From 7cd4169768ec27d8c59e4c079c3dba64d82c8062 Mon Sep 17 00:00:00 2001 From: Ralf Becker Date: Fri, 15 Nov 2019 13:54:34 +0100 Subject: [PATCH] * all apps: fixing serveral cases of wrong Url when proxying and terminating TLS on the proxy --- api/src/CalDAV.php | 14 ++------------ api/src/CalDAV/Handler.php | 9 ++------- api/src/Egw.php | 4 ++-- api/src/Mail.php | 2 +- api/src/Session.php | 4 ++-- api/src/Vfs/Filesystem/StreamWrapper.php | 10 +--------- api/src/loader/exception.php | 2 +- calendar/inc/class.calendar_bo.inc.php | 5 ++--- groupdav.php | 9 --------- notifications/download.php | 6 +----- setup/inc/class.setup.inc.php | 4 ++-- 11 files changed, 16 insertions(+), 53 deletions(-) diff --git a/api/src/CalDAV.php b/api/src/CalDAV.php index 56c7c81dad..7d7b001d9e 100644 --- a/api/src/CalDAV.php +++ b/api/src/CalDAV.php @@ -278,8 +278,7 @@ class CalDAV extends HTTP_WebDAV_Server } else { - $this->current_user_principal = (@$_SERVER["HTTPS"] === "on" ? "https:" : "http:") . - '//' . $_SERVER['HTTP_HOST'] . $_SERVER['SCRIPT_NAME'] . '/'; + $this->current_user_principal = Framework::getUrl($_SERVER['SCRIPT_NAME']) . '/'; } $this->current_user_principal .= 'principals/users/'.$GLOBALS['egw_info']['user']['account_lid'].'/'; @@ -1519,16 +1518,7 @@ class CalDAV extends HTTP_WebDAV_Server */ protected static function path2location($path) { - static $url_prefix = null; - if (!isset($url_prefix)) - { - $url_prefix = ''; - if ($GLOBALS['egw_info']['server']['webserver_url'][0] == '/') - { - $url_prefix = ($_SERVER['HTTPS'] ? 'https' : 'http').'://'.$_SERVER['HTTP_HOST']; - } - } - return $url_prefix.Framework::link(Vfs::download_url($path)); + return Framework::getUrl(Framework::link(Vfs::download_url($path))); } /** diff --git a/api/src/CalDAV/Handler.php b/api/src/CalDAV/Handler.php index c7d5983083..d5805e96fc 100644 --- a/api/src/CalDAV/Handler.php +++ b/api/src/CalDAV/Handler.php @@ -369,12 +369,7 @@ abstract class Handler { if ($_SERVER['REQUEST_METHOD'] == 'POST') { - $location = $this->caldav->base_uri.$options['path']; - if ($location[0] == '/') - { - $location = (@$_SERVER['HTTPS'] === 'on' ? 'https' : 'http').'://'.$_SERVER['HTTP_HOST'].$location; - } - header('Content-Location: '.$location); + header('Content-Location: '.Api\Framework::getUrl($this->caldav->base_uri.$options['path'])); } // remove If-Match or If-None-Match headers, otherwise HTTP status 412 goes into endless loop! @@ -687,7 +682,7 @@ abstract class Handler $uri = $path = $this->caldav->base_uri; if ($uri[0] == '/') { - $uri = ($_SERVER["HTTPS"] === "on" ? "https:" : "http:") .'//' . $_SERVER['HTTP_HOST'] . $uri; + $uri = Api\Framework::getUrl($uri); } else { diff --git a/api/src/Egw.php b/api/src/Egw.php index e8bf7a8176..7ad4f73c7f 100644 --- a/api/src/Egw.php +++ b/api/src/Egw.php @@ -290,9 +290,9 @@ class Egw extends Egw\Base */ function verify_session() { - if($GLOBALS['egw_info']['server']['enforce_ssl'] === 'redirect' && !$_SERVER['HTTPS']) + if($GLOBALS['egw_info']['server']['enforce_ssl'] === 'redirect' && Header\Http::schema() !== 'https') { - Header('Location: https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']); + Header('Location: https://' . Header\Http::host() . $_SERVER['REQUEST_URI']); exit; } // check if we have a session, if not try to automatic create one diff --git a/api/src/Mail.php b/api/src/Mail.php index ef99fbc134..6f4d409e26 100644 --- a/api/src/Mail.php +++ b/api/src/Mail.php @@ -6797,7 +6797,7 @@ class Mail $myUrl = $directory.$filename; if ($myUrl[0]=='/') // local path -> we only allow path's that are available via http/https (or vfs) { - $basedir = ($_SERVER['HTTPS']?'https://':'http://'.$_SERVER['HTTP_HOST']); + $basedir = Api\Framework::getUrl('/'); } // use vfs instead of url containing webdav.php // ToDo: we should test if the webdav url is of our own scope, as we cannot handle foreign diff --git a/api/src/Session.php b/api/src/Session.php index e3f160af54..32c61d9f33 100644 --- a/api/src/Session.php +++ b/api/src/Session.php @@ -1633,7 +1633,7 @@ class Session !$cookietime && $is_iOS ? time()+self::IOS_SESSION_COOKIE_LIFETIME : $cookietime, is_null($cookiepath) ? self::$cookie_path : $cookiepath,self::$cookie_domain, // if called via HTTPS, only send cookie for https and only allow cookie access via HTTP (true) - empty($GLOBALS['egw_info']['server']['insecure_cookies']) && !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off', true); + empty($GLOBALS['egw_info']['server']['insecure_cookies']) && Header\Http::schema() === 'https', true); } } @@ -1671,7 +1671,7 @@ class Session session_set_cookie_params(0, self::$cookie_path, self::$cookie_domain, // if called via HTTPS, only send cookie for https and only allow cookie access via HTTP (true) - empty($GLOBALS['egw_info']['server']['insecure_cookies']) && !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off', true); + empty($GLOBALS['egw_info']['server']['insecure_cookies']) && Header\Http::schema() === 'https', true); } /** diff --git a/api/src/Vfs/Filesystem/StreamWrapper.php b/api/src/Vfs/Filesystem/StreamWrapper.php index 3ff1b4b4b6..c2023059ee 100644 --- a/api/src/Vfs/Filesystem/StreamWrapper.php +++ b/api/src/Vfs/Filesystem/StreamWrapper.php @@ -734,15 +734,7 @@ class StreamWrapper implements Vfs\StreamWrapperIface $relpath = substr($url,strlen($mount_url)); - $download_url = Vfs::concat($get['url'],$relpath); - if ($download_url[0] == '/') - { - $download_url = ($_SERVER['HTTPS'] ? 'https://' : 'http://'). - $_SERVER['HTTP_HOST'].$download_url; - } - - //die(__METHOD__."('$url') --> relpath = $relpath --> $download_url"); - return $download_url; + return Api\Framework::getUrl(Vfs::concat($get['url'],$relpath)); } /** diff --git a/api/src/loader/exception.php b/api/src/loader/exception.php index 648ae70380..adeec21ea7 100755 --- a/api/src/loader/exception.php +++ b/api/src/loader/exception.php @@ -75,7 +75,7 @@ function _egw_log_exception($e,&$headline=null) error_log($line); } error_log('# Instance='.$GLOBALS['egw_info']['user']['domain'].', User='.$GLOBALS['egw_info']['user']['account_lid']. - ', Request='.$_SERVER['REQUEST_METHOD'].' '.($_SERVER['HTTPS']?'https://':'http://').$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']. + ', Request='.$_SERVER['REQUEST_METHOD'].' '.Api\Framework::getUrl($_SERVER['REQUEST_URI']). ', User-agent='.$_SERVER['HTTP_USER_AGENT']); } } diff --git a/calendar/inc/class.calendar_bo.inc.php b/calendar/inc/class.calendar_bo.inc.php index 8b4d59dc09..a275c8e7fc 100644 --- a/calendar/inc/class.calendar_bo.inc.php +++ b/calendar/inc/class.calendar_bo.inc.php @@ -2116,9 +2116,8 @@ class calendar_bo . ':' . $GLOBALS['egw_info']['user']['passwd']; $credentials = '&cred=' . base64_encode($credentials); } - return (!$GLOBALS['egw_info']['server']['webserver_url'] || $GLOBALS['egw_info']['server']['webserver_url'][0] == '/' ? - ($_SERVER['HTTPS'] ? 'https://' : 'http://').$_SERVER['HTTP_HOST'] : ''). - $GLOBALS['egw_info']['server']['webserver_url'].'/calendar/freebusy.php/?user='.urlencode($user).$credentials; + return Api\Framework::getUrl($GLOBALS['egw_info']['server']['webserver_url']). + '/calendar/freebusy.php/?user='.urlencode($user).$credentials; } /** diff --git a/groupdav.php b/groupdav.php index 6aed9a628c..dbe3a6e3af 100644 --- a/groupdav.php +++ b/groupdav.php @@ -20,15 +20,6 @@ use EGroupware\Api; -// switching off output compression for Lighttpd and HTTPS, as it makes problems with TB Lightning -if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on' && - strpos($_SERVER['SERVER_SOFTWARE'],'lighttpd/1.4') === 0 && - strpos($_SERVER['HTTP_USER_AGENT'],'Lightning') !== false) -{ - ini_set('zlib.output_compression',0); -} -//error_log("HTTPS='$_SERVER[HTTPS]', SERVER_SOFTWARE='$_SERVER[SERVER_SOFTWARE]', HTTP_USER_AGENT='$_SERVER[HTTP_USER_AGENT]', REQUEST_METHOD='$_SERVER[REQUEST_METHOD]' --> zlib.output_compression=".ini_get('zlib.output_compression')); - $starttime = microtime(true); $GLOBALS['egw_info'] = array( diff --git a/notifications/download.php b/notifications/download.php index eaf907a144..e3ab94156a 100644 --- a/notifications/download.php +++ b/notifications/download.php @@ -42,11 +42,7 @@ function replace_callback($matches) switch($matches[1]) { case 'egw_dc_url': - $replacement = $GLOBALS['egw_info']['server']['webserver_url']; - if (empty($replacement) || $replacement[0] == '/') - { - $replacement = ($_SERVER['HTTPS'] ? 'https://' : 'http://').$_SERVER['HTTP_HOST'].$replacement; - } + $replacement = Api\Framework::getUrl($GLOBALS['egw_info']['server']['webserver_url']); break; case 'egw_dc_logindomain': $replacement = $GLOBALS['egw_info']['user']['domain']; diff --git a/setup/inc/class.setup.inc.php b/setup/inc/class.setup.inc.php index 500c174730..e332a071ac 100644 --- a/setup/inc/class.setup.inc.php +++ b/setup/inc/class.setup.inc.php @@ -188,7 +188,7 @@ class setup } setcookie($cookiename, $cookievalue, $cookietime, '/', $this->cookie_domain, // if called via HTTPS, only send cookie for https and only allow cookie access via HTTP (true) - !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off', true); + Api\Header\Http::schema() === 'https', true); } /** @@ -257,7 +257,7 @@ class setup session_name(self::SESSIONID); session_set_cookie_params(0, '/', self::cookiedomain(), // if called via HTTPS, only send cookie for https and only allow cookie access via HTTP (true) - !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off', true); + Api\Header\Http::schema() === 'https', true); if (isset($_COOKIE[self::SESSIONID])) session_id($_COOKIE[self::SESSIONID]);