diff options
-rw-r--r-- | application/HttpUtils.php | 80 | ||||
-rwxr-xr-x | index.php | 78 | ||||
-rw-r--r-- | tests/HttpUtils/GetHttpUrlTest.php (renamed from tests/HttpUtilsTest.php) | 0 | ||||
-rw-r--r-- | tests/HttpUtils/IndexUrlTest.php | 72 | ||||
-rw-r--r-- | tests/HttpUtils/PageUrlTest.php | 76 | ||||
-rw-r--r-- | tests/HttpUtils/ServerUrlTest.php | 135 |
6 files changed, 388 insertions, 53 deletions
diff --git a/application/HttpUtils.php b/application/HttpUtils.php index 175333ae..499220c5 100644 --- a/application/HttpUtils.php +++ b/application/HttpUtils.php | |||
@@ -50,3 +50,83 @@ function get_http_url($url, $timeout = 30, $maxBytes = 4194304) | |||
50 | 50 | ||
51 | return array(get_headers($url, 1), $content); | 51 | return array(get_headers($url, 1), $content); |
52 | } | 52 | } |
53 | |||
54 | /** | ||
55 | * Returns the server's base URL: scheme://domain.tld[:port] | ||
56 | * | ||
57 | * @param array $server the $_SERVER array | ||
58 | * | ||
59 | * @return string the server's base URL | ||
60 | * | ||
61 | * @see http://www.ietf.org/rfc/rfc7239.txt | ||
62 | * @see http://www.ietf.org/rfc/rfc6648.txt | ||
63 | * @see http://stackoverflow.com/a/3561399 | ||
64 | * @see http://stackoverflow.com/q/452375 | ||
65 | */ | ||
66 | function server_url($server) | ||
67 | { | ||
68 | $scheme = 'http'; | ||
69 | $port = ''; | ||
70 | |||
71 | // Shaarli is served behind a proxy | ||
72 | if (isset($server['HTTP_X_FORWARDED_PROTO'])) { | ||
73 | // Keep forwarded scheme | ||
74 | $scheme = $server['HTTP_X_FORWARDED_PROTO']; | ||
75 | |||
76 | if (isset($server['HTTP_X_FORWARDED_PORT'])) { | ||
77 | // Keep forwarded port | ||
78 | $port = ':'.$server['HTTP_X_FORWARDED_PORT']; | ||
79 | } | ||
80 | |||
81 | return $scheme.'://'.$server['SERVER_NAME'].$port; | ||
82 | } | ||
83 | |||
84 | // SSL detection | ||
85 | if ((! empty($server['HTTPS']) && strtolower($server['HTTPS']) == 'on') | ||
86 | || (isset($server['SERVER_PORT']) && $server['SERVER_PORT'] == '443')) { | ||
87 | $scheme = 'https'; | ||
88 | } | ||
89 | |||
90 | // Do not append standard port values | ||
91 | if (($scheme == 'http' && $server['SERVER_PORT'] != '80') | ||
92 | || ($scheme == 'https' && $server['SERVER_PORT'] != '443')) { | ||
93 | $port = ':'.$server['SERVER_PORT']; | ||
94 | } | ||
95 | |||
96 | return $scheme.'://'.$server['SERVER_NAME'].$port; | ||
97 | } | ||
98 | |||
99 | /** | ||
100 | * Returns the absolute URL of the current script, without the query | ||
101 | * | ||
102 | * If the resource is "index.php", then it is removed (for better-looking URLs) | ||
103 | * | ||
104 | * @param array $server the $_SERVER array | ||
105 | * | ||
106 | * @return string the absolute URL of the current script, without the query | ||
107 | */ | ||
108 | function index_url($server) | ||
109 | { | ||
110 | $scriptname = $server['SCRIPT_NAME']; | ||
111 | if (endswith($scriptname, 'index.php')) { | ||
112 | $scriptname = substr($scriptname, 0, -9); | ||
113 | } | ||
114 | return server_url($server) . $scriptname; | ||
115 | } | ||
116 | |||
117 | /** | ||
118 | * Returns the absolute URL of the current script, with the query | ||
119 | * | ||
120 | * If the resource is "index.php", then it is removed (for better-looking URLs) | ||
121 | * | ||
122 | * @param array $server the $_SERVER array | ||
123 | * | ||
124 | * @return string the absolute URL of the current script, with the query | ||
125 | */ | ||
126 | function page_url($server) | ||
127 | { | ||
128 | if (! empty($server['QUERY_STRING'])) { | ||
129 | return index_url($server).'?'.$server['QUERY_STRING']; | ||
130 | } | ||
131 | return index_url($server); | ||
132 | } | ||
@@ -131,7 +131,7 @@ header("Pragma: no-cache"); | |||
131 | if (!is_writable(realpath(dirname(__FILE__)))) die('<pre>ERROR: Shaarli does not have the right to write in its own directory.</pre>'); | 131 | if (!is_writable(realpath(dirname(__FILE__)))) die('<pre>ERROR: Shaarli does not have the right to write in its own directory.</pre>'); |
132 | 132 | ||
133 | // Handling of old config file which do not have the new parameters. | 133 | // Handling of old config file which do not have the new parameters. |
134 | if (empty($GLOBALS['title'])) $GLOBALS['title']='Shared links on '.escape(indexUrl()); | 134 | if (empty($GLOBALS['title'])) $GLOBALS['title']='Shared links on '.escape(index_url($_SERVER)); |
135 | if (empty($GLOBALS['timezone'])) $GLOBALS['timezone']=date_default_timezone_get(); | 135 | if (empty($GLOBALS['timezone'])) $GLOBALS['timezone']=date_default_timezone_get(); |
136 | if (empty($GLOBALS['redirector'])) $GLOBALS['redirector']=''; | 136 | if (empty($GLOBALS['redirector'])) $GLOBALS['redirector']=''; |
137 | if (empty($GLOBALS['disablesessionprotection'])) $GLOBALS['disablesessionprotection']=false; | 137 | if (empty($GLOBALS['disablesessionprotection'])) $GLOBALS['disablesessionprotection']=false; |
@@ -277,8 +277,8 @@ function pubsubhub() | |||
277 | { | 277 | { |
278 | $p = new Publisher($GLOBALS['config']['PUBSUBHUB_URL']); | 278 | $p = new Publisher($GLOBALS['config']['PUBSUBHUB_URL']); |
279 | $topic_url = array ( | 279 | $topic_url = array ( |
280 | indexUrl().'?do=atom', | 280 | index_url($_SERVER).'?do=atom', |
281 | indexUrl().'?do=rss' | 281 | index_url($_SERVER).'?do=rss' |
282 | ); | 282 | ); |
283 | $p->publish_update($topic_url); | 283 | $p->publish_update($topic_url); |
284 | } | 284 | } |
@@ -458,34 +458,6 @@ if (isset($_POST['login'])) | |||
458 | // ------------------------------------------------------------------------------------------ | 458 | // ------------------------------------------------------------------------------------------ |
459 | // Misc utility functions: | 459 | // Misc utility functions: |
460 | 460 | ||
461 | // Returns the server URL (including port and http/https), without path. | ||
462 | // e.g. "http://myserver.com:8080" | ||
463 | // You can append $_SERVER['SCRIPT_NAME'] to get the current script URL. | ||
464 | function serverUrl() | ||
465 | { | ||
466 | $https = (!empty($_SERVER['HTTPS']) && (strtolower($_SERVER['HTTPS'])=='on')) || $_SERVER["SERVER_PORT"]=='443' || (!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https'); // HTTPS detection. | ||
467 | $serverport = ($_SERVER["SERVER_PORT"]=='80' || ($https && $_SERVER["SERVER_PORT"]=='443') ? '' : ':'.$_SERVER["SERVER_PORT"]); | ||
468 | return 'http'.($https?'s':'').'://'.$_SERVER['SERVER_NAME'].$serverport; | ||
469 | } | ||
470 | |||
471 | // Returns the absolute URL of current script, without the query. | ||
472 | // (e.g. http://sebsauvage.net/links/) | ||
473 | function indexUrl() | ||
474 | { | ||
475 | $scriptname = $_SERVER["SCRIPT_NAME"]; | ||
476 | // If the script is named 'index.php', we remove it (for better looking URLs, | ||
477 | // e.g. http://mysite.com/shaarli/?abcde instead of http://mysite.com/shaarli/index.php?abcde) | ||
478 | if (endswith($scriptname,'index.php')) $scriptname = substr($scriptname,0,strlen($scriptname)-9); | ||
479 | return serverUrl() . $scriptname; | ||
480 | } | ||
481 | |||
482 | // Returns the absolute URL of current script, WITH the query. | ||
483 | // (e.g. http://sebsauvage.net/links/?toto=titi&spamspamspam=humbug) | ||
484 | function pageUrl() | ||
485 | { | ||
486 | return indexUrl().(!empty($_SERVER["QUERY_STRING"]) ? '?'.$_SERVER["QUERY_STRING"] : ''); | ||
487 | } | ||
488 | |||
489 | // Convert post_max_size/upload_max_filesize (e.g. '16M') parameters to bytes. | 461 | // Convert post_max_size/upload_max_filesize (e.g. '16M') parameters to bytes. |
490 | function return_bytes($val) | 462 | function return_bytes($val) |
491 | { | 463 | { |
@@ -591,14 +563,14 @@ class pageBuilder | |||
591 | { | 563 | { |
592 | $this->tpl = new RainTPL; | 564 | $this->tpl = new RainTPL; |
593 | $this->tpl->assign('newversion',escape(checkUpdate())); | 565 | $this->tpl->assign('newversion',escape(checkUpdate())); |
594 | $this->tpl->assign('feedurl',escape(indexUrl())); | 566 | $this->tpl->assign('feedurl',escape(index_url($_SERVER))); |
595 | $searchcrits=''; // Search criteria | 567 | $searchcrits=''; // Search criteria |
596 | if (!empty($_GET['searchtags'])) $searchcrits.='&searchtags='.urlencode($_GET['searchtags']); | 568 | if (!empty($_GET['searchtags'])) $searchcrits.='&searchtags='.urlencode($_GET['searchtags']); |
597 | elseif (!empty($_GET['searchterm'])) $searchcrits.='&searchterm='.urlencode($_GET['searchterm']); | 569 | elseif (!empty($_GET['searchterm'])) $searchcrits.='&searchterm='.urlencode($_GET['searchterm']); |
598 | $this->tpl->assign('searchcrits',$searchcrits); | 570 | $this->tpl->assign('searchcrits',$searchcrits); |
599 | $this->tpl->assign('source',indexUrl()); | 571 | $this->tpl->assign('source',index_url($_SERVER)); |
600 | $this->tpl->assign('version',shaarli_version); | 572 | $this->tpl->assign('version',shaarli_version); |
601 | $this->tpl->assign('scripturl',indexUrl()); | 573 | $this->tpl->assign('scripturl',index_url($_SERVER)); |
602 | $this->tpl->assign('pagetitle','Shaarli'); | 574 | $this->tpl->assign('pagetitle','Shaarli'); |
603 | $this->tpl->assign('privateonly',!empty($_SESSION['privateonly'])); // Show only private links? | 575 | $this->tpl->assign('privateonly',!empty($_SESSION['privateonly'])); // Show only private links? |
604 | if (!empty($GLOBALS['title'])) $this->tpl->assign('pagetitle',$GLOBALS['title']); | 576 | if (!empty($GLOBALS['title'])) $this->tpl->assign('pagetitle',$GLOBALS['title']); |
@@ -639,7 +611,7 @@ function showRSS() | |||
639 | $query = $_SERVER["QUERY_STRING"]; | 611 | $query = $_SERVER["QUERY_STRING"]; |
640 | $cache = new CachedPage( | 612 | $cache = new CachedPage( |
641 | $GLOBALS['config']['PAGECACHE'], | 613 | $GLOBALS['config']['PAGECACHE'], |
642 | pageUrl(), | 614 | page_url($_SERVER), |
643 | startsWith($query,'do=rss') && !isLoggedIn() | 615 | startsWith($query,'do=rss') && !isLoggedIn() |
644 | ); | 616 | ); |
645 | $cached = $cache->cachedVersion(); | 617 | $cached = $cache->cachedVersion(); |
@@ -668,7 +640,7 @@ function showRSS() | |||
668 | $nblinksToDisplay = $_GET['nb']=='all' ? count($linksToDisplay) : max($_GET['nb']+0,1) ; | 640 | $nblinksToDisplay = $_GET['nb']=='all' ? count($linksToDisplay) : max($_GET['nb']+0,1) ; |
669 | } | 641 | } |
670 | 642 | ||
671 | $pageaddr=escape(indexUrl()); | 643 | $pageaddr=escape(index_url($_SERVER)); |
672 | echo '<?xml version="1.0" encoding="UTF-8"?><rss version="2.0" xmlns:content="http://purl.org/rss/1.0/modules/content/">'; | 644 | echo '<?xml version="1.0" encoding="UTF-8"?><rss version="2.0" xmlns:content="http://purl.org/rss/1.0/modules/content/">'; |
673 | echo '<channel><title>'.$GLOBALS['title'].'</title><link>'.$pageaddr.'</link>'; | 645 | echo '<channel><title>'.$GLOBALS['title'].'</title><link>'.$pageaddr.'</link>'; |
674 | echo '<description>Shared links</description><language>en-en</language><copyright>'.$pageaddr.'</copyright>'."\n\n"; | 646 | echo '<description>Shared links</description><language>en-en</language><copyright>'.$pageaddr.'</copyright>'."\n\n"; |
@@ -706,7 +678,7 @@ function showRSS() | |||
706 | echo '<description><![CDATA['.nl2br(keepMultipleSpaces(text2clickable($link['description']))).$descriptionlink.']]></description>'."\n</item>\n"; | 678 | echo '<description><![CDATA['.nl2br(keepMultipleSpaces(text2clickable($link['description']))).$descriptionlink.']]></description>'."\n</item>\n"; |
707 | $i++; | 679 | $i++; |
708 | } | 680 | } |
709 | echo '</channel></rss><!-- Cached version of '.escape(pageUrl()).' -->'; | 681 | echo '</channel></rss><!-- Cached version of '.escape(page_url($_SERVER)).' -->'; |
710 | 682 | ||
711 | $cache->cache(ob_get_contents()); | 683 | $cache->cache(ob_get_contents()); |
712 | ob_end_flush(); | 684 | ob_end_flush(); |
@@ -727,7 +699,7 @@ function showATOM() | |||
727 | $query = $_SERVER["QUERY_STRING"]; | 699 | $query = $_SERVER["QUERY_STRING"]; |
728 | $cache = new CachedPage( | 700 | $cache = new CachedPage( |
729 | $GLOBALS['config']['PAGECACHE'], | 701 | $GLOBALS['config']['PAGECACHE'], |
730 | pageUrl(), | 702 | page_url($_SERVER), |
731 | startsWith($query,'do=atom') && !isLoggedIn() | 703 | startsWith($query,'do=atom') && !isLoggedIn() |
732 | ); | 704 | ); |
733 | $cached = $cache->cachedVersion(); | 705 | $cached = $cache->cachedVersion(); |
@@ -756,7 +728,7 @@ function showATOM() | |||
756 | $nblinksToDisplay = $_GET['nb']=='all' ? count($linksToDisplay) : max($_GET['nb']+0,1) ; | 728 | $nblinksToDisplay = $_GET['nb']=='all' ? count($linksToDisplay) : max($_GET['nb']+0,1) ; |
757 | } | 729 | } |
758 | 730 | ||
759 | $pageaddr=escape(indexUrl()); | 731 | $pageaddr=escape(index_url($_SERVER)); |
760 | $latestDate = ''; | 732 | $latestDate = ''; |
761 | $entries=''; | 733 | $entries=''; |
762 | $i=0; | 734 | $i=0; |
@@ -794,7 +766,7 @@ function showATOM() | |||
794 | $feed='<?xml version="1.0" encoding="UTF-8"?><feed xmlns="http://www.w3.org/2005/Atom">'; | 766 | $feed='<?xml version="1.0" encoding="UTF-8"?><feed xmlns="http://www.w3.org/2005/Atom">'; |
795 | $feed.='<title>'.$GLOBALS['title'].'</title>'; | 767 | $feed.='<title>'.$GLOBALS['title'].'</title>'; |
796 | if (!$GLOBALS['config']['HIDE_TIMESTAMPS'] || isLoggedIn()) $feed.='<updated>'.escape($latestDate).'</updated>'; | 768 | if (!$GLOBALS['config']['HIDE_TIMESTAMPS'] || isLoggedIn()) $feed.='<updated>'.escape($latestDate).'</updated>'; |
797 | $feed.='<link rel="self" href="'.escape(serverUrl().$_SERVER["REQUEST_URI"]).'" />'; | 769 | $feed.='<link rel="self" href="'.escape(server_url($_SERVER).$_SERVER["REQUEST_URI"]).'" />'; |
798 | if (!empty($GLOBALS['config']['PUBSUBHUB_URL'])) | 770 | if (!empty($GLOBALS['config']['PUBSUBHUB_URL'])) |
799 | { | 771 | { |
800 | $feed.='<!-- PubSubHubbub Discovery -->'; | 772 | $feed.='<!-- PubSubHubbub Discovery -->'; |
@@ -804,7 +776,7 @@ function showATOM() | |||
804 | $feed.='<author><name>'.$pageaddr.'</name><uri>'.$pageaddr.'</uri></author>'; | 776 | $feed.='<author><name>'.$pageaddr.'</name><uri>'.$pageaddr.'</uri></author>'; |
805 | $feed.='<id>'.$pageaddr.'</id>'."\n\n"; // Yes, I know I should use a real IRI (RFC3987), but the site URL will do. | 777 | $feed.='<id>'.$pageaddr.'</id>'."\n\n"; // Yes, I know I should use a real IRI (RFC3987), but the site URL will do. |
806 | $feed.=$entries; | 778 | $feed.=$entries; |
807 | $feed.='</feed><!-- Cached version of '.escape(pageUrl()).' -->'; | 779 | $feed.='</feed><!-- Cached version of '.escape(page_url($_SERVER)).' -->'; |
808 | echo $feed; | 780 | echo $feed; |
809 | 781 | ||
810 | $cache->cache(ob_get_contents()); | 782 | $cache->cache(ob_get_contents()); |
@@ -821,7 +793,7 @@ function showDailyRSS() { | |||
821 | $query = $_SERVER["QUERY_STRING"]; | 793 | $query = $_SERVER["QUERY_STRING"]; |
822 | $cache = new CachedPage( | 794 | $cache = new CachedPage( |
823 | $GLOBALS['config']['PAGECACHE'], | 795 | $GLOBALS['config']['PAGECACHE'], |
824 | pageUrl(), | 796 | page_url($_SERVER), |
825 | startsWith($query,'do=dailyrss') && !isLoggedIn() | 797 | startsWith($query,'do=dailyrss') && !isLoggedIn() |
826 | ); | 798 | ); |
827 | $cached = $cache->cachedVersion(); | 799 | $cached = $cache->cachedVersion(); |
@@ -866,7 +838,7 @@ function showDailyRSS() { | |||
866 | 838 | ||
867 | // Build the RSS feed. | 839 | // Build the RSS feed. |
868 | header('Content-Type: application/rss+xml; charset=utf-8'); | 840 | header('Content-Type: application/rss+xml; charset=utf-8'); |
869 | $pageaddr = escape(indexUrl()); | 841 | $pageaddr = escape(index_url($_SERVER)); |
870 | echo '<?xml version="1.0" encoding="UTF-8"?><rss version="2.0">'; | 842 | echo '<?xml version="1.0" encoding="UTF-8"?><rss version="2.0">'; |
871 | echo '<channel>'; | 843 | echo '<channel>'; |
872 | echo '<title>Daily - '. $GLOBALS['title'] . '</title>'; | 844 | echo '<title>Daily - '. $GLOBALS['title'] . '</title>'; |
@@ -879,7 +851,7 @@ function showDailyRSS() { | |||
879 | foreach ($days as $day => $linkdates) { | 851 | foreach ($days as $day => $linkdates) { |
880 | $daydate = linkdate2timestamp($day.'_000000'); // Full text date | 852 | $daydate = linkdate2timestamp($day.'_000000'); // Full text date |
881 | $rfc822date = linkdate2rfc822($day.'_000000'); | 853 | $rfc822date = linkdate2rfc822($day.'_000000'); |
882 | $absurl = escape(indexUrl().'?do=daily&day='.$day); // Absolute URL of the corresponding "Daily" page. | 854 | $absurl = escape(index_url($_SERVER).'?do=daily&day='.$day); // Absolute URL of the corresponding "Daily" page. |
883 | 855 | ||
884 | // Build the HTML body of this RSS entry. | 856 | // Build the HTML body of this RSS entry. |
885 | $html = ''; | 857 | $html = ''; |
@@ -893,7 +865,7 @@ function showDailyRSS() { | |||
893 | $l['thumbnail'] = thumbnail($l['url']); | 865 | $l['thumbnail'] = thumbnail($l['url']); |
894 | $l['timestamp'] = linkdate2timestamp($l['linkdate']); | 866 | $l['timestamp'] = linkdate2timestamp($l['linkdate']); |
895 | if (startsWith($l['url'], '?')) { | 867 | if (startsWith($l['url'], '?')) { |
896 | $l['url'] = indexUrl() . $l['url']; // make permalink URL absolute | 868 | $l['url'] = index_url($_SERVER) . $l['url']; // make permalink URL absolute |
897 | } | 869 | } |
898 | $links[$linkdate] = $l; | 870 | $links[$linkdate] = $l; |
899 | } | 871 | } |
@@ -909,7 +881,7 @@ function showDailyRSS() { | |||
909 | 881 | ||
910 | echo $html . PHP_EOL; | 882 | echo $html . PHP_EOL; |
911 | } | 883 | } |
912 | echo '</channel></rss><!-- Cached version of '. escape(pageUrl()) .' -->'; | 884 | echo '</channel></rss><!-- Cached version of '. escape(page_url($_SERVER)) .' -->'; |
913 | 885 | ||
914 | $cache->cache(ob_get_contents()); | 886 | $cache->cache(ob_get_contents()); |
915 | ob_end_flush(); | 887 | ob_end_flush(); |
@@ -1201,7 +1173,7 @@ function renderPage() | |||
1201 | { | 1173 | { |
1202 | $PAGE = new pageBuilder; | 1174 | $PAGE = new pageBuilder; |
1203 | $PAGE->assign('linkcount',count($LINKSDB)); | 1175 | $PAGE->assign('linkcount',count($LINKSDB)); |
1204 | $PAGE->assign('pageabsaddr',indexUrl()); | 1176 | $PAGE->assign('pageabsaddr',index_url($_SERVER)); |
1205 | $PAGE->renderPage('tools'); | 1177 | $PAGE->renderPage('tools'); |
1206 | exit; | 1178 | exit; |
1207 | } | 1179 | } |
@@ -1767,7 +1739,7 @@ function buildLinkList($PAGE,$LINKSDB) | |||
1767 | 1739 | ||
1768 | if ($link["url"][0] === '?' && // Check for both signs of a note: starting with ? and 7 chars long. I doubt that you'll post any links that look like this. | 1740 | if ($link["url"][0] === '?' && // Check for both signs of a note: starting with ? and 7 chars long. I doubt that you'll post any links that look like this. |
1769 | strlen($link["url"]) === 7) { | 1741 | strlen($link["url"]) === 7) { |
1770 | $link["url"] = indexUrl() . $link["url"]; | 1742 | $link["url"] = index_url($_SERVER) . $link["url"]; |
1771 | } | 1743 | } |
1772 | 1744 | ||
1773 | $linkDisp[$keys[$i]] = $link; | 1745 | $linkDisp[$keys[$i]] = $link; |
@@ -1902,7 +1874,7 @@ function computeThumbnail($url,$href=false) | |||
1902 | if ("/talks/" !== substr($path,0,7)) return array(); // This is not a single video URL. | 1874 | if ("/talks/" !== substr($path,0,7)) return array(); // This is not a single video URL. |
1903 | } | 1875 | } |
1904 | $sign = hash_hmac('sha256', $url, $GLOBALS['salt']); // We use the salt to sign data (it's random, secret, and specific to each installation) | 1876 | $sign = hash_hmac('sha256', $url, $GLOBALS['salt']); // We use the salt to sign data (it's random, secret, and specific to each installation) |
1905 | return array('src'=>indexUrl().'?do=genthumbnail&hmac='.$sign.'&url='.urlencode($url), | 1877 | return array('src'=>index_url($_SERVER).'?do=genthumbnail&hmac='.$sign.'&url='.urlencode($url), |
1906 | 'href'=>$href,'width'=>'120','style'=>'height:auto;','alt'=>'thumbnail'); | 1878 | 'href'=>$href,'width'=>'120','style'=>'height:auto;','alt'=>'thumbnail'); |
1907 | } | 1879 | } |
1908 | 1880 | ||
@@ -1913,7 +1885,7 @@ function computeThumbnail($url,$href=false) | |||
1913 | if ($ext=='jpg' || $ext=='jpeg' || $ext=='png' || $ext=='gif') | 1885 | if ($ext=='jpg' || $ext=='jpeg' || $ext=='png' || $ext=='gif') |
1914 | { | 1886 | { |
1915 | $sign = hash_hmac('sha256', $url, $GLOBALS['salt']); // We use the salt to sign data (it's random, secret, and specific to each installation) | 1887 | $sign = hash_hmac('sha256', $url, $GLOBALS['salt']); // We use the salt to sign data (it's random, secret, and specific to each installation) |
1916 | return array('src'=>indexUrl().'?do=genthumbnail&hmac='.$sign.'&url='.urlencode($url), | 1888 | return array('src'=>index_url($_SERVER).'?do=genthumbnail&hmac='.$sign.'&url='.urlencode($url), |
1917 | 'href'=>$href,'width'=>'120','style'=>'height:auto;','alt'=>'thumbnail'); | 1889 | 'href'=>$href,'width'=>'120','style'=>'height:auto;','alt'=>'thumbnail'); |
1918 | } | 1890 | } |
1919 | return array(); // No thumbnail. | 1891 | return array(); // No thumbnail. |
@@ -1999,11 +1971,11 @@ function install() | |||
1999 | if (!isset($_SESSION['session_tested'])) | 1971 | if (!isset($_SESSION['session_tested'])) |
2000 | { // Step 1 : Try to store data in session and reload page. | 1972 | { // Step 1 : Try to store data in session and reload page. |
2001 | $_SESSION['session_tested'] = 'Working'; // Try to set a variable in session. | 1973 | $_SESSION['session_tested'] = 'Working'; // Try to set a variable in session. |
2002 | header('Location: '.indexUrl().'?test_session'); // Redirect to check stored data. | 1974 | header('Location: '.index_url($_SERVER).'?test_session'); // Redirect to check stored data. |
2003 | } | 1975 | } |
2004 | if (isset($_GET['test_session'])) | 1976 | if (isset($_GET['test_session'])) |
2005 | { // Step 3: Sessions are OK. Remove test parameter from URL. | 1977 | { // Step 3: Sessions are OK. Remove test parameter from URL. |
2006 | header('Location: '.indexUrl()); | 1978 | header('Location: '.index_url($_SERVER)); |
2007 | } | 1979 | } |
2008 | 1980 | ||
2009 | 1981 | ||
@@ -2020,7 +1992,7 @@ function install() | |||
2020 | $GLOBALS['login'] = $_POST['setlogin']; | 1992 | $GLOBALS['login'] = $_POST['setlogin']; |
2021 | $GLOBALS['salt'] = sha1(uniqid('',true).'_'.mt_rand()); // Salt renders rainbow-tables attacks useless. | 1993 | $GLOBALS['salt'] = sha1(uniqid('',true).'_'.mt_rand()); // Salt renders rainbow-tables attacks useless. |
2022 | $GLOBALS['hash'] = sha1($_POST['setpassword'].$GLOBALS['login'].$GLOBALS['salt']); | 1994 | $GLOBALS['hash'] = sha1($_POST['setpassword'].$GLOBALS['login'].$GLOBALS['salt']); |
2023 | $GLOBALS['title'] = (empty($_POST['title']) ? 'Shared links on '.escape(indexUrl()) : $_POST['title'] ); | 1995 | $GLOBALS['title'] = (empty($_POST['title']) ? 'Shared links on '.escape(index_url($_SERVER)) : $_POST['title'] ); |
2024 | $GLOBALS['config']['ENABLE_UPDATECHECK'] = !empty($_POST['updateCheck']); | 1996 | $GLOBALS['config']['ENABLE_UPDATECHECK'] = !empty($_POST['updateCheck']); |
2025 | try { | 1997 | try { |
2026 | writeConfig($GLOBALS, isLoggedIn()); | 1998 | writeConfig($GLOBALS, isLoggedIn()); |
diff --git a/tests/HttpUtilsTest.php b/tests/HttpUtils/GetHttpUrlTest.php index 76092b80..76092b80 100644 --- a/tests/HttpUtilsTest.php +++ b/tests/HttpUtils/GetHttpUrlTest.php | |||
diff --git a/tests/HttpUtils/IndexUrlTest.php b/tests/HttpUtils/IndexUrlTest.php new file mode 100644 index 00000000..337dcab0 --- /dev/null +++ b/tests/HttpUtils/IndexUrlTest.php | |||
@@ -0,0 +1,72 @@ | |||
1 | <?php | ||
2 | /** | ||
3 | * HttpUtils' tests | ||
4 | */ | ||
5 | |||
6 | require_once 'application/HttpUtils.php'; | ||
7 | |||
8 | /** | ||
9 | * Unitary tests for index_url() | ||
10 | */ | ||
11 | class IndexUrlTest extends PHPUnit_Framework_TestCase | ||
12 | { | ||
13 | /** | ||
14 | * If on the main page, remove "index.php" from the URL resource | ||
15 | */ | ||
16 | public function testRemoveIndex() | ||
17 | { | ||
18 | $this->assertEquals( | ||
19 | 'http://host.tld/', | ||
20 | index_url( | ||
21 | array( | ||
22 | 'HTTPS' => 'Off', | ||
23 | 'SERVER_NAME' => 'host.tld', | ||
24 | 'SERVER_PORT' => '80', | ||
25 | 'SCRIPT_NAME' => '/index.php' | ||
26 | ) | ||
27 | ) | ||
28 | ); | ||
29 | |||
30 | $this->assertEquals( | ||
31 | 'http://host.tld/admin/', | ||
32 | index_url( | ||
33 | array( | ||
34 | 'HTTPS' => 'Off', | ||
35 | 'SERVER_NAME' => 'host.tld', | ||
36 | 'SERVER_PORT' => '80', | ||
37 | 'SCRIPT_NAME' => '/admin/index.php' | ||
38 | ) | ||
39 | ) | ||
40 | ); | ||
41 | } | ||
42 | |||
43 | /** | ||
44 | * The resource is != "index.php" | ||
45 | */ | ||
46 | public function testOtherResource() | ||
47 | { | ||
48 | $this->assertEquals( | ||
49 | 'http://host.tld/page.php', | ||
50 | page_url( | ||
51 | array( | ||
52 | 'HTTPS' => 'Off', | ||
53 | 'SERVER_NAME' => 'host.tld', | ||
54 | 'SERVER_PORT' => '80', | ||
55 | 'SCRIPT_NAME' => '/page.php' | ||
56 | ) | ||
57 | ) | ||
58 | ); | ||
59 | |||
60 | $this->assertEquals( | ||
61 | 'http://host.tld/admin/page.php', | ||
62 | page_url( | ||
63 | array( | ||
64 | 'HTTPS' => 'Off', | ||
65 | 'SERVER_NAME' => 'host.tld', | ||
66 | 'SERVER_PORT' => '80', | ||
67 | 'SCRIPT_NAME' => '/admin/page.php' | ||
68 | ) | ||
69 | ) | ||
70 | ); | ||
71 | } | ||
72 | } | ||
diff --git a/tests/HttpUtils/PageUrlTest.php b/tests/HttpUtils/PageUrlTest.php new file mode 100644 index 00000000..4dbbe9cf --- /dev/null +++ b/tests/HttpUtils/PageUrlTest.php | |||
@@ -0,0 +1,76 @@ | |||
1 | <?php | ||
2 | /** | ||
3 | * HttpUtils' tests | ||
4 | */ | ||
5 | |||
6 | require_once 'application/HttpUtils.php'; | ||
7 | |||
8 | /** | ||
9 | * Unitary tests for page_url() | ||
10 | */ | ||
11 | class PageUrlTest extends PHPUnit_Framework_TestCase | ||
12 | { | ||
13 | /** | ||
14 | * If on the main page, remove "index.php" from the URL resource | ||
15 | */ | ||
16 | public function testRemoveIndex() | ||
17 | { | ||
18 | $this->assertEquals( | ||
19 | 'http://host.tld/?p1=v1&p2=v2', | ||
20 | page_url( | ||
21 | array( | ||
22 | 'HTTPS' => 'Off', | ||
23 | 'SERVER_NAME' => 'host.tld', | ||
24 | 'SERVER_PORT' => '80', | ||
25 | 'SCRIPT_NAME' => '/index.php', | ||
26 | 'QUERY_STRING' => 'p1=v1&p2=v2' | ||
27 | ) | ||
28 | ) | ||
29 | ); | ||
30 | |||
31 | $this->assertEquals( | ||
32 | 'http://host.tld/admin/?action=edit_tag', | ||
33 | page_url( | ||
34 | array( | ||
35 | 'HTTPS' => 'Off', | ||
36 | 'SERVER_NAME' => 'host.tld', | ||
37 | 'SERVER_PORT' => '80', | ||
38 | 'SCRIPT_NAME' => '/admin/index.php', | ||
39 | 'QUERY_STRING' => 'action=edit_tag' | ||
40 | ) | ||
41 | ) | ||
42 | ); | ||
43 | } | ||
44 | |||
45 | /** | ||
46 | * The resource is != "index.php" | ||
47 | */ | ||
48 | public function testOtherResource() | ||
49 | { | ||
50 | $this->assertEquals( | ||
51 | 'http://host.tld/page.php?p1=v1&p2=v2', | ||
52 | page_url( | ||
53 | array( | ||
54 | 'HTTPS' => 'Off', | ||
55 | 'SERVER_NAME' => 'host.tld', | ||
56 | 'SERVER_PORT' => '80', | ||
57 | 'SCRIPT_NAME' => '/page.php', | ||
58 | 'QUERY_STRING' => 'p1=v1&p2=v2' | ||
59 | ) | ||
60 | ) | ||
61 | ); | ||
62 | |||
63 | $this->assertEquals( | ||
64 | 'http://host.tld/admin/page.php?action=edit_tag', | ||
65 | page_url( | ||
66 | array( | ||
67 | 'HTTPS' => 'Off', | ||
68 | 'SERVER_NAME' => 'host.tld', | ||
69 | 'SERVER_PORT' => '80', | ||
70 | 'SCRIPT_NAME' => '/admin/page.php', | ||
71 | 'QUERY_STRING' => 'action=edit_tag' | ||
72 | ) | ||
73 | ) | ||
74 | ); | ||
75 | } | ||
76 | } | ||
diff --git a/tests/HttpUtils/ServerUrlTest.php b/tests/HttpUtils/ServerUrlTest.php new file mode 100644 index 00000000..5096db65 --- /dev/null +++ b/tests/HttpUtils/ServerUrlTest.php | |||
@@ -0,0 +1,135 @@ | |||
1 | <?php | ||
2 | /** | ||
3 | * HttpUtils' tests | ||
4 | */ | ||
5 | |||
6 | require_once 'application/HttpUtils.php'; | ||
7 | |||
8 | /** | ||
9 | * Unitary tests for server_url() | ||
10 | */ | ||
11 | class ServerUrlTest extends PHPUnit_Framework_TestCase | ||
12 | { | ||
13 | /** | ||
14 | * Detect if the server uses SSL | ||
15 | */ | ||
16 | public function testHttpsScheme() | ||
17 | { | ||
18 | $this->assertEquals( | ||
19 | 'https://host.tld', | ||
20 | server_url( | ||
21 | array( | ||
22 | 'HTTPS' => 'ON', | ||
23 | 'SERVER_NAME' => 'host.tld', | ||
24 | 'SERVER_PORT' => '443' | ||
25 | ) | ||
26 | ) | ||
27 | ); | ||
28 | |||
29 | $this->assertEquals( | ||
30 | 'https://host.tld:8080', | ||
31 | server_url( | ||
32 | array( | ||
33 | 'HTTPS' => 'ON', | ||
34 | 'SERVER_NAME' => 'host.tld', | ||
35 | 'SERVER_PORT' => '8080' | ||
36 | ) | ||
37 | ) | ||
38 | ); | ||
39 | } | ||
40 | |||
41 | /** | ||
42 | * Detect a Proxy with SSL enabled | ||
43 | */ | ||
44 | public function testHttpsProxyForward() | ||
45 | { | ||
46 | $this->assertEquals( | ||
47 | 'https://host.tld:8080', | ||
48 | server_url( | ||
49 | array( | ||
50 | 'HTTPS' => 'Off', | ||
51 | 'SERVER_NAME' => 'host.tld', | ||
52 | 'SERVER_PORT' => '80', | ||
53 | 'HTTP_X_FORWARDED_PROTO' => 'https', | ||
54 | 'HTTP_X_FORWARDED_PORT' => '8080' | ||
55 | ) | ||
56 | ) | ||
57 | ); | ||
58 | |||
59 | $this->assertEquals( | ||
60 | 'https://host.tld', | ||
61 | server_url( | ||
62 | array( | ||
63 | 'HTTPS' => 'Off', | ||
64 | 'SERVER_NAME' => 'host.tld', | ||
65 | 'SERVER_PORT' => '80', | ||
66 | 'HTTP_X_FORWARDED_PROTO' => 'https' | ||
67 | ) | ||
68 | ) | ||
69 | ); | ||
70 | } | ||
71 | |||
72 | /** | ||
73 | * Detect if the server uses a specific port (!= 80) | ||
74 | */ | ||
75 | public function testPort() | ||
76 | { | ||
77 | // HTTP | ||
78 | $this->assertEquals( | ||
79 | 'http://host.tld:8080', | ||
80 | server_url( | ||
81 | array( | ||
82 | 'HTTPS' => 'OFF', | ||
83 | 'SERVER_NAME' => 'host.tld', | ||
84 | 'SERVER_PORT' => '8080' | ||
85 | ) | ||
86 | ) | ||
87 | ); | ||
88 | |||
89 | // HTTPS | ||
90 | $this->assertEquals( | ||
91 | 'https://host.tld:8080', | ||
92 | server_url( | ||
93 | array( | ||
94 | 'HTTPS' => 'ON', | ||
95 | 'SERVER_NAME' => 'host.tld', | ||
96 | 'SERVER_PORT' => '8080' | ||
97 | ) | ||
98 | ) | ||
99 | ); | ||
100 | } | ||
101 | |||
102 | /** | ||
103 | * HTTP server on port 80 | ||
104 | */ | ||
105 | public function testStandardHttpPort() | ||
106 | { | ||
107 | $this->assertEquals( | ||
108 | 'http://host.tld', | ||
109 | server_url( | ||
110 | array( | ||
111 | 'HTTPS' => 'OFF', | ||
112 | 'SERVER_NAME' => 'host.tld', | ||
113 | 'SERVER_PORT' => '80' | ||
114 | ) | ||
115 | ) | ||
116 | ); | ||
117 | } | ||
118 | |||
119 | /** | ||
120 | * HTTPS server on port 443 | ||
121 | */ | ||
122 | public function testStandardHttpsPort() | ||
123 | { | ||
124 | $this->assertEquals( | ||
125 | 'https://host.tld', | ||
126 | server_url( | ||
127 | array( | ||
128 | 'HTTPS' => 'ON', | ||
129 | 'SERVER_NAME' => 'host.tld', | ||
130 | 'SERVER_PORT' => '443' | ||
131 | ) | ||
132 | ) | ||
133 | ); | ||
134 | } | ||
135 | } | ||