clean http_pwd forging

This commit is contained in:
osaajani 2023-05-29 21:53:09 +02:00
parent 62eb897589
commit 7014f3da68
1 changed files with 17 additions and 29 deletions

View File

@ -5,39 +5,27 @@
* Define Descartes env
*/
$http_dir_path = '/raspisms'; //Path we need to put after servername in url to access app
$https = $_SERVER['HTTPS'] ?? 0;
// Check for proxy forward
$forwarded_https = ($_SERVER['HTTP_X_FORWARDED_PROTO'] ?? $_SERVER['HTTP_FORWARDED_PROTO'] ?? NULL) == 'https';
$forwarded_ssl = ($_SERVER['HTTP_X_FORWARDED_SSL'] ?? NULL) == 'on';
$proxy = $forwarded_https || $forwarded_ssl;
if ((isset($_SERVER['HTTPS']) && (($_SERVER['HTTPS'] == 'on') || ($_SERVER['HTTPS'] == '1'))) || (isset($_SERVER['HTTPS']) && $_SERVER['SERVER_PORT'] == 443)) {
// Our server uses HTTPS
$https = true;
$http_proxy = false;
$http_protocol = 'https://';
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https' || !empty($_SERVER['HTTP_X_FORWARDED_SSL']) && $_SERVER['HTTP_X_FORWARDED_SSL'] == 'on') {
// We are behind a HTTPS proxy
$https = true;
$http_proxy = true;
$http_protocol = 'https://';
// Don't bother to advertise port behind a proxy server
} else {
// Standard HTTP
$https = false;
$http_proxy = false;
$http_protocol = 'http://';
}
$http_server_name = isset($_SERVER['SERVER_NAME']) ? $_SERVER['SERVER_NAME'] : 'localhost';
if (!isset($_SERVER['SERVER_PORT']) || ($_SERVER['SERVER_PORT'] == 80 && !$https) || ($_SERVER['SERVER_PORT'] == 443 && $https) || $http_proxy)
if ($https)
{
$http_server_port = '';
}
else
{
$http_server_port = ':' . $_SERVER['SERVER_PORT'];
$http_protocol = 'https://';
}
$pwd = substr(__DIR__, 0, strrpos(__DIR__, '/'));
$http_pwd = $http_protocol . $http_server_name . $http_server_port . $http_dir_path;
$http_server_name = $_SERVER['SERVER_NAME'] ?? 'localhost';
// Check port to only set it if not default port
$port = $_SERVER['SERVER_PORT'] ?? '';
$port = ($port == 80 && !$https) ? '' : $port;
$port = ($port == 443 && $https) ? '' : $port;
$port = $proxy ? '' : $port;
$http_server_port = $port ? ':' . $port : '';
$pwd = substr(__DIR__, 0, strrpos(__DIR__, '/'));