diff --git a/api/src/Framework.php b/api/src/Framework.php index c4e03f0d86..4f4d6428ec 100644 --- a/api/src/Framework.php +++ b/api/src/Framework.php @@ -170,6 +170,39 @@ abstract class Framework extends Framework\Extra return $GLOBALS['egw']->session->link($url, $extravars); } + /** + * Get a full / externally usable URL from an EGroupware link + * + * Code is only used, if the Setup defined webserver_url is only a path! + * + * The following HTTP Headers / $_SERVER variables and EGroupware configuration + * is taken into account to determine if URL should use https schema: + * - $_SERVER['HTTPS'] !== off + * - $GLOBALS['egw_info']['server']['enforce_ssl'] (EGroupware Setup) + * - $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https' (X-Forwarded-Proto HTTP header) + * + * Host is determined in the following order / priority: + * 1. $GLOBALS['egw_info']['server']['hostname'] !== 'localhost' (EGroupware Setup) + * 2. $_SERVER['HTTP_X_FORWARDED_HOST'] (X-Forwarded-Host HTTP header) + * 3. $_SERVER['HTTP_HOST'] (Host HTTP header) + * + * @param string $link + */ + static function getUrl($link) + { + if ($link[0] === '/') + { + $link = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off' || $_SERVER['SERVER_PORT'] == 443 || + !empty($GLOBALS['egw_info']['server']['enforce_ssl']) || $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https' ? + 'https://' : 'http://'). + ($GLOBALS['egw_info']['server']['hostname'] && $GLOBALS['egw_info']['server']['hostname'] !== 'localhost' ? + $GLOBALS['egw_info']['server']['hostname'] : + (isset($_SERVER['HTTP_X_FORWARDED_HOST']) ? $_SERVER['HTTP_X_FORWARDED_HOST'] : $_SERVER['HTTP_HOST'])). + $link; + } + return $link; + } + /** * Handles redirects under iis and apache, it does NOT return (calls exit) * diff --git a/api/src/Storage/Merge.php b/api/src/Storage/Merge.php index 383c394046..283a068898 100644 --- a/api/src/Storage/Merge.php +++ b/api/src/Storage/Merge.php @@ -358,11 +358,8 @@ abstract class Merge $link = Api\Framework::link($link, array()); } // Prepend site - if ($link{0} == '/') - { - $link = ($_SERVER['HTTPS'] || $GLOBALS['egw_info']['server']['enforce_ssl'] ? 'https://' : 'http://'). - ($GLOBALS['egw_info']['server']['hostname'] ? $GLOBALS['egw_info']['server']['hostname'] : $_SERVER['HTTP_HOST']).$link; - } + if ($link[0] == '/') $link = Api\Framework::getUrl($link); + $title = $style == 'href' ? Api\Html::a_href(Api\Html::htmlspecialchars($title), $link) : $link; } $link_titles[] = $title; @@ -417,11 +414,8 @@ abstract class Merge $link = Api\Framework::link($link, array()); } // Prepend site - if ($link{0} == '/') - { - $link = ($_SERVER['HTTPS'] || $GLOBALS['egw_info']['server']['enforce_ssl'] ? 'https://' : 'http://'). - ($GLOBALS['egw_info']['server']['hostname'] ? $GLOBALS['egw_info']['server']['hostname'] : $_SERVER['HTTP_HOST']).$link; - } + if ($link[0] == '/') $link = Api\Framework::getUrl($link); + $array[($prefix?$prefix.'/':'').$placeholder] = Api\Html::a_href(Api\Html::htmlspecialchars($title), $link); break; case 'links': diff --git a/api/src/Storage/Tracking.php b/api/src/Storage/Tracking.php index 64ee3ad33b..d31fdd254a 100644 --- a/api/src/Storage/Tracking.php +++ b/api/src/Storage/Tracking.php @@ -966,15 +966,12 @@ abstract class Tracking { if (($view = Api\Link::view($this->app,$data[$this->id_field]))) { - $link = $GLOBALS['egw']->link('/index.php',$view); + $link = Api\Framework::link('/index.php',$view); $popup = Api\Link::is_popup($this->app,'view'); } } - if ($link[0] == '/') - { - $link = ($_SERVER['HTTPS'] || $GLOBALS['egw_info']['server']['enforce_ssl'] ? 'https://' : 'http://'). - ($GLOBALS['egw_info']['server']['hostname'] ? $GLOBALS['egw_info']['server']['hostname'] : $_SERVER['HTTP_HOST']).$link; - } + if ($link[0] == '/') Api\Framework::getUrl($link); + if (!$allow_popup) { // remove the session-id in the notification mail! diff --git a/api/src/Vfs/Sharing.php b/api/src/Vfs/Sharing.php index 6f03a864a8..5d929c0e0a 100644 --- a/api/src/Vfs/Sharing.php +++ b/api/src/Vfs/Sharing.php @@ -675,21 +675,13 @@ class Sharing * Generate link from share or share-token * * @param string|array $share share or share-token - * @return string + * @return string full Url incl. schema and host */ public static function share2link($share) { if (is_array($share)) $share = $share['share_token']; - $link = Api\Framework::link('/share.php').'/'.$share; - if ($link[0] == '/') - { - $link = ($_SERVER['HTTPS'] ? 'https://' : 'http://'). - ($GLOBALS['egw_info']['server']['hostname'] && $GLOBALS['egw_info']['server']['hostname'] !== 'localhost' ? - $GLOBALS['egw_info']['server']['hostname'] : $_SERVER['HTTP_HOST']). - $link; - } - return $link; + return Api\Framework::getUrl(Api\Framework::link('/share.php')).'/'.$share; } } diff --git a/calendar/inc/class.calendar_boupdate.inc.php b/calendar/inc/class.calendar_boupdate.inc.php index 2c7647a55d..fed1c9ddaf 100644 --- a/calendar/inc/class.calendar_boupdate.inc.php +++ b/calendar/inc/class.calendar_boupdate.inc.php @@ -1796,12 +1796,7 @@ class calendar_boupdate extends calendar_bo $eventStart_arr = $this->date2array($event['start']); // give this as 'date' to the link to pick the right recurrence for the participants state $link = $GLOBALS['egw_info']['server']['webserver_url'].'/index.php?menuaction=calendar.calendar_uiforms.edit&cal_id='.$event['id'].'&date='.$eventStart_arr['full'].'&no_popup=1&ajax=true'; // if url is only a path, try guessing the rest ;-) - if ($link[0] == '/') - { - $link = ($GLOBALS['egw_info']['server']['enforce_ssl'] || $_SERVER['HTTPS'] ? 'https://' : 'http://'). - ($GLOBALS['egw_info']['server']['hostname'] ? $GLOBALS['egw_info']['server']['hostname'] : $_SERVER['HTTP_HOST']). - $link; - } + if ($link[0] == '/') $link = Api\Framework::getUrl($link); $event_arr['link']['data'] = $details['link'] = $link; /* this is needed for notification-app diff --git a/filemanager/inc/class.filemanager_merge.inc.php b/filemanager/inc/class.filemanager_merge.inc.php index 0293e4d200..c7b42bd033 100644 --- a/filemanager/inc/class.filemanager_merge.inc.php +++ b/filemanager/inc/class.filemanager_merge.inc.php @@ -200,11 +200,8 @@ class filemanager_merge extends Api\Storage\Merge } // Prepend site, if missing - if ($link{0} == '/') - { - $link = ($_SERVER['HTTPS'] || $GLOBALS['egw_info']['server']['enforce_ssl'] ? 'https://' : 'http://'). - ($GLOBALS['egw_info']['server']['hostname'] ? $GLOBALS['egw_info']['server']['hostname'] : $_SERVER['HTTP_HOST']).$link; - } + if ($link[0] == '/') $link = Api\Framework::getUrl($link); + $file['link'] = Api\Html::a_href(Api\Html::htmlspecialchars($file['name']), $link); $file['url'] = $link; diff --git a/notifications/inc/class.notifications_email.inc.php b/notifications/inc/class.notifications_email.inc.php index e8532ea327..dfb593e714 100644 --- a/notifications/inc/class.notifications_email.inc.php +++ b/notifications/inc/class.notifications_email.inc.php @@ -157,10 +157,7 @@ class notifications_email implements notifications_iface { // do not expose sensitive data $url = preg_replace('/(sessionid|kp3|domain)=[^&]+&?/','',Api\Html::link('/index.php', $link->view)); // complete missing protocol and domain part if needed - if ($url{0} == '/' && $_render_external) { - $url = ($_SERVER['HTTPS'] || $GLOBALS['egw_info']['server']['enforce_ssl'] ? 'https://' : 'http://'). - ($GLOBALS['egw_info']['server']['hostname'] ? $GLOBALS['egw_info']['server']['hostname'] : $_SERVER['HTTP_HOST']).$url; - } + if ($url[0] == '/' && $_render_external) $url = Api\Framework::getUrl($url); $a_href = ''.$link->text.''; $rendered_links[] = $_render_html ? $a_href : $url; }