From 482d67bd523bf12f36508a0131d09fe299ee02f4 Mon Sep 17 00:00:00 2001 From: VirtualTam Date: Sun, 6 Sep 2015 21:31:37 +0200 Subject: HTTP: move server URL functions to `HttpUtils.php` Relates to #333 Modifications: - refactor server URL utility functions - do not access global `$_SERVER` variables - add test coverage - improve readability - apply coding conventions Signed-off-by: VirtualTam --- application/HttpUtils.php | 80 ++++++++++++++++++++++ index.php | 78 +++++++-------------- tests/HttpUtils/GetHttpUrlTest.php | 38 +++++++++++ tests/HttpUtils/IndexUrlTest.php | 72 ++++++++++++++++++++ tests/HttpUtils/PageUrlTest.php | 76 +++++++++++++++++++++ tests/HttpUtils/ServerUrlTest.php | 135 +++++++++++++++++++++++++++++++++++++ tests/HttpUtilsTest.php | 38 ----------- 7 files changed, 426 insertions(+), 91 deletions(-) create mode 100644 tests/HttpUtils/GetHttpUrlTest.php create mode 100644 tests/HttpUtils/IndexUrlTest.php create mode 100644 tests/HttpUtils/PageUrlTest.php create mode 100644 tests/HttpUtils/ServerUrlTest.php delete mode 100644 tests/HttpUtilsTest.php diff --git a/application/HttpUtils.php b/application/HttpUtils.php index 175333ae..499220c5 100644 --- a/application/HttpUtils.php +++ b/application/HttpUtils.php @@ -50,3 +50,83 @@ function get_http_url($url, $timeout = 30, $maxBytes = 4194304) return array(get_headers($url, 1), $content); } + +/** + * Returns the server's base URL: scheme://domain.tld[:port] + * + * @param array $server the $_SERVER array + * + * @return string the server's base URL + * + * @see http://www.ietf.org/rfc/rfc7239.txt + * @see http://www.ietf.org/rfc/rfc6648.txt + * @see http://stackoverflow.com/a/3561399 + * @see http://stackoverflow.com/q/452375 + */ +function server_url($server) +{ + $scheme = 'http'; + $port = ''; + + // Shaarli is served behind a proxy + if (isset($server['HTTP_X_FORWARDED_PROTO'])) { + // Keep forwarded scheme + $scheme = $server['HTTP_X_FORWARDED_PROTO']; + + if (isset($server['HTTP_X_FORWARDED_PORT'])) { + // Keep forwarded port + $port = ':'.$server['HTTP_X_FORWARDED_PORT']; + } + + return $scheme.'://'.$server['SERVER_NAME'].$port; + } + + // SSL detection + if ((! empty($server['HTTPS']) && strtolower($server['HTTPS']) == 'on') + || (isset($server['SERVER_PORT']) && $server['SERVER_PORT'] == '443')) { + $scheme = 'https'; + } + + // Do not append standard port values + if (($scheme == 'http' && $server['SERVER_PORT'] != '80') + || ($scheme == 'https' && $server['SERVER_PORT'] != '443')) { + $port = ':'.$server['SERVER_PORT']; + } + + return $scheme.'://'.$server['SERVER_NAME'].$port; +} + +/** + * Returns the absolute URL of the current script, without the query + * + * If the resource is "index.php", then it is removed (for better-looking URLs) + * + * @param array $server the $_SERVER array + * + * @return string the absolute URL of the current script, without the query + */ +function index_url($server) +{ + $scriptname = $server['SCRIPT_NAME']; + if (endswith($scriptname, 'index.php')) { + $scriptname = substr($scriptname, 0, -9); + } + return server_url($server) . $scriptname; +} + +/** + * Returns the absolute URL of the current script, with the query + * + * If the resource is "index.php", then it is removed (for better-looking URLs) + * + * @param array $server the $_SERVER array + * + * @return string the absolute URL of the current script, with the query + */ +function page_url($server) +{ + if (! empty($server['QUERY_STRING'])) { + return index_url($server).'?'.$server['QUERY_STRING']; + } + return index_url($server); +} diff --git a/index.php b/index.php index 7818ee88..c1ddf4b7 100755 --- a/index.php +++ b/index.php @@ -131,7 +131,7 @@ header("Pragma: no-cache"); if (!is_writable(realpath(dirname(__FILE__)))) die('
ERROR: Shaarli does not have the right to write in its own directory.
'); // Handling of old config file which do not have the new parameters. -if (empty($GLOBALS['title'])) $GLOBALS['title']='Shared links on '.escape(indexUrl()); +if (empty($GLOBALS['title'])) $GLOBALS['title']='Shared links on '.escape(index_url($_SERVER)); if (empty($GLOBALS['timezone'])) $GLOBALS['timezone']=date_default_timezone_get(); if (empty($GLOBALS['redirector'])) $GLOBALS['redirector']=''; if (empty($GLOBALS['disablesessionprotection'])) $GLOBALS['disablesessionprotection']=false; @@ -277,8 +277,8 @@ function pubsubhub() { $p = new Publisher($GLOBALS['config']['PUBSUBHUB_URL']); $topic_url = array ( - indexUrl().'?do=atom', - indexUrl().'?do=rss' + index_url($_SERVER).'?do=atom', + index_url($_SERVER).'?do=rss' ); $p->publish_update($topic_url); } @@ -458,34 +458,6 @@ if (isset($_POST['login'])) // ------------------------------------------------------------------------------------------ // Misc utility functions: -// Returns the server URL (including port and http/https), without path. -// e.g. "http://myserver.com:8080" -// You can append $_SERVER['SCRIPT_NAME'] to get the current script URL. -function serverUrl() -{ - $https = (!empty($_SERVER['HTTPS']) && (strtolower($_SERVER['HTTPS'])=='on')) || $_SERVER["SERVER_PORT"]=='443' || (!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https'); // HTTPS detection. - $serverport = ($_SERVER["SERVER_PORT"]=='80' || ($https && $_SERVER["SERVER_PORT"]=='443') ? '' : ':'.$_SERVER["SERVER_PORT"]); - return 'http'.($https?'s':'').'://'.$_SERVER['SERVER_NAME'].$serverport; -} - -// Returns the absolute URL of current script, without the query. -// (e.g. http://sebsauvage.net/links/) -function indexUrl() -{ - $scriptname = $_SERVER["SCRIPT_NAME"]; - // If the script is named 'index.php', we remove it (for better looking URLs, - // e.g. http://mysite.com/shaarli/?abcde instead of http://mysite.com/shaarli/index.php?abcde) - if (endswith($scriptname,'index.php')) $scriptname = substr($scriptname,0,strlen($scriptname)-9); - return serverUrl() . $scriptname; -} - -// Returns the absolute URL of current script, WITH the query. -// (e.g. http://sebsauvage.net/links/?toto=titi&spamspamspam=humbug) -function pageUrl() -{ - return indexUrl().(!empty($_SERVER["QUERY_STRING"]) ? '?'.$_SERVER["QUERY_STRING"] : ''); -} - // Convert post_max_size/upload_max_filesize (e.g. '16M') parameters to bytes. function return_bytes($val) { @@ -591,14 +563,14 @@ class pageBuilder { $this->tpl = new RainTPL; $this->tpl->assign('newversion',escape(checkUpdate())); - $this->tpl->assign('feedurl',escape(indexUrl())); + $this->tpl->assign('feedurl',escape(index_url($_SERVER))); $searchcrits=''; // Search criteria if (!empty($_GET['searchtags'])) $searchcrits.='&searchtags='.urlencode($_GET['searchtags']); elseif (!empty($_GET['searchterm'])) $searchcrits.='&searchterm='.urlencode($_GET['searchterm']); $this->tpl->assign('searchcrits',$searchcrits); - $this->tpl->assign('source',indexUrl()); + $this->tpl->assign('source',index_url($_SERVER)); $this->tpl->assign('version',shaarli_version); - $this->tpl->assign('scripturl',indexUrl()); + $this->tpl->assign('scripturl',index_url($_SERVER)); $this->tpl->assign('pagetitle','Shaarli'); $this->tpl->assign('privateonly',!empty($_SESSION['privateonly'])); // Show only private links? if (!empty($GLOBALS['title'])) $this->tpl->assign('pagetitle',$GLOBALS['title']); @@ -639,7 +611,7 @@ function showRSS() $query = $_SERVER["QUERY_STRING"]; $cache = new CachedPage( $GLOBALS['config']['PAGECACHE'], - pageUrl(), + page_url($_SERVER), startsWith($query,'do=rss') && !isLoggedIn() ); $cached = $cache->cachedVersion(); @@ -668,7 +640,7 @@ function showRSS() $nblinksToDisplay = $_GET['nb']=='all' ? count($linksToDisplay) : max($_GET['nb']+0,1) ; } - $pageaddr=escape(indexUrl()); + $pageaddr=escape(index_url($_SERVER)); echo ''; echo ''.$GLOBALS['title'].''.$pageaddr.''; echo 'Shared linksen-en'.$pageaddr.''."\n\n"; @@ -706,7 +678,7 @@ function showRSS() echo ''."\n\n"; $i++; } - echo ''; + echo ''; $cache->cache(ob_get_contents()); ob_end_flush(); @@ -727,7 +699,7 @@ function showATOM() $query = $_SERVER["QUERY_STRING"]; $cache = new CachedPage( $GLOBALS['config']['PAGECACHE'], - pageUrl(), + page_url($_SERVER), startsWith($query,'do=atom') && !isLoggedIn() ); $cached = $cache->cachedVersion(); @@ -756,7 +728,7 @@ function showATOM() $nblinksToDisplay = $_GET['nb']=='all' ? count($linksToDisplay) : max($_GET['nb']+0,1) ; } - $pageaddr=escape(indexUrl()); + $pageaddr=escape(index_url($_SERVER)); $latestDate = ''; $entries=''; $i=0; @@ -794,7 +766,7 @@ function showATOM() $feed=''; $feed.=''.$GLOBALS['title'].''; if (!$GLOBALS['config']['HIDE_TIMESTAMPS'] || isLoggedIn()) $feed.=''.escape($latestDate).''; - $feed.=''; + $feed.=''; if (!empty($GLOBALS['config']['PUBSUBHUB_URL'])) { $feed.=''; @@ -804,7 +776,7 @@ function showATOM() $feed.=''.$pageaddr.''.$pageaddr.''; $feed.=''.$pageaddr.''."\n\n"; // Yes, I know I should use a real IRI (RFC3987), but the site URL will do. $feed.=$entries; - $feed.=''; + $feed.=''; echo $feed; $cache->cache(ob_get_contents()); @@ -821,7 +793,7 @@ function showDailyRSS() { $query = $_SERVER["QUERY_STRING"]; $cache = new CachedPage( $GLOBALS['config']['PAGECACHE'], - pageUrl(), + page_url($_SERVER), startsWith($query,'do=dailyrss') && !isLoggedIn() ); $cached = $cache->cachedVersion(); @@ -866,7 +838,7 @@ function showDailyRSS() { // Build the RSS feed. header('Content-Type: application/rss+xml; charset=utf-8'); - $pageaddr = escape(indexUrl()); + $pageaddr = escape(index_url($_SERVER)); echo ''; echo ''; echo 'Daily - '. $GLOBALS['title'] . ''; @@ -879,7 +851,7 @@ function showDailyRSS() { foreach ($days as $day => $linkdates) { $daydate = linkdate2timestamp($day.'_000000'); // Full text date $rfc822date = linkdate2rfc822($day.'_000000'); - $absurl = escape(indexUrl().'?do=daily&day='.$day); // Absolute URL of the corresponding "Daily" page. + $absurl = escape(index_url($_SERVER).'?do=daily&day='.$day); // Absolute URL of the corresponding "Daily" page. // Build the HTML body of this RSS entry. $html = ''; @@ -893,7 +865,7 @@ function showDailyRSS() { $l['thumbnail'] = thumbnail($l['url']); $l['timestamp'] = linkdate2timestamp($l['linkdate']); if (startsWith($l['url'], '?')) { - $l['url'] = indexUrl() . $l['url']; // make permalink URL absolute + $l['url'] = index_url($_SERVER) . $l['url']; // make permalink URL absolute } $links[$linkdate] = $l; } @@ -909,7 +881,7 @@ function showDailyRSS() { echo $html . PHP_EOL; } - echo ''; + echo ''; $cache->cache(ob_get_contents()); ob_end_flush(); @@ -1201,7 +1173,7 @@ function renderPage() { $PAGE = new pageBuilder; $PAGE->assign('linkcount',count($LINKSDB)); - $PAGE->assign('pageabsaddr',indexUrl()); + $PAGE->assign('pageabsaddr',index_url($_SERVER)); $PAGE->renderPage('tools'); exit; } @@ -1767,7 +1739,7 @@ function buildLinkList($PAGE,$LINKSDB) if ($link["url"][0] === '?' && // Check for both signs of a note: starting with ? and 7 chars long. I doubt that you'll post any links that look like this. strlen($link["url"]) === 7) { - $link["url"] = indexUrl() . $link["url"]; + $link["url"] = index_url($_SERVER) . $link["url"]; } $linkDisp[$keys[$i]] = $link; @@ -1902,7 +1874,7 @@ function computeThumbnail($url,$href=false) if ("/talks/" !== substr($path,0,7)) return array(); // This is not a single video URL. } $sign = hash_hmac('sha256', $url, $GLOBALS['salt']); // We use the salt to sign data (it's random, secret, and specific to each installation) - return array('src'=>indexUrl().'?do=genthumbnail&hmac='.$sign.'&url='.urlencode($url), + return array('src'=>index_url($_SERVER).'?do=genthumbnail&hmac='.$sign.'&url='.urlencode($url), 'href'=>$href,'width'=>'120','style'=>'height:auto;','alt'=>'thumbnail'); } @@ -1913,7 +1885,7 @@ function computeThumbnail($url,$href=false) if ($ext=='jpg' || $ext=='jpeg' || $ext=='png' || $ext=='gif') { $sign = hash_hmac('sha256', $url, $GLOBALS['salt']); // We use the salt to sign data (it's random, secret, and specific to each installation) - return array('src'=>indexUrl().'?do=genthumbnail&hmac='.$sign.'&url='.urlencode($url), + return array('src'=>index_url($_SERVER).'?do=genthumbnail&hmac='.$sign.'&url='.urlencode($url), 'href'=>$href,'width'=>'120','style'=>'height:auto;','alt'=>'thumbnail'); } return array(); // No thumbnail. @@ -1999,11 +1971,11 @@ function install() if (!isset($_SESSION['session_tested'])) { // Step 1 : Try to store data in session and reload page. $_SESSION['session_tested'] = 'Working'; // Try to set a variable in session. - header('Location: '.indexUrl().'?test_session'); // Redirect to check stored data. + header('Location: '.index_url($_SERVER).'?test_session'); // Redirect to check stored data. } if (isset($_GET['test_session'])) { // Step 3: Sessions are OK. Remove test parameter from URL. - header('Location: '.indexUrl()); + header('Location: '.index_url($_SERVER)); } @@ -2020,7 +1992,7 @@ function install() $GLOBALS['login'] = $_POST['setlogin']; $GLOBALS['salt'] = sha1(uniqid('',true).'_'.mt_rand()); // Salt renders rainbow-tables attacks useless. $GLOBALS['hash'] = sha1($_POST['setpassword'].$GLOBALS['login'].$GLOBALS['salt']); - $GLOBALS['title'] = (empty($_POST['title']) ? 'Shared links on '.escape(indexUrl()) : $_POST['title'] ); + $GLOBALS['title'] = (empty($_POST['title']) ? 'Shared links on '.escape(index_url($_SERVER)) : $_POST['title'] ); $GLOBALS['config']['ENABLE_UPDATECHECK'] = !empty($_POST['updateCheck']); try { writeConfig($GLOBALS, isLoggedIn()); diff --git a/tests/HttpUtils/GetHttpUrlTest.php b/tests/HttpUtils/GetHttpUrlTest.php new file mode 100644 index 00000000..76092b80 --- /dev/null +++ b/tests/HttpUtils/GetHttpUrlTest.php @@ -0,0 +1,38 @@ +assertEquals('HTTP Error', $headers[0]); + $this->assertRegexp( + '/failed to open stream: No such file or directory/', + $content + ); + } + + /** + * Get an invalid remote URL + */ + public function testGetInvalidRemoteUrl() + { + list($headers, $content) = get_http_url('http://non.existent', 1); + $this->assertEquals('HTTP Error', $headers[0]); + $this->assertRegexp( + '/Name or service not known/', + $content + ); + } +} diff --git a/tests/HttpUtils/IndexUrlTest.php b/tests/HttpUtils/IndexUrlTest.php new file mode 100644 index 00000000..337dcab0 --- /dev/null +++ b/tests/HttpUtils/IndexUrlTest.php @@ -0,0 +1,72 @@ +assertEquals( + 'http://host.tld/', + index_url( + array( + 'HTTPS' => 'Off', + 'SERVER_NAME' => 'host.tld', + 'SERVER_PORT' => '80', + 'SCRIPT_NAME' => '/index.php' + ) + ) + ); + + $this->assertEquals( + 'http://host.tld/admin/', + index_url( + array( + 'HTTPS' => 'Off', + 'SERVER_NAME' => 'host.tld', + 'SERVER_PORT' => '80', + 'SCRIPT_NAME' => '/admin/index.php' + ) + ) + ); + } + + /** + * The resource is != "index.php" + */ + public function testOtherResource() + { + $this->assertEquals( + 'http://host.tld/page.php', + page_url( + array( + 'HTTPS' => 'Off', + 'SERVER_NAME' => 'host.tld', + 'SERVER_PORT' => '80', + 'SCRIPT_NAME' => '/page.php' + ) + ) + ); + + $this->assertEquals( + 'http://host.tld/admin/page.php', + page_url( + array( + 'HTTPS' => 'Off', + 'SERVER_NAME' => 'host.tld', + 'SERVER_PORT' => '80', + 'SCRIPT_NAME' => '/admin/page.php' + ) + ) + ); + } +} diff --git a/tests/HttpUtils/PageUrlTest.php b/tests/HttpUtils/PageUrlTest.php new file mode 100644 index 00000000..4dbbe9cf --- /dev/null +++ b/tests/HttpUtils/PageUrlTest.php @@ -0,0 +1,76 @@ +assertEquals( + 'http://host.tld/?p1=v1&p2=v2', + page_url( + array( + 'HTTPS' => 'Off', + 'SERVER_NAME' => 'host.tld', + 'SERVER_PORT' => '80', + 'SCRIPT_NAME' => '/index.php', + 'QUERY_STRING' => 'p1=v1&p2=v2' + ) + ) + ); + + $this->assertEquals( + 'http://host.tld/admin/?action=edit_tag', + page_url( + array( + 'HTTPS' => 'Off', + 'SERVER_NAME' => 'host.tld', + 'SERVER_PORT' => '80', + 'SCRIPT_NAME' => '/admin/index.php', + 'QUERY_STRING' => 'action=edit_tag' + ) + ) + ); + } + + /** + * The resource is != "index.php" + */ + public function testOtherResource() + { + $this->assertEquals( + 'http://host.tld/page.php?p1=v1&p2=v2', + page_url( + array( + 'HTTPS' => 'Off', + 'SERVER_NAME' => 'host.tld', + 'SERVER_PORT' => '80', + 'SCRIPT_NAME' => '/page.php', + 'QUERY_STRING' => 'p1=v1&p2=v2' + ) + ) + ); + + $this->assertEquals( + 'http://host.tld/admin/page.php?action=edit_tag', + page_url( + array( + 'HTTPS' => 'Off', + 'SERVER_NAME' => 'host.tld', + 'SERVER_PORT' => '80', + 'SCRIPT_NAME' => '/admin/page.php', + 'QUERY_STRING' => 'action=edit_tag' + ) + ) + ); + } +} diff --git a/tests/HttpUtils/ServerUrlTest.php b/tests/HttpUtils/ServerUrlTest.php new file mode 100644 index 00000000..5096db65 --- /dev/null +++ b/tests/HttpUtils/ServerUrlTest.php @@ -0,0 +1,135 @@ +assertEquals( + 'https://host.tld', + server_url( + array( + 'HTTPS' => 'ON', + 'SERVER_NAME' => 'host.tld', + 'SERVER_PORT' => '443' + ) + ) + ); + + $this->assertEquals( + 'https://host.tld:8080', + server_url( + array( + 'HTTPS' => 'ON', + 'SERVER_NAME' => 'host.tld', + 'SERVER_PORT' => '8080' + ) + ) + ); + } + + /** + * Detect a Proxy with SSL enabled + */ + public function testHttpsProxyForward() + { + $this->assertEquals( + 'https://host.tld:8080', + server_url( + array( + 'HTTPS' => 'Off', + 'SERVER_NAME' => 'host.tld', + 'SERVER_PORT' => '80', + 'HTTP_X_FORWARDED_PROTO' => 'https', + 'HTTP_X_FORWARDED_PORT' => '8080' + ) + ) + ); + + $this->assertEquals( + 'https://host.tld', + server_url( + array( + 'HTTPS' => 'Off', + 'SERVER_NAME' => 'host.tld', + 'SERVER_PORT' => '80', + 'HTTP_X_FORWARDED_PROTO' => 'https' + ) + ) + ); + } + + /** + * Detect if the server uses a specific port (!= 80) + */ + public function testPort() + { + // HTTP + $this->assertEquals( + 'http://host.tld:8080', + server_url( + array( + 'HTTPS' => 'OFF', + 'SERVER_NAME' => 'host.tld', + 'SERVER_PORT' => '8080' + ) + ) + ); + + // HTTPS + $this->assertEquals( + 'https://host.tld:8080', + server_url( + array( + 'HTTPS' => 'ON', + 'SERVER_NAME' => 'host.tld', + 'SERVER_PORT' => '8080' + ) + ) + ); + } + + /** + * HTTP server on port 80 + */ + public function testStandardHttpPort() + { + $this->assertEquals( + 'http://host.tld', + server_url( + array( + 'HTTPS' => 'OFF', + 'SERVER_NAME' => 'host.tld', + 'SERVER_PORT' => '80' + ) + ) + ); + } + + /** + * HTTPS server on port 443 + */ + public function testStandardHttpsPort() + { + $this->assertEquals( + 'https://host.tld', + server_url( + array( + 'HTTPS' => 'ON', + 'SERVER_NAME' => 'host.tld', + 'SERVER_PORT' => '443' + ) + ) + ); + } +} diff --git a/tests/HttpUtilsTest.php b/tests/HttpUtilsTest.php deleted file mode 100644 index 76092b80..00000000 --- a/tests/HttpUtilsTest.php +++ /dev/null @@ -1,38 +0,0 @@ -assertEquals('HTTP Error', $headers[0]); - $this->assertRegexp( - '/failed to open stream: No such file or directory/', - $content - ); - } - - /** - * Get an invalid remote URL - */ - public function testGetInvalidRemoteUrl() - { - list($headers, $content) = get_http_url('http://non.existent', 1); - $this->assertEquals('HTTP Error', $headers[0]); - $this->assertRegexp( - '/Name or service not known/', - $content - ); - } -} -- cgit v1.2.3