From 8763e4efde17f133d0bda504640acada108e7870 Mon Sep 17 00:00:00 2001 From: Thomas Citharel Date: Tue, 26 Aug 2014 12:43:56 +0200 Subject: Fix downloading SQLite database from all users --- inc/poche/Tools.class.php | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) (limited to 'inc/poche/Tools.class.php') diff --git a/inc/poche/Tools.class.php b/inc/poche/Tools.class.php index 63137d76..c2c1bdab 100755 --- a/inc/poche/Tools.class.php +++ b/inc/poche/Tools.class.php @@ -296,18 +296,20 @@ final class Tools /** * Download the sqlite database + * Function not longer used for security reasons */ - public static function downloadDb() - { - header('Content-Disposition: attachment; filename="poche.sqlite.gz"'); - self::_status(200); - header('Content-Transfer-Encoding: binary'); - header('Content-Type: application/octet-stream'); - echo gzencode(file_get_contents(STORAGE_SQLITE)); + // public static function downloadDb() + // { + // header('Content-Disposition: attachment; filename="poche.sqlite.gz"'); + // self::_status(200); - exit; - } + // header('Content-Transfer-Encoding: binary'); + // header('Content-Type: application/octet-stream'); + // echo gzencode(file_get_contents(STORAGE_SQLITE)); + + // exit; + // } /** * Get the content for a given URL (by a call to FullTextFeed) -- cgit v1.2.3 From d5c481c2f40f1d05750a7020df1f129439627247 Mon Sep 17 00:00:00 2001 From: Thomas Citharel Date: Thu, 28 Aug 2014 21:01:43 +0200 Subject: remove old function --- inc/poche/Tools.class.php | 17 ----------------- 1 file changed, 17 deletions(-) (limited to 'inc/poche/Tools.class.php') diff --git a/inc/poche/Tools.class.php b/inc/poche/Tools.class.php index c2c1bdab..55fedac8 100755 --- a/inc/poche/Tools.class.php +++ b/inc/poche/Tools.class.php @@ -294,23 +294,6 @@ final class Tools } } - /** - * Download the sqlite database - * Function not longer used for security reasons - */ - - // public static function downloadDb() - // { - // header('Content-Disposition: attachment; filename="poche.sqlite.gz"'); - // self::_status(200); - - // header('Content-Transfer-Encoding: binary'); - // header('Content-Type: application/octet-stream'); - // echo gzencode(file_get_contents(STORAGE_SQLITE)); - - // exit; - // } - /** * Get the content for a given URL (by a call to FullTextFeed) * -- cgit v1.2.3 From 5af2555f59f13e06cf0ae65e5c0265d1d10bead8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20K=C3=B6nig?= Date: Thu, 11 Sep 2014 13:17:19 +0200 Subject: Implemented additional check for using the 'X-Forwarded-Port' header. --- inc/poche/Tools.class.php | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'inc/poche/Tools.class.php') diff --git a/inc/poche/Tools.class.php b/inc/poche/Tools.class.php index 55fedac8..93ec3fc6 100755 --- a/inc/poche/Tools.class.php +++ b/inc/poche/Tools.class.php @@ -54,6 +54,10 @@ final class Tools || ($https && $_SERVER["SERVER_PORT"] == '443') || ($https && $_SERVER["SERVER_PORT"]==SSL_PORT) //Custom HTTPS port detection ? '' : ':' . $_SERVER["SERVER_PORT"]); + + if (isset($_SERVER["HTTP_X_FORWARDED_PORT"])) { + $serverport = ':' . $_SERVER["HTTP_X_FORWARDED_PORT"]; + } $scriptname = str_replace('/index.php', '/', $_SERVER["SCRIPT_NAME"]); -- cgit v1.2.3