$pageaddr.'</copyright>'."\n\n"; 646 echo '<description>Shared links</description><language>en-en</language><copyright>'.$pageaddr.'</copyright>'."\n\n";
@@ -706,7 +678,7 @@ function showRSS()
706 echo '<description><![CDATA['.nl2br(keepMultipleSpaces(text2clickable($link['description']))).$descriptionlink.']]></description>'."\n</item>\n"; 678 echo '<description><![CDATA['.nl2br(keepMultipleSpaces(text2clickable($link['description']))).$descriptionlink.']]></description>'."\n</item>\n";
707 $i++; 679 $i++;
708 } 680 }
709 echo '</channel></rss><!-- Cached version of '.escape(pageUrl()).' -->'; 681 echo '</channel></rss><!-- Cached version of '.escape(page_url($_SERVER)).' -->';
710 682
711 $cache->cache(ob_get_contents()); 683 $cache->cache(ob_get_contents());
712 ob_end_flush(); 684 ob_end_flush();
@@ -727,7 +699,7 @@ function showATOM()
727 $query = $_SERVER["QUERY_STRING"]; 699 $query = $_SERVER["QUERY_STRING"];
728 $cache = new CachedPage( 700 $cache = new CachedPage(
729 $GLOBALS['config']['PAGECACHE'], 701 $GLOBALS['config']['PAGECACHE'],
730 pageUrl(), 702 page_url($_SERVER),
731 startsWith($query,'do=atom') && !isLoggedIn() 703 startsWith($query,'do=atom') && !isLoggedIn()
732 ); 704 );
733 $cached = $cache->cachedVersion(); 705 $cached = $cache->cachedVersion();
@@ -756,7 +728,7 @@ function showATOM()
756 $nblinksToDisplay = $_GET['nb']=='all' ? count($linksToDisplay) : max($_GET['nb']+0,1) ; 728 $nblinksToDisplay = $_GET['nb']=='all' ? count($linksToDisplay) : max($_GET['nb']+0,1) ;
757 } 729 }
758 730
759 $pageaddr=escape(indexUrl()); 731 $pageaddr=escape(index_url($_SERVER));
760 $latestDate = ''; 732 $latestDate = '';
761 $entries=''; 733 $entries='';
762 $i=0; 734 $i=0;
@@ -794,7 +766,7 @@ function showATOM()
794 $feed='<?xml version="1.0" encoding="UTF-8"?><feed xmlns="http://www.w3.org/2005/Atom">'; 766 $feed='<?xml version="1.0" encoding="UTF-8"?><feed xmlns="http://www.w3.org/2005/Atom">';
795 $feed.='<title>'.$GLOBALS['title'].'</title>'; 767 $feed.='<title>'.$GLOBALS['title'].'</title>';
796 if (!$GLOBALS['config']['HIDE_TIMESTAMPS'] || isLoggedIn()) $feed.='<updated>'.escape($latestDate).'</updated>'; 768 if (!$GLOBALS['config']['HIDE_TIMESTAMPS'] || isLoggedIn()) $feed.='<updated>'.escape($latestDate).'</updated>';
797 $feed.='<link rel="self" href="'.escape(serverUrl().$_SERVER["REQUEST_URI"]).'" />'; 769 $feed.='<link rel="self" href="'.escape(server_url($_SERVER).$_SERVER["REQUEST_URI"]).'" />';
798 if (!empty($GLOBALS['config']['PUBSUBHUB_URL'])) 770 if (!empty($GLOBALS['config']['PUBSUBHUB_URL']))
799 { 771 {
800 $feed.='<!-- PubSubHubbub Discovery -->'; 772 $feed.='<!-- PubSubHubbub Discovery -->';
@@ -804,7 +776,7 @@ function showATOM()
804 $feed.='<author><name>'.$pageaddr.'</name><uri>'.$pageaddr.'</uri></author>'; 776 $feed.='<author><name>'.$pageaddr.'</name><uri>'.$pageaddr.'</uri></author>';
805 $feed.='<id>'.$pageaddr.'</id>'."\n\n"; // Yes, I know I should use a real IRI (RFC3987), but the site URL will do. 777 $feed.='<id>'.$pageaddr.'</id>'."\n\n"; // Yes, I know I should use a real IRI (RFC3987), but the site URL will do.
806 $feed.=$entries; 778 $feed.=$entries;
807 $feed.='</feed><!-- Cached version of '.escape(pageUrl()).' -->'; 779 $feed.='</feed><!-- Cached version of '.escape(page_url($_SERVER)).' -->';
808 echo $feed; 780 echo $feed;
809 781
810 $cache->cache(ob_get_contents()); 782 $cache->cache(ob_get_contents());
@@ -821,7 +793,7 @@ function showDailyRSS() {
821 $query = $_SERVER["QUERY_STRING"]; 793 $query = $_SERVER["QUERY_STRING"];
822 $cache = new CachedPage( 794 $cache = new CachedPage(
823 $GLOBALS['config']['PAGECACHE'], 795 $GLOBALS['config']['PAGECACHE'],
824 pageUrl(), 796 page_url($_SERVER),
825 startsWith($query,'do=dailyrss') && !isLoggedIn() 797 startsWith($query,'do=dailyrss') && !isLoggedIn()
826 ); 798 );
827 $cached = $cache->cachedVersion(); 799 $cached = $cache->cachedVersion();
@@ -866,7 +838,7 @@ function showDailyRSS() {
866 838
867 // Build the RSS feed. 839 // Build the RSS feed.
868 header('Content-Type: application/rss+xml; charset=utf-8'); 840 header('Content-Type: application/rss+xml; charset=utf-8');
869 $pageaddr = escape(indexUrl()); 841 $pageaddr = escape(index_url($_SERVER));
870 echo '<?xml version="1.0" encoding="UTF-8"?><rss version="2.0">'; 842 echo '<?xml version="1.0" encoding="UTF-8"?><rss version="2.0">';
871 echo '<channel>'; 843 echo '<channel>';
872 echo '<title>Daily - '. $GLOBALS['title'] . '</title>'; 844 echo '<title>Daily - '. $GLOBALS['title'] . '</title>';
@@ -879,7 +851,7 @@ function showDailyRSS() {
879 foreach ($days as $day => $linkdates) { 851 foreach ($days as $day => $linkdates) {
880 $daydate = linkdate2timestamp($day.'_000000'); // Full text date 852 $daydate = linkdate2timestamp($day.'_000000'); // Full text date
881 $rfc822date = linkdate2rfc822($day.'_000000'); 853 $rfc822date = linkdate2rfc822($day.'_000000');
882 $absurl = escape(indexUrl().'?do=daily&day='.$day); // Absolute URL of the corresponding "Daily" page. 854 $absurl = escape(index_url($_SERVER).'?do=daily&day='.$day); // Absolute URL of the corresponding "Daily" page.
883 855
884 // Build the HTML body of this RSS entry. 856 // Build the HTML body of this RSS entry.
885 $html = ''; 857 $html = '';
@@ -893,7 +865,7 @@ function showDailyRSS() {
893 $l['thumbnail'] = thumbnail($l['url']); 865 $l['thumbnail'] = thumbnail($l['url']);
894 $l['timestamp'] = linkdate2timestamp($l['linkdate']); 866 $l['timestamp'] = linkdate2timestamp($l['linkdate']);
895 if (startsWith($l['url'], '?')) { 867 if (startsWith($l['url'], '?')) {
896 $l['url'] = indexUrl() . $l['url']; // make permalink URL absolute 868 $l['url'] = index_url($_SERVER) . $l['url']; // make permalink URL absolute
897 } 869 }
898 $links[$linkdate] = $l; 870 $links[$linkdate] = $l;
899 } 871 }
@@ -909,7 +881,7 @@ function showDailyRSS() {
909 881
910 echo $html . PHP_EOL; 882 echo $html . PHP_EOL;
911 } 883 }
912 echo '</channel></rss><!-- Cached version of '. escape(pageUrl()) .' -->'; 884 echo '</channel></rss><!-- Cached version of '. escape(page_url($_SERVER)) .' -->';
913 885
914 $cache->cache(ob_get_contents()); 886 $cache->cache(ob_get_contents());
915 ob_end_flush(); 887 ob_end_flush();
@@ -1201,7 +1173,7 @@ function renderPage()
1201 { 1173 {
1202 $PAGE = new pageBuilder; 1174 $PAGE = new pageBuilder;
1203 $PAGE->assign('linkcount',count($LINKSDB)); 1175 $PAGE->assign('linkcount',count($LINKSDB));
1204 $PAGE->assign('pageabsaddr',indexUrl()); 1176 $PAGE->assign('pageabsaddr',index_url($_SERVER));
1205 $PAGE->renderPage('tools'); 1177 $PAGE->renderPage('tools');
1206 exit; 1178 exit;
1207 } 1179 }
@@ -1767,7 +1739,7 @@ function buildLinkList($PAGE,$LINKSDB)
1767 1739
1768 if ($link["url"][0] === '?' && // Check for both signs of a note: starting with ? and 7 chars long. I doubt that you'll post any links that look like this. 1740 if ($link["url"][0] === '?' && // Check for both signs of a note: starting with ? and 7 chars long. I doubt that you'll post any links that look like this.
1769 strlen($link["url"]) === 7) { 1741 strlen($link["url"]) === 7) {
1770 $link["url"] = indexUrl() . $link["url"]; 1742 $link["url"] = index_url($_SERVER) . $link["url"];
1771 } 1743 }
1772 1744
1773 $linkDisp[$keys[$i]] = $link; 1745 $linkDisp[$keys[$i]] = $link;
@@ -1902,7 +1874,7 @@ function computeThumbnail($url,$href=false)
1902 if ("/talks/" !== substr($path,0,7)) return array(); // This is not a single video URL. 1874 if ("/talks/" !== substr($path,0,7)) return array(); // This is not a single video URL.
1903 } 1875 }
1904 $sign = hash_hmac('sha256', $url, $GLOBALS['salt']); // We use the salt to sign data (it's random, secret, and specific to each installation) 1876 $sign = hash_hmac('sha256', $url, $GLOBALS['salt']); // We use the salt to sign data (it's random, secret, and specific to each installation)
1905 return array('src'=>indexUrl().'?do=genthumbnail&hmac='.$sign.'&url='.urlencode($url), 1877 return array('src'=>index_url($_SERVER).'?do=genthumbnail&hmac='.$sign.'&url='.urlencode($url),
1906 'href'=>$href,'width'=>'120','style'=>'height:auto;','alt'=>'thumbnail'); 1878 'href'=>$href,'width'=>'120','style'=>'height:auto;','alt'=>'thumbnail');
1907 } 1879 }
1908 1880
@@ -1913,7 +1885,7 @@ function computeThumbnail($url,$href=false)
1913 if ($ext=='jpg' || $ext=='jpeg' || $ext=='png' || $ext=='gif') 1885 if ($ext=='jpg' || $ext=='jpeg' || $ext=='png' || $ext=='gif')
1914 { 1886 {
1915 $sign = hash_hmac('sha256', $url, $GLOBALS['salt']); // We use the salt to sign data (it's random, secret, and specific to each installation) 1887 $sign = hash_hmac('sha256', $url, $GLOBALS['salt']); // We use the salt to sign data (it's random, secret, and specific to each installation)
1916 return array('src'=>indexUrl().'?do=genthumbnail&hmac='.$sign.'&url='.urlencode($url), 1888 return array('src'=>index_url($_SERVER).'?do=genthumbnail&hmac='.$sign.'&url='.urlencode($url),
1917 'href'=>$href,'width'=>'120','style'=>'height:auto;','alt'=>'thumbnail'); 1889 'href'=>$href,'width'=>'120','style'=>'height:auto;','alt'=>'thumbnail');
1918 } 1890 }
1919 return array(); // No thumbnail. 1891 return array(); // No thumbnail.
@@ -1999,11 +1971,11 @@ function install()
1999 if (!isset($_SESSION['session_tested'])) 1971 if (!isset($_SESSION['session_tested']))
2000 { // Step 1 : Try to store data in session and reload page. 1972 { // Step 1 : Try to store data in session and reload page.
2001 $_SESSION['session_tested'] = 'Working'; // Try to set a variable in session. 1973 $_SESSION['session_tested'] = 'Working'; // Try to set a variable in session.
2002 header('Location: '.indexUrl().'?test_session'); // Redirect to check stored data. 1974 header('Location: '.index_url($_SERVER).'?test_session'); // Redirect to check stored data.
2003 } 1975 }
2004 if (isset($_GET['test_session'])) 1976 if (isset($_GET['test_session']))
2005 { // Step 3: Sessions are OK. Remove test parameter from URL. 1977 { // Step 3: Sessions are OK. Remove test parameter from URL.
2006 header('Location: '.indexUrl()); 1978 header('Location: '.index_url($_SERVER));
2007 } 1979 }
2008 1980
2009 1981
@@ -2020,7 +1992,7 @@ function install()
2020 $GLOBALS['login'] = $_POST['setlogin']; 1992 $GLOBALS['login'] = $_POST['setlogin'];
2021 $GLOBALS['salt'] = sha1(uniqid('',true).'_'.mt_rand()); // Salt renders rainbow-tables attacks useless. 1993 $GLOBALS['salt'] = sha1(uniqid('',true).'_'.mt_rand()); // Salt renders rainbow-tables attacks useless.
2022 $GLOBALS['hash'] = sha1($_POST['setpassword'].$GLOBALS['login'].$GLOBALS['salt']); 1994 $GLOBALS['hash'] = sha1($_POST['setpassword'].$GLOBALS['login'].$GLOBALS['salt']);
2023 $GLOBALS['title'] = (empty($_POST['title']) ? 'Shared links on '.escape(indexUrl()) : $_POST['title'] ); 1995 $GLOBALS['title'] = (empty($_POST['title']) ? 'Shared links on '.escape(index_url($_SERVER)) : $_POST['title'] );
2024 $GLOBALS['config']['ENABLE_UPDATECHECK'] = !empty($_POST['updateCheck']); 1996 $GLOBALS['config']['ENABLE_UPDATECHECK'] = !empty($_POST['updateCheck']);
2025 try { 1997 try {
2026 writeConfig($GLOBALS, isLoggedIn()); 1998 writeConfig($GLOBALS, isLoggedIn());
diff --git a/tests/HttpUtilsTest.php b/tests/HttpUtils/GetHttpUrlTest.php
index 76092b80..76092b80 100644
--- a/tests/HttpUtilsTest.php
+++ b/tests/HttpUtils/GetHttpUrlTest.php
diff --git a/tests/HttpUtils/IndexUrlTest.php b/tests/HttpUtils/IndexUrlTest.php
new file mode 100644
index 00000000..337dcab0
--- /dev/null
+++ b/tests/HttpUtils/IndexUrlTest.php
@@ -0,0 +1,72 @@
1<?php
2/**
3 * HttpUtils' tests
4 */
5
6require_once 'application/HttpUtils.php';
7
8/**
9 * Unitary tests for index_url()
10 */
11class IndexUrlTest extends PHPUnit_Framework_TestCase
12{
13 /**
14 * If on the main page, remove "index.php" from the URL resource
15 */
16 public function testRemoveIndex()
17 {
18 $this->assertEquals(
19 'http://host.tld/',
20 index_url(
21 array(
22 'HTTPS' => 'Off',
23 'SERVER_NAME' => 'host.tld',
24 'SERVER_PORT' => '80',
25 'SCRIPT_NAME' => '/index.php'
26 )
27 )
28 );
29
30 $this->assertEquals(
31 'http://host.tld/admin/',
32 index_url(
33 array(
34 'HTTPS' => 'Off',
35 'SERVER_NAME' => 'host.tld',
36 'SERVER_PORT' => '80',
37 'SCRIPT_NAME' => '/admin/index.php'
38 )
39 )
40 );
41 }
42
43 /**
44 * The resource is != "index.php"
45 */
46 public function testOtherResource()
47 {
48 $this->assertEquals(
49 'http://host.tld/page.php',
50 page_url(
51 array(
52 'HTTPS' => 'Off',
53 'SERVER_NAME' => 'host.tld',
54 'SERVER_PORT' => '80',
55 'SCRIPT_NAME' => '/page.php'
56 )
57 )
58 );
59
60 $this->assertEquals(
61 'http://host.tld/admin/page.php',
62 page_url(
63 array(
64 'HTTPS' => 'Off',
65 'SERVER_NAME' => 'host.tld',
66 'SERVER_PORT' => '80',
67 'SCRIPT_NAME' => '/admin/page.php'
68 )
69 )
70 );
71 }
72}
diff --git a/tests/HttpUtils/PageUrlTest.php b/tests/HttpUtils/PageUrlTest.php
new file mode 100644
index 00000000..4dbbe9cf
--- /dev/null
+++ b/tests/HttpUtils/PageUrlTest.php
@@ -0,0 +1,76 @@
1<?php
2/**
3 * HttpUtils' tests
4 */
5
6require_once 'application/HttpUtils.php';
7
8/**
9 * Unitary tests for page_url()
10 */
11class PageUrlTest extends PHPUnit_Framework_TestCase
12{
13 /**
14 * If on the main page, remove "index.php" from the URL resource
15 */
16 public function testRemoveIndex()
17 {
18 $this->assertEquals(
19 'http://host.tld/?p1=v1&p2=v2',
20 page_url(
21 array(
22 'HTTPS' => 'Off',
23 'SERVER_NAME' => 'host.tld',
24 'SERVER_PORT' => '80',
25 'SCRIPT_NAME' => '/index.php',
26 'QUERY_STRING' => 'p1=v1&p2=v2'
27 )
28 )
29 );
30
31 $this->assertEquals(
32 'http://host.tld/admin/?action=edit_tag',
33 page_url(
34 array(
35 'HTTPS' => 'Off',
36 'SERVER_NAME' => 'host.tld',
37 'SERVER_PORT' => '80',
38 'SCRIPT_NAME' => '/admin/index.php',
39 'QUERY_STRING' => 'action=edit_tag'
40 )
41 )
42 );
43 }
44
45 /**
46 * The resource is != "index.php"
47 */
48 public function testOtherResource()
49 {
50 $this->assertEquals(
51 'http://host.tld/page.php?p1=v1&p2=v2',
52 page_url(
53 array(
54 'HTTPS' => 'Off',
55 'SERVER_NAME' => 'host.tld',
56 'SERVER_PORT' => '80',
57 'SCRIPT_NAME' => '/page.php',
58 'QUERY_STRING' => 'p1=v1&p2=v2'
59 )
60 )
61 );
62
63 $this->assertEquals(
64 'http://host.tld/admin/page.php?action=edit_tag',
65 page_url(
66 array(
67 'HTTPS' => 'Off',
68 'SERVER_NAME' => 'host.tld',
69 'SERVER_PORT' => '80',
70 'SCRIPT_NAME' => '/admin/page.php',
71 'QUERY_STRING' => 'action=edit_tag'
72 )
73 )
74 );
75 }
76}
diff --git a/tests/HttpUtils/ServerUrlTest.php b/tests/HttpUtils/ServerUrlTest.php
new file mode 100644
index 00000000..5096db65
--- /dev/null
+++ b/tests/HttpUtils/ServerUrlTest.php
@@ -0,0 +1,135 @@
1<?php
2/**
3 * HttpUtils' tests
4 */
5
6require_once 'application/HttpUtils.php';
7
8/**
9 * Unitary tests for server_url()
10 */
11class ServerUrlTest extends PHPUnit_Framework_TestCase
12{
13 /**
14 * Detect if the server uses SSL
15 */
16 public function testHttpsScheme()
17 {
18 $this->assertEquals(
19 'https://host.tld',
20 server_url(
21 array(
22 'HTTPS' => 'ON',
23 'SERVER_NAME' => 'host.tld',
24 'SERVER_PORT' => '443'
25 )
26 )
27 );
28
29 $this->assertEquals(
30 'https://host.tld:8080',
31 server_url(
32 array(
33 'HTTPS' => 'ON',
34 'SERVER_NAME' => 'host.tld',
35 'SERVER_PORT' => '8080'
36 )
37 )
38 );
39 }
40
41 /**
42 * Detect a Proxy with SSL enabled
43 */
44 public function testHttpsProxyForward()
45 {
46 $this->assertEquals(
47 'https://host.tld:8080',
48 server_url(
49 array(
50 'HTTPS' => 'Off',
51 'SERVER_NAME' => 'host.tld',
52 'SERVER_PORT' => '80',
53 'HTTP_X_FORWARDED_PROTO' => 'https',
54 'HTTP_X_FORWARDED_PORT' => '8080'
55 )
56 )
57 );
58
59 $this->assertEquals(
60 'https://host.tld',
61 server_url(
62 array(
63 'HTTPS' => 'Off',
64 'SERVER_NAME' => 'host.tld',
65 'SERVER_PORT' => '80',
66 'HTTP_X_FORWARDED_PROTO' => 'https'
67 )
68 )
69 );
70 }
71
72 /**
73 * Detect if the server uses a specific port (!= 80)
74 */
75 public function testPort()
76 {
77 // HTTP
78 $this->assertEquals(
79 'http://host.tld:8080',
80 server_url(
81 array(
82 'HTTPS' => 'OFF',
83 'SERVER_NAME' => 'host.tld',
84 'SERVER_PORT' => '8080'
85 )
86 )
87 );
88
89 // HTTPS
90 $this->assertEquals(
91 'https://host.tld:8080',
92 server_url(
93 array(
94 'HTTPS' => 'ON',
95 'SERVER_NAME' => 'host.tld',
96 'SERVER_PORT' => '8080'
97 )
98 )
99 );
100 }
101
102 /**
103 * HTTP server on port 80
104 */
105 public function testStandardHttpPort()
106 {
107 $this->assertEquals(
108 'http://host.tld',
109 server_url(
110 array(
111 'HTTPS' => 'OFF',
112 'SERVER_NAME' => 'host.tld',
113 'SERVER_PORT' => '80'
114 )
115 )
116 );
117 }
118
119 /**
120 * HTTPS server on port 443
121 */
122 public function testStandardHttpsPort()
123 {
124 $this->assertEquals(
125 'https://host.tld',
126 server_url(
127 array(
128 'HTTPS' => 'ON',
129 'SERVER_NAME' => 'host.tld',
130 'SERVER_PORT' => '443'
131 )
132 )
133 );
134 }
135}