aboutsummaryrefslogtreecommitdiffhomepage
path: root/application/HttpUtils.php
Commit message (Collapse)AuthorAgeFilesLines
* lint: fix line-length warningsVirtualTam2018-12-021-1/+2
| | | | Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* lint: apply phpcbf to application/VirtualTam2018-12-021-13/+13
| | | | Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* Refactor client session hijacking protectionVirtualTam2018-05-291-1/+32
| | | | Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* Merge pull request #977 from ArthurHoaro/feature/dl-filterArthurHoaro2018-01-231-4/+10
|\ | | | | Extract the title/charset during page download, and check content type
| * Extract the title/charset during page download, and check content typeArthurHoaro2017-10-281-4/+10
| | | | | | | | | | | | | | Use CURLOPT_WRITEFUNCTION to check the response code and content type (only allow HTML). Also extract the title and charset during downloading chunk of data, and stop it when everything has been extracted. Closes #579
* | Merge pull request #1025 from ArthurHoaro/hotfix/proxy-443ArthurHoaro2017-12-031-0/+7
|\ \ | | | | | | Force HTTPS if the original port is 443 behind a reverse proxy
| * | Force HTTPS if the original port is 443 behind a reverse proxyArthurHoaro2017-12-021-0/+7
| |/ | | | | | | Fixes #1022
* / Increase buffer size for cURL downloadArthurHoaro2017-11-111-1/+1
|/ | | | 1kB chunk size has caused me a lot of trouble with Travis which wasn't completing the download
* Make work behind a reverse proxyArthurHoaro2017-09-021-0/+28
| | | | Without HTTP_X_FORWARDED_PORT check, might be set to false even though the user is using HTTPS, thus disabling Firefox Social block display
* Respect HTTP_X_FORWARDED_HOSTStephen Muth2017-07-081-1/+13
| | | | | alongside _PORT and _PROTO Fixes #879
* Cleanup: use safe boolean comparisonsVirtualTam2017-01-071-1/+1
| | | | Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* Hide default port in local URL behind a reverse proxyArthurHoaro2017-01-031-2/+10
|
* Merge pull request #623 from ArthurHoaro/security/reverse-proxy-banArthur2016-10-121-0/+26
|\ | | | | Add trusted IPs in config and try to ban forwarded IP on failed login
| * Add trusted IPs in config and try to ban forwarded IP on failed loginArthurHoaro2016-08-031-0/+26
| | | | | | | | | | | | | | | | * Add a new settings (which needs to be manually set): `security.trusted_proxies` * On login failure, if the `REMOTE_ADDR` is in the trusted proxies, try to retrieve the forwarded IP in headers. * If found, the client address is added in ipbans, else we do nothing. Fixes #409
* | Set cURL as default in HTTP fetching, a fallback method and consistency ↵julienCXX2016-08-081-10/+150
|/ | | | fixup between both methods
* Fix startsWith and endsWith caseArthurHoaro2016-05-101-1/+1
|
* typoArthurHoaro2016-05-051-2/+2
|
* Fixes #531 - Title retrieving is failing with multiple use caseArthurHoaro2016-05-031-10/+50
| | | | see https://github.com/shaarli/Shaarli/issues/531 for details
* Fixes #477: support multi reverse proxy with comma syntaxArthurHoaro2016-02-281-2/+12
| | | | Going through multiple reverse proxy will store multiple scheme and port in HTTP header separated by a comma. Shaarli will use the first one to generate server_url.
* tests: add a make target to check file permissionsVirtualTam2016-01-171-0/+0
| | | | | | | | Additions: - [makefile] check versioned files are not executable - [travis] call the new make target Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* Fixes #410 - Retrieve title fails in multiple casesArthurHoaro2016-01-111-7/+42
| | | | | | | | | * `get_http_url()` renamed to `get_http_response()`. * Use the same HTTP context to retrieve response headers and content. * Follow HTTP 301 and 302 redirections to retrieve the title (default max 3 redirections). * Add `LinkUtils` to extract titles and charset. * Try to retrieve charset from HTTP headers first (new), then HTML content. * Use mb_string to re-encode title if necessary.
* HTTP: move server URL functions to `HttpUtils.php`VirtualTam2015-09-141-0/+80
| | | | | | | | | | | | | Relates to #333 Modifications: - refactor server URL utility functions - do not access global `$_SERVER` variables - add test coverage - improve readability - apply coding conventions Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* HTTP: move utils to a proper file, add testsVirtualTam2015-09-061-0/+52
Relates to #333 Modifications: - move HTTP utils to 'application/HttpUtils.php' - simplify logic - replace 'http_parse_headers_shaarli' by built-in 'get_headers()' - remove superfluous '$status' parameter (provided by the HTTP headers) - apply coding conventions - add test coverage (unitary only) Signed-off-by: VirtualTam <virtualtam@flibidi.net>