From 8e4be773685f7dff074f23e2df13072577091f44 Mon Sep 17 00:00:00 2001 From: ArthurHoaro Date: Tue, 3 Jan 2017 14:17:05 +0100 Subject: Hide default port in local URL behind a reverse proxy --- application/HttpUtils.php | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) (limited to 'application/HttpUtils.php') diff --git a/application/HttpUtils.php b/application/HttpUtils.php index e705cfd6..e8fc1f5d 100644 --- a/application/HttpUtils.php +++ b/application/HttpUtils.php @@ -297,9 +297,17 @@ function server_url($server) // Keep forwarded port if (strpos($server['HTTP_X_FORWARDED_PORT'], ',') !== false) { $ports = explode(',', $server['HTTP_X_FORWARDED_PORT']); - $port = ':' . trim($ports[0]); + $port = trim($ports[0]); } else { - $port = ':' . $server['HTTP_X_FORWARDED_PORT']; + $port = $server['HTTP_X_FORWARDED_PORT']; + } + + if (($scheme == 'http' && $port != '80') + || ($scheme == 'https' && $port != '443') + ) { + $port = ':' . $port; + } else { + $port = ''; } } -- cgit v1.2.3 From ee6f4b64a91d76070f930cdf7602ab4686714c7a Mon Sep 17 00:00:00 2001 From: VirtualTam Date: Fri, 6 Jan 2017 18:54:29 +0100 Subject: Cleanup: use safe boolean comparisons Signed-off-by: VirtualTam --- application/HttpUtils.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'application/HttpUtils.php') diff --git a/application/HttpUtils.php b/application/HttpUtils.php index e8fc1f5d..a81f9056 100644 --- a/application/HttpUtils.php +++ b/application/HttpUtils.php @@ -122,7 +122,7 @@ function get_http_response($url, $timeout = 30, $maxBytes = 4194304) $content = substr($response, $headSize); $headers = array(); foreach (preg_split('~[\r\n]+~', $rawHeadersLastRedir) as $line) { - if (empty($line) or ctype_space($line)) { + if (empty($line) || ctype_space($line)) { continue; } $splitLine = explode(': ', $line, 2); -- cgit v1.2.3 From b80315e2384a92e7a7ea8c3a6d4b38957851061b Mon Sep 17 00:00:00 2001 From: Stephen Muth Date: Sat, 8 Jul 2017 00:01:03 +0000 Subject: Respect HTTP_X_FORWARDED_HOST alongside _PORT and _PROTO Fixes #879 --- application/HttpUtils.php | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) (limited to 'application/HttpUtils.php') diff --git a/application/HttpUtils.php b/application/HttpUtils.php index a81f9056..88a1efdb 100644 --- a/application/HttpUtils.php +++ b/application/HttpUtils.php @@ -311,7 +311,19 @@ function server_url($server) } } - return $scheme.'://'.$server['SERVER_NAME'].$port; + if (isset($server['HTTP_X_FORWARDED_HOST'])) { + // Keep forwarded host + if (strpos($server['HTTP_X_FORWARDED_HOST'], ',') !== false) { + $hosts = explode(',', $server['HTTP_X_FORWARDED_HOST']); + $host = trim($hosts[0]); + } else { + $host = $server['HTTP_X_FORWARDED_HOST']; + } + } else { + $host = $server['SERVER_NAME']; + } + + return $scheme.'://'.$host.$port; } // SSL detection -- cgit v1.2.3 From a3130d2c2f27052710d4dbd51d0001190b19b383 Mon Sep 17 00:00:00 2001 From: ArthurHoaro Date: Fri, 25 Aug 2017 19:47:57 +0200 Subject: Make work behind a reverse proxy Without HTTP_X_FORWARDED_PORT check, might be set to false even though the user is using HTTPS, thus disabling Firefox Social block display --- application/HttpUtils.php | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) (limited to 'application/HttpUtils.php') diff --git a/application/HttpUtils.php b/application/HttpUtils.php index 88a1efdb..00835966 100644 --- a/application/HttpUtils.php +++ b/application/HttpUtils.php @@ -401,3 +401,31 @@ function getIpAddressFromProxy($server, $trustedIps) return array_pop($ips); } + +/** + * Returns true if Shaarli's currently browsed in HTTPS. + * Supports reverse proxies (if the headers are correctly set). + * + * @param array $server $_SERVER. + * + * @return bool true if HTTPS, false otherwise. + */ +function is_https($server) +{ + + if (isset($server['HTTP_X_FORWARDED_PORT'])) { + // Keep forwarded port + if (strpos($server['HTTP_X_FORWARDED_PORT'], ',') !== false) { + $ports = explode(',', $server['HTTP_X_FORWARDED_PORT']); + $port = trim($ports[0]); + } else { + $port = $server['HTTP_X_FORWARDED_PORT']; + } + + if ($port == '443') { + return true; + } + } + + return ! empty($server['HTTPS']); +} -- cgit v1.2.3 From d65342e304f92643ba922200953cfebc51e1e482 Mon Sep 17 00:00:00 2001 From: ArthurHoaro Date: Sat, 30 Sep 2017 11:04:13 +0200 Subject: Extract the title/charset during page download, and check content type Use CURLOPT_WRITEFUNCTION to check the response code and content type (only allow HTML). Also extract the title and charset during downloading chunk of data, and stop it when everything has been extracted. Closes #579 --- application/HttpUtils.php | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) (limited to 'application/HttpUtils.php') diff --git a/application/HttpUtils.php b/application/HttpUtils.php index 00835966..2edf5ce2 100644 --- a/application/HttpUtils.php +++ b/application/HttpUtils.php @@ -3,9 +3,11 @@ * GET an HTTP URL to retrieve its content * Uses the cURL library or a fallback method * - * @param string $url URL to get (http://...) - * @param int $timeout network timeout (in seconds) - * @param int $maxBytes maximum downloaded bytes (default: 4 MiB) + * @param string $url URL to get (http://...) + * @param int $timeout network timeout (in seconds) + * @param int $maxBytes maximum downloaded bytes (default: 4 MiB) + * @param callable|string $curlWriteFunction Optional callback called during the download (cURL CURLOPT_WRITEFUNCTION). + * Can be used to add download conditions on the headers (response code, content type, etc.). * * @return array HTTP response headers, downloaded content * @@ -29,7 +31,7 @@ * @see http://stackoverflow.com/q/9183178 * @see http://stackoverflow.com/q/1462720 */ -function get_http_response($url, $timeout = 30, $maxBytes = 4194304) +function get_http_response($url, $timeout = 30, $maxBytes = 4194304, $curlWriteFunction = null) { $urlObj = new Url($url); $cleanUrl = $urlObj->idnToAscii(); @@ -75,6 +77,10 @@ function get_http_response($url, $timeout = 30, $maxBytes = 4194304) curl_setopt($ch, CURLOPT_TIMEOUT, $timeout); curl_setopt($ch, CURLOPT_USERAGENT, $userAgent); + if (is_callable($curlWriteFunction)) { + curl_setopt($ch, CURLOPT_WRITEFUNCTION, $curlWriteFunction); + } + // Max download size management curl_setopt($ch, CURLOPT_BUFFERSIZE, 1024); curl_setopt($ch, CURLOPT_NOPROGRESS, false); -- cgit v1.2.3 From 91c807d2755ac65ec7b06560f25ca3c6ed4a8417 Mon Sep 17 00:00:00 2001 From: ArthurHoaro Date: Sat, 11 Nov 2017 16:49:57 +0100 Subject: Increase buffer size for cURL download 1kB chunk size has caused me a lot of trouble with Travis which wasn't completing the download --- application/HttpUtils.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'application/HttpUtils.php') diff --git a/application/HttpUtils.php b/application/HttpUtils.php index 00835966..ec54dcd4 100644 --- a/application/HttpUtils.php +++ b/application/HttpUtils.php @@ -76,7 +76,7 @@ function get_http_response($url, $timeout = 30, $maxBytes = 4194304) curl_setopt($ch, CURLOPT_USERAGENT, $userAgent); // Max download size management - curl_setopt($ch, CURLOPT_BUFFERSIZE, 1024); + curl_setopt($ch, CURLOPT_BUFFERSIZE, 1024*16); curl_setopt($ch, CURLOPT_NOPROGRESS, false); curl_setopt($ch, CURLOPT_PROGRESSFUNCTION, function($arg0, $arg1, $arg2, $arg3, $arg4 = 0) use ($maxBytes) -- cgit v1.2.3 From 8e9fc6f6e6afc052a2c3b2d459764cc9ab20420a Mon Sep 17 00:00:00 2001 From: ArthurHoaro Date: Fri, 17 Nov 2017 19:04:14 +0100 Subject: Force HTTPS if the original port is 443 behind a reverse proxy Fixes #1022 --- application/HttpUtils.php | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'application/HttpUtils.php') diff --git a/application/HttpUtils.php b/application/HttpUtils.php index 00835966..c6181df4 100644 --- a/application/HttpUtils.php +++ b/application/HttpUtils.php @@ -302,6 +302,13 @@ function server_url($server) $port = $server['HTTP_X_FORWARDED_PORT']; } + // This is a workaround for proxies that don't forward the scheme properly. + // Connecting over port 443 has to be in HTTPS. + // See https://github.com/shaarli/Shaarli/issues/1022 + if ($port == '443') { + $scheme = 'https'; + } + if (($scheme == 'http' && $port != '80') || ($scheme == 'https' && $port != '443') ) { -- cgit v1.2.3