SERVER_NAME changed to HTTP_HOST

SERVER_NAME changed to HTTP_HOST because SERVER_NAME can cause problems on some misconfigured hosts. HTTP_HOST is usually more reliable with those servers. (cf. http://stackoverflow.com/questions/2297403/http-host-vs-server-name). This should cause less problem on most hosts.
author: Sebastien SAUVAGE <sebsauvage@sebsauvage.net> 2013-08-03 22:00:09 +0200
committer: Sebastien SAUVAGE <sebsauvage@sebsauvage.net> 2013-08-03 22:00:09 +0200
commit: f6a6ca0aec6cc09ee76d827cc07d3c0ed66c8eb0 (patch)
tree: 794e176de5069663765e8de543ea61b41ced552f /index.php
parent: 99954e12900401c5c725e65bce28cc1711653e45 (diff)
download: Shaarli-f6a6ca0aec6cc09ee76d827cc07d3c0ed66c8eb0.tar.gz
Shaarli-f6a6ca0aec6cc09ee76d827cc07d3c0ed66c8eb0.tar.zst
Shaarli-f6a6ca0aec6cc09ee76d827cc07d3c0ed66c8eb0.zip
1 files changed, 7 insertions, 7 deletions
diff --git a/index.php b/index.php
index 1d13e55c..8b5c912a 100644
--- a/index.php
+++ b/index.php
@@ -41,7 +41,7 @@ define('PHPSUFFIX',' */ ?>'); // Suffix to encapsulate data in php code.
 // Force cookie path (but do not change lifetime)
 $cookie=session_get_cookie_params();
 $cookiedir = ''; if(dirname($_SERVER['SCRIPT_NAME'])!='/') $cookiedir=dirname($_SERVER["SCRIPT_NAME"]).'/';
-session_set_cookie_params($cookie['lifetime'],$cookiedir,$_SERVER['SERVER_NAME']); // Set default cookie expiration and path.
+session_set_cookie_params($cookie['lifetime'],$cookiedir,$_SERVER['HTTP_HOST']); // Set default cookie expiration and path.
 // Set session parameters on server side.
 define('INACTIVITY_TIMEOUT',3600); // (in seconds). If the user does not access any page within this time, his/her session is considered expired.
@@ -400,14 +400,14 @@ if (isset($_POST['login']))
            $_SESSION['expires_on']=time()+$_SESSION['longlastingsession'];  // Set session expiration on server-side.
            $cookiedir = ''; if(dirname($_SERVER['SCRIPT_NAME'])!='/') $cookiedir=dirname($_SERVER["SCRIPT_NAME"]).'/';
-            session_set_cookie_params($_SESSION['longlastingsession'],$cookiedir,$_SERVER['SERVER_NAME']); // Set session cookie expiration on client side
+            session_set_cookie_params($_SESSION['longlastingsession'],$cookiedir,$_SERVER['HTTP_HOST']); // Set session cookie expiration on client side
            // Note: Never forget the trailing slash on the cookie path !
            session_regenerate_id(true);  // Send cookie with new expiration date to browser.
        }
        else // Standard session expiration (=when browser closes)
        {
            $cookiedir = ''; if(dirname($_SERVER['SCRIPT_NAME'])!='/') $cookiedir=dirname($_SERVER["SCRIPT_NAME"]).'/';
-            session_set_cookie_params(0,$cookiedir,$_SERVER['SERVER_NAME']); // 0 means "When browser closes"
+            session_set_cookie_params(0,$cookiedir,$_SERVER['HTTP_HOST']); // 0 means "When browser closes"
            session_regenerate_id(true);
        }
        // Optional redirect after login:
@@ -439,7 +439,7 @@ function serverUrl()
 {
    $https = (!empty($_SERVER['HTTPS']) && (strtolower($_SERVER['HTTPS'])=='on')) || $_SERVER["SERVER_PORT"]=='443'; // HTTPS detection.
    $serverport = ($_SERVER["SERVER_PORT"]=='80' || ($https && $_SERVER["SERVER_PORT"]=='443') ? '' : ':'.$_SERVER["SERVER_PORT"]);
-    return 'http'.($https?'s':'').'://'.$_SERVER["SERVER_NAME"].$serverport;
+    return 'http'.($https?'s':'').'://'.$_SERVER['HTTP_HOST'].$serverport;
 }
 // Returns the absolute URL of current script, without the query.
@@ -1279,7 +1279,7 @@ function renderPage()
        if (is_numeric($_GET['linksperpage'])) { $_SESSION['LINKS_PER_PAGE']=abs(intval($_GET['linksperpage'])); }
        // Make sure the referer is from Shaarli itself.
        $referer = '?';
-        if (!empty($_SERVER['HTTP_REFERER']) && strcmp(parse_url($_SERVER['HTTP_REFERER'],PHP_URL_HOST),$_SERVER['SERVER_NAME'])==0)
+        if (!empty($_SERVER['HTTP_REFERER']) && strcmp(parse_url($_SERVER['HTTP_REFERER'],PHP_URL_HOST),$_SERVER['HTTP_HOST'])==0)
            $referer = $_SERVER['HTTP_REFERER'];
        header('Location: '.$referer);
        exit;
@@ -1298,7 +1298,7 @@ function renderPage()
        }
        // Make sure the referer is from Shaarli itself.
        $referer = '?';
-        if (!empty($_SERVER['HTTP_REFERER']) && strcmp(parse_url($_SERVER['HTTP_REFERER'],PHP_URL_HOST),$_SERVER['SERVER_NAME'])==0)
+        if (!empty($_SERVER['HTTP_REFERER']) && strcmp(parse_url($_SERVER['HTTP_REFERER'],PHP_URL_HOST),$_SERVER['HTTP_HOST'])==0)
            $referer = $_SERVER['HTTP_REFERER'];
        header('Location: '.$referer);
        exit;
@@ -2009,7 +2009,7 @@ function lazyThumbnail($url,$href=false)
 function install()
 {
    // On free.fr host, make sure the /sessions directory exists, otherwise login will not work.
-    if (endsWith($_SERVER['SERVER_NAME'],'.free.fr') && !is_dir($_SERVER['DOCUMENT_ROOT'].'/sessions')) mkdir($_SERVER['DOCUMENT_ROOT'].'/sessions',0705);
+    if (endsWith($_SERVER['HTTP_HOST'],'.free.fr') && !is_dir($_SERVER['DOCUMENT_ROOT'].'/sessions')) mkdir($_SERVER['DOCUMENT_ROOT'].'/sessions',0705);
    // This part makes sure sessions works correctly.
author	Sebastien SAUVAGE <sebsauvage@sebsauvage.net>	2013-08-03 22:00:09 +0200
committer	Sebastien SAUVAGE <sebsauvage@sebsauvage.net>	2013-08-03 22:00:09 +0200
commit	f6a6ca0aec6cc09ee76d827cc07d3c0ed66c8eb0 (patch)
tree	794e176de5069663765e8de543ea61b41ced552f /index.php
parent	99954e12900401c5c725e65bce28cc1711653e45 (diff)
download	Shaarli-f6a6ca0aec6cc09ee76d827cc07d3c0ed66c8eb0.tar.gz Shaarli-f6a6ca0aec6cc09ee76d827cc07d3c0ed66c8eb0.tar.zst Shaarli-f6a6ca0aec6cc09ee76d827cc07d3c0ed66c8eb0.zip

diff --git a/index.php b/index.php index 1d13e55c..8b5c912a 100644 --- a/index.php +++ b/index.php
@@ -41,7 +41,7 @@ define('PHPSUFFIX',' */ ?>'); // Suffix to encapsulate data in php code.
41	// Force cookie path (but do not change lifetime)	41	// Force cookie path (but do not change lifetime)
42	$cookie=session_get_cookie_params();	42	$cookie=session_get_cookie_params();
43	$cookiedir = ''; if(dirname($_SERVER['SCRIPT_NAME'])!='/') $cookiedir=dirname($_SERVER["SCRIPT_NAME"]).'/';	43	$cookiedir = ''; if(dirname($_SERVER['SCRIPT_NAME'])!='/') $cookiedir=dirname($_SERVER["SCRIPT_NAME"]).'/';
44	session_set_cookie_params($cookie['lifetime'],$cookiedir,$_SERVER['SERVER_NAME']); // Set default cookie expiration and path.	44	session_set_cookie_params($cookie['lifetime'],$cookiedir,$_SERVER['HTTP_HOST']); // Set default cookie expiration and path.
45		45
46	// Set session parameters on server side.	46	// Set session parameters on server side.
47	define('INACTIVITY_TIMEOUT',3600); // (in seconds). If the user does not access any page within this time, his/her session is considered expired.	47	define('INACTIVITY_TIMEOUT',3600); // (in seconds). If the user does not access any page within this time, his/her session is considered expired.
@@ -400,14 +400,14 @@ if (isset($_POST['login']))
400	$_SESSION['expires_on']=time()+$_SESSION['longlastingsession']; // Set session expiration on server-side.	400	$_SESSION['expires_on']=time()+$_SESSION['longlastingsession']; // Set session expiration on server-side.
401		401
402	$cookiedir = ''; if(dirname($_SERVER['SCRIPT_NAME'])!='/') $cookiedir=dirname($_SERVER["SCRIPT_NAME"]).'/';	402	$cookiedir = ''; if(dirname($_SERVER['SCRIPT_NAME'])!='/') $cookiedir=dirname($_SERVER["SCRIPT_NAME"]).'/';
403	session_set_cookie_params($_SESSION['longlastingsession'],$cookiedir,$_SERVER['SERVER_NAME']); // Set session cookie expiration on client side	403	session_set_cookie_params($_SESSION['longlastingsession'],$cookiedir,$_SERVER['HTTP_HOST']); // Set session cookie expiration on client side
404	// Note: Never forget the trailing slash on the cookie path !	404	// Note: Never forget the trailing slash on the cookie path !
405	session_regenerate_id(true); // Send cookie with new expiration date to browser.	405	session_regenerate_id(true); // Send cookie with new expiration date to browser.
406	}	406	}
407	else // Standard session expiration (=when browser closes)	407	else // Standard session expiration (=when browser closes)
408	{	408	{
409	$cookiedir = ''; if(dirname($_SERVER['SCRIPT_NAME'])!='/') $cookiedir=dirname($_SERVER["SCRIPT_NAME"]).'/';	409	$cookiedir = ''; if(dirname($_SERVER['SCRIPT_NAME'])!='/') $cookiedir=dirname($_SERVER["SCRIPT_NAME"]).'/';
410	session_set_cookie_params(0,$cookiedir,$_SERVER['SERVER_NAME']); // 0 means "When browser closes"	410	session_set_cookie_params(0,$cookiedir,$_SERVER['HTTP_HOST']); // 0 means "When browser closes"
411	session_regenerate_id(true);	411	session_regenerate_id(true);
412	}	412	}
413	// Optional redirect after login:	413	// Optional redirect after login:
@@ -439,7 +439,7 @@ function serverUrl()
439	{	439	{
440	$https = (!empty($_SERVER['HTTPS']) && (strtolower($_SERVER['HTTPS'])=='on')) \|\| $_SERVER["SERVER_PORT"]=='443'; // HTTPS detection.	440	$https = (!empty($_SERVER['HTTPS']) && (strtolower($_SERVER['HTTPS'])=='on')) \|\| $_SERVER["SERVER_PORT"]=='443'; // HTTPS detection.
441	$serverport = ($_SERVER["SERVER_PORT"]=='80' \|\| ($https && $_SERVER["SERVER_PORT"]=='443') ? '' : ':'.$_SERVER["SERVER_PORT"]);	441	$serverport = ($_SERVER["SERVER_PORT"]=='80' \|\| ($https && $_SERVER["SERVER_PORT"]=='443') ? '' : ':'.$_SERVER["SERVER_PORT"]);
442	return 'http'.($https?'s':'').'://'.$_SERVER["SERVER_NAME"].$serverport;	442	return 'http'.($https?'s':'').'://'.$_SERVER['HTTP_HOST'].$serverport;
443	}	443	}
444		444
445	// Returns the absolute URL of current script, without the query.	445	// Returns the absolute URL of current script, without the query.
@@ -1279,7 +1279,7 @@ function renderPage()
1279	if (is_numeric($_GET['linksperpage'])) { $_SESSION['LINKS_PER_PAGE']=abs(intval($_GET['linksperpage'])); }	1279	if (is_numeric($_GET['linksperpage'])) { $_SESSION['LINKS_PER_PAGE']=abs(intval($_GET['linksperpage'])); }
1280	// Make sure the referer is from Shaarli itself.	1280	// Make sure the referer is from Shaarli itself.
1281	$referer = '?';	1281	$referer = '?';
1282	if (!empty($_SERVER['HTTP_REFERER']) && strcmp(parse_url($_SERVER['HTTP_REFERER'],PHP_URL_HOST),$_SERVER['SERVER_NAME'])==0)	1282	if (!empty($_SERVER['HTTP_REFERER']) && strcmp(parse_url($_SERVER['HTTP_REFERER'],PHP_URL_HOST),$_SERVER['HTTP_HOST'])==0)
1283	$referer = $_SERVER['HTTP_REFERER'];	1283	$referer = $_SERVER['HTTP_REFERER'];
1284	header('Location: '.$referer);	1284	header('Location: '.$referer);
1285	exit;	1285	exit;
@@ -1298,7 +1298,7 @@ function renderPage()
1298	}	1298	}
1299	// Make sure the referer is from Shaarli itself.	1299	// Make sure the referer is from Shaarli itself.
1300	$referer = '?';	1300	$referer = '?';
1301	if (!empty($_SERVER['HTTP_REFERER']) && strcmp(parse_url($_SERVER['HTTP_REFERER'],PHP_URL_HOST),$_SERVER['SERVER_NAME'])==0)	1301	if (!empty($_SERVER['HTTP_REFERER']) && strcmp(parse_url($_SERVER['HTTP_REFERER'],PHP_URL_HOST),$_SERVER['HTTP_HOST'])==0)
1302	$referer = $_SERVER['HTTP_REFERER'];	1302	$referer = $_SERVER['HTTP_REFERER'];
1303	header('Location: '.$referer);	1303	header('Location: '.$referer);
1304	exit;	1304	exit;
@@ -2009,7 +2009,7 @@ function lazyThumbnail($url,$href=false)
2009	function install()	2009	function install()
2010	{	2010	{
2011	// On free.fr host, make sure the /sessions directory exists, otherwise login will not work.	2011	// On free.fr host, make sure the /sessions directory exists, otherwise login will not work.
2012	if (endsWith($_SERVER['SERVER_NAME'],'.free.fr') && !is_dir($_SERVER['DOCUMENT_ROOT'].'/sessions')) mkdir($_SERVER['DOCUMENT_ROOT'].'/sessions',0705);	2012	if (endsWith($_SERVER['HTTP_HOST'],'.free.fr') && !is_dir($_SERVER['DOCUMENT_ROOT'].'/sessions')) mkdir($_SERVER['DOCUMENT_ROOT'].'/sessions',0705);
2013		2013
2014		2014
2015	// This part makes sure sessions works correctly.	2015	// This part makes sure sessions works correctly.