aboutsummaryrefslogtreecommitdiffhomepage
path: root/index.php
diff options
context:
space:
mode:
authorSebastien SAUVAGE <sebsauvage@sebsauvage.net>2013-08-03 22:00:09 +0200
committerSebastien SAUVAGE <sebsauvage@sebsauvage.net>2013-08-03 22:00:09 +0200
commitf6a6ca0aec6cc09ee76d827cc07d3c0ed66c8eb0 (patch)
tree794e176de5069663765e8de543ea61b41ced552f /index.php
parent99954e12900401c5c725e65bce28cc1711653e45 (diff)
downloadShaarli-f6a6ca0aec6cc09ee76d827cc07d3c0ed66c8eb0.tar.gz
Shaarli-f6a6ca0aec6cc09ee76d827cc07d3c0ed66c8eb0.tar.zst
Shaarli-f6a6ca0aec6cc09ee76d827cc07d3c0ed66c8eb0.zip
SERVER_NAME changed to HTTP_HOST
SERVER_NAME changed to HTTP_HOST because SERVER_NAME can cause problems on some misconfigured hosts. HTTP_HOST is usually more reliable with those servers. (cf. http://stackoverflow.com/questions/2297403/http-host-vs-server-name). This should cause less problem on most hosts.
Diffstat (limited to 'index.php')
-rw-r--r--index.php14
1 files changed, 7 insertions, 7 deletions
diff --git a/index.php b/index.php
index 1d13e55c..8b5c912a 100644
--- a/index.php
+++ b/index.php
@@ -41,7 +41,7 @@ define('PHPSUFFIX',' */ ?>'); // Suffix to encapsulate data in php code.
41// Force cookie path (but do not change lifetime) 41// Force cookie path (but do not change lifetime)
42$cookie=session_get_cookie_params(); 42$cookie=session_get_cookie_params();
43$cookiedir = ''; if(dirname($_SERVER['SCRIPT_NAME'])!='/') $cookiedir=dirname($_SERVER["SCRIPT_NAME"]).'/'; 43$cookiedir = ''; if(dirname($_SERVER['SCRIPT_NAME'])!='/') $cookiedir=dirname($_SERVER["SCRIPT_NAME"]).'/';
44session_set_cookie_params($cookie['lifetime'],$cookiedir,$_SERVER['SERVER_NAME']); // Set default cookie expiration and path. 44session_set_cookie_params($cookie['lifetime'],$cookiedir,$_SERVER['HTTP_HOST']); // Set default cookie expiration and path.
45 45
46// Set session parameters on server side. 46// Set session parameters on server side.
47define('INACTIVITY_TIMEOUT',3600); // (in seconds). If the user does not access any page within this time, his/her session is considered expired. 47define('INACTIVITY_TIMEOUT',3600); // (in seconds). If the user does not access any page within this time, his/her session is considered expired.
@@ -400,14 +400,14 @@ if (isset($_POST['login']))
400 $_SESSION['expires_on']=time()+$_SESSION['longlastingsession']; // Set session expiration on server-side. 400 $_SESSION['expires_on']=time()+$_SESSION['longlastingsession']; // Set session expiration on server-side.
401 401
402 $cookiedir = ''; if(dirname($_SERVER['SCRIPT_NAME'])!='/') $cookiedir=dirname($_SERVER["SCRIPT_NAME"]).'/'; 402 $cookiedir = ''; if(dirname($_SERVER['SCRIPT_NAME'])!='/') $cookiedir=dirname($_SERVER["SCRIPT_NAME"]).'/';
403 session_set_cookie_params($_SESSION['longlastingsession'],$cookiedir,$_SERVER['SERVER_NAME']); // Set session cookie expiration on client side 403 session_set_cookie_params($_SESSION['longlastingsession'],$cookiedir,$_SERVER['HTTP_HOST']); // Set session cookie expiration on client side
404 // Note: Never forget the trailing slash on the cookie path ! 404 // Note: Never forget the trailing slash on the cookie path !
405 session_regenerate_id(true); // Send cookie with new expiration date to browser. 405 session_regenerate_id(true); // Send cookie with new expiration date to browser.
406 } 406 }
407 else // Standard session expiration (=when browser closes) 407 else // Standard session expiration (=when browser closes)
408 { 408 {
409 $cookiedir = ''; if(dirname($_SERVER['SCRIPT_NAME'])!='/') $cookiedir=dirname($_SERVER["SCRIPT_NAME"]).'/'; 409 $cookiedir = ''; if(dirname($_SERVER['SCRIPT_NAME'])!='/') $cookiedir=dirname($_SERVER["SCRIPT_NAME"]).'/';
410 session_set_cookie_params(0,$cookiedir,$_SERVER['SERVER_NAME']); // 0 means "When browser closes" 410 session_set_cookie_params(0,$cookiedir,$_SERVER['HTTP_HOST']); // 0 means "When browser closes"
411 session_regenerate_id(true); 411 session_regenerate_id(true);
412 } 412 }
413 // Optional redirect after login: 413 // Optional redirect after login:
@@ -439,7 +439,7 @@ function serverUrl()
439{ 439{
440 $https = (!empty($_SERVER['HTTPS']) && (strtolower($_SERVER['HTTPS'])=='on')) || $_SERVER["SERVER_PORT"]=='443'; // HTTPS detection. 440 $https = (!empty($_SERVER['HTTPS']) && (strtolower($_SERVER['HTTPS'])=='on')) || $_SERVER["SERVER_PORT"]=='443'; // HTTPS detection.
441 $serverport = ($_SERVER["SERVER_PORT"]=='80' || ($https && $_SERVER["SERVER_PORT"]=='443') ? '' : ':'.$_SERVER["SERVER_PORT"]); 441 $serverport = ($_SERVER["SERVER_PORT"]=='80' || ($https && $_SERVER["SERVER_PORT"]=='443') ? '' : ':'.$_SERVER["SERVER_PORT"]);
442 return 'http'.($https?'s':'').'://'.$_SERVER["SERVER_NAME"].$serverport; 442 return 'http'.($https?'s':'').'://'.$_SERVER['HTTP_HOST'].$serverport;
443} 443}
444 444
445// Returns the absolute URL of current script, without the query. 445// Returns the absolute URL of current script, without the query.
@@ -1279,7 +1279,7 @@ function renderPage()
1279 if (is_numeric($_GET['linksperpage'])) { $_SESSION['LINKS_PER_PAGE']=abs(intval($_GET['linksperpage'])); } 1279 if (is_numeric($_GET['linksperpage'])) { $_SESSION['LINKS_PER_PAGE']=abs(intval($_GET['linksperpage'])); }
1280 // Make sure the referer is from Shaarli itself. 1280 // Make sure the referer is from Shaarli itself.
1281 $referer = '?'; 1281 $referer = '?';
1282 if (!empty($_SERVER['HTTP_REFERER']) && strcmp(parse_url($_SERVER['HTTP_REFERER'],PHP_URL_HOST),$_SERVER['SERVER_NAME'])==0) 1282 if (!empty($_SERVER['HTTP_REFERER']) && strcmp(parse_url($_SERVER['HTTP_REFERER'],PHP_URL_HOST),$_SERVER['HTTP_HOST'])==0)
1283 $referer = $_SERVER['HTTP_REFERER']; 1283 $referer = $_SERVER['HTTP_REFERER'];
1284 header('Location: '.$referer); 1284 header('Location: '.$referer);
1285 exit; 1285 exit;
@@ -1298,7 +1298,7 @@ function renderPage()
1298 } 1298 }
1299 // Make sure the referer is from Shaarli itself. 1299 // Make sure the referer is from Shaarli itself.
1300 $referer = '?'; 1300 $referer = '?';
1301 if (!empty($_SERVER['HTTP_REFERER']) && strcmp(parse_url($_SERVER['HTTP_REFERER'],PHP_URL_HOST),$_SERVER['SERVER_NAME'])==0) 1301 if (!empty($_SERVER['HTTP_REFERER']) && strcmp(parse_url($_SERVER['HTTP_REFERER'],PHP_URL_HOST),$_SERVER['HTTP_HOST'])==0)
1302 $referer = $_SERVER['HTTP_REFERER']; 1302 $referer = $_SERVER['HTTP_REFERER'];
1303 header('Location: '.$referer); 1303 header('Location: '.$referer);
1304 exit; 1304 exit;
@@ -2009,7 +2009,7 @@ function lazyThumbnail($url,$href=false)
2009function install() 2009function install()
2010{ 2010{
2011 // On free.fr host, make sure the /sessions directory exists, otherwise login will not work. 2011 // On free.fr host, make sure the /sessions directory exists, otherwise login will not work.
2012 if (endsWith($_SERVER['SERVER_NAME'],'.free.fr') && !is_dir($_SERVER['DOCUMENT_ROOT'].'/sessions')) mkdir($_SERVER['DOCUMENT_ROOT'].'/sessions',0705); 2012 if (endsWith($_SERVER['HTTP_HOST'],'.free.fr') && !is_dir($_SERVER['DOCUMENT_ROOT'].'/sessions')) mkdir($_SERVER['DOCUMENT_ROOT'].'/sessions',0705);
2013 2013
2014 2014
2015 // This part makes sure sessions works correctly. 2015 // This part makes sure sessions works correctly.