From 762c60a61f21b0861be679907bc6f63b30fdbd54 Mon Sep 17 00:00:00 2001
From: Ralf Becker <RalfBecker@outdoor-training.de>
Date: Wed, 21 Mar 2018 12:40:59 +0100
Subject: [PATCH] new method Api\Framework::getUrl() to get a full / externally
 usable Url

---
 api/src/Framework.php                         | 33 +++++++++++++++++++
 api/src/Storage/Merge.php                     | 14 +++-----
 api/src/Storage/Tracking.php                  |  9 ++---
 api/src/Vfs/Sharing.php                       | 12 ++-----
 calendar/inc/class.calendar_boupdate.inc.php  |  7 +---
 .../inc/class.filemanager_merge.inc.php       |  7 ++--
 .../inc/class.notifications_email.inc.php     |  5 +--
 7 files changed, 46 insertions(+), 41 deletions(-)

diff --git a/api/src/Framework.php b/api/src/Framework.php
index c4e03f0d86..4f4d6428ec 100644
--- a/api/src/Framework.php
+++ b/api/src/Framework.php
@@ -170,6 +170,39 @@ abstract class Framework extends Framework\Extra
 		return $GLOBALS['egw']->session->link($url, $extravars);
 	}
 
+	/**
+	 * Get a full / externally usable URL from an EGroupware link
+	 *
+	 * Code is only used, if the Setup defined webserver_url is only a path!
+	 *
+	 * The following HTTP Headers / $_SERVER variables and EGroupware configuration
+	 * is taken into account to determine if URL should use https schema:
+	 * - $_SERVER['HTTPS'] !== off
+	 * - $GLOBALS['egw_info']['server']['enforce_ssl'] (EGroupware Setup)
+	 * - $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https' (X-Forwarded-Proto HTTP header)
+	 *
+	 * Host is determined in the following order / priority:
+	 * 1. $GLOBALS['egw_info']['server']['hostname'] !== 'localhost' (EGroupware Setup)
+	 * 2. $_SERVER['HTTP_X_FORWARDED_HOST'] (X-Forwarded-Host HTTP header)
+	 * 3. $_SERVER['HTTP_HOST'] (Host HTTP header)
+	 *
+	 * @param string $link
+	 */
+	static function getUrl($link)
+	{
+		if ($link[0] === '/')
+		{
+			$link = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off' || $_SERVER['SERVER_PORT'] == 443 ||
+				!empty($GLOBALS['egw_info']['server']['enforce_ssl']) || $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https' ?
+				'https://' : 'http://').
+				($GLOBALS['egw_info']['server']['hostname'] && $GLOBALS['egw_info']['server']['hostname'] !== 'localhost' ?
+					$GLOBALS['egw_info']['server']['hostname'] :
+					(isset($_SERVER['HTTP_X_FORWARDED_HOST']) ?  $_SERVER['HTTP_X_FORWARDED_HOST'] : $_SERVER['HTTP_HOST'])).
+				$link;
+		}
+		return $link;
+	}
+
 	/**
 	 * Handles redirects under iis and apache, it does NOT return (calls exit)
 	 *
diff --git a/api/src/Storage/Merge.php b/api/src/Storage/Merge.php
index 383c394046..283a068898 100644
--- a/api/src/Storage/Merge.php
+++ b/api/src/Storage/Merge.php
@@ -358,11 +358,8 @@ abstract class Merge
 					$link = Api\Framework::link($link, array());
 				}
 				// Prepend site
-				if ($link{0} == '/')
-				{
-					$link = ($_SERVER['HTTPS'] || $GLOBALS['egw_info']['server']['enforce_ssl'] ? 'https://' : 'http://').
-						($GLOBALS['egw_info']['server']['hostname'] ? $GLOBALS['egw_info']['server']['hostname'] : $_SERVER['HTTP_HOST']).$link;
-				}
+				if ($link[0] == '/') $link = Api\Framework::getUrl($link);
+
 				$title = $style == 'href' ? Api\Html::a_href(Api\Html::htmlspecialchars($title), $link) : $link;
 			}
 			$link_titles[] = $title;
@@ -417,11 +414,8 @@ abstract class Merge
 							$link = Api\Framework::link($link, array());
 						}
 						// Prepend site
-						if ($link{0} == '/')
-						{
-							$link = ($_SERVER['HTTPS'] || $GLOBALS['egw_info']['server']['enforce_ssl'] ? 'https://' : 'http://').
-								($GLOBALS['egw_info']['server']['hostname'] ? $GLOBALS['egw_info']['server']['hostname'] : $_SERVER['HTTP_HOST']).$link;
-						}
+						if ($link[0] == '/') $link = Api\Framework::getUrl($link);
+
 						$array[($prefix?$prefix.'/':'').$placeholder] = Api\Html::a_href(Api\Html::htmlspecialchars($title), $link);
 						break;
 					case 'links':
diff --git a/api/src/Storage/Tracking.php b/api/src/Storage/Tracking.php
index 64ee3ad33b..d31fdd254a 100644
--- a/api/src/Storage/Tracking.php
+++ b/api/src/Storage/Tracking.php
@@ -966,15 +966,12 @@ abstract class Tracking
 		{
 			if (($view = Api\Link::view($this->app,$data[$this->id_field])))
 			{
-				$link = $GLOBALS['egw']->link('/index.php',$view);
+				$link = Api\Framework::link('/index.php',$view);
 				$popup = Api\Link::is_popup($this->app,'view');
 			}
 		}
-		if ($link[0] == '/')
-		{
-			$link = ($_SERVER['HTTPS'] || $GLOBALS['egw_info']['server']['enforce_ssl'] ? 'https://' : 'http://').
-				($GLOBALS['egw_info']['server']['hostname'] ? $GLOBALS['egw_info']['server']['hostname'] : $_SERVER['HTTP_HOST']).$link;
-		}
+		if ($link[0] == '/') Api\Framework::getUrl($link);
+
 		if (!$allow_popup)
 		{
 			// remove the session-id in the notification mail!
diff --git a/api/src/Vfs/Sharing.php b/api/src/Vfs/Sharing.php
index 6f03a864a8..5d929c0e0a 100644
--- a/api/src/Vfs/Sharing.php
+++ b/api/src/Vfs/Sharing.php
@@ -675,21 +675,13 @@ class Sharing
 	 * Generate link from share or share-token
 	 *
 	 * @param string|array $share share or share-token
-	 * @return string
+	 * @return string full Url incl. schema and host
 	 */
 	public static function share2link($share)
 	{
 		if (is_array($share)) $share = $share['share_token'];
 
-		$link = Api\Framework::link('/share.php').'/'.$share;
-		if ($link[0] == '/')
-		{
-			$link = ($_SERVER['HTTPS'] ? 'https://' : 'http://').
-				($GLOBALS['egw_info']['server']['hostname'] && $GLOBALS['egw_info']['server']['hostname'] !== 'localhost' ?
-					$GLOBALS['egw_info']['server']['hostname'] : $_SERVER['HTTP_HOST']).
-				$link;
-		}
-		return $link;
+		return Api\Framework::getUrl(Api\Framework::link('/share.php')).'/'.$share;
 	}
 }
 
diff --git a/calendar/inc/class.calendar_boupdate.inc.php b/calendar/inc/class.calendar_boupdate.inc.php
index 2c7647a55d..fed1c9ddaf 100644
--- a/calendar/inc/class.calendar_boupdate.inc.php
+++ b/calendar/inc/class.calendar_boupdate.inc.php
@@ -1796,12 +1796,7 @@ class calendar_boupdate extends calendar_bo
 		$eventStart_arr = $this->date2array($event['start']); // give this as 'date' to the link to pick the right recurrence for the participants state
 		$link = $GLOBALS['egw_info']['server']['webserver_url'].'/index.php?menuaction=calendar.calendar_uiforms.edit&cal_id='.$event['id'].'&date='.$eventStart_arr['full'].'&no_popup=1&ajax=true';
 		// if url is only a path, try guessing the rest ;-)
-		if ($link[0] == '/')
-		{
-			$link = ($GLOBALS['egw_info']['server']['enforce_ssl'] || $_SERVER['HTTPS'] ? 'https://' : 'http://').
-				($GLOBALS['egw_info']['server']['hostname'] ? $GLOBALS['egw_info']['server']['hostname'] : $_SERVER['HTTP_HOST']).
-				$link;
-		}
+		if ($link[0] == '/') $link = Api\Framework::getUrl($link);
 		$event_arr['link']['data'] = $details['link'] = $link;
 
 		/* this is needed for notification-app
diff --git a/filemanager/inc/class.filemanager_merge.inc.php b/filemanager/inc/class.filemanager_merge.inc.php
index 0293e4d200..c7b42bd033 100644
--- a/filemanager/inc/class.filemanager_merge.inc.php
+++ b/filemanager/inc/class.filemanager_merge.inc.php
@@ -200,11 +200,8 @@ class filemanager_merge extends Api\Storage\Merge
 		}
 
 		// Prepend site, if missing
-		if ($link{0} == '/')
-		{
-			$link = ($_SERVER['HTTPS'] || $GLOBALS['egw_info']['server']['enforce_ssl'] ? 'https://' : 'http://').
-				($GLOBALS['egw_info']['server']['hostname'] ? $GLOBALS['egw_info']['server']['hostname'] : $_SERVER['HTTP_HOST']).$link;
-		}
+		if ($link[0] == '/') $link = Api\Framework::getUrl($link);
+
 		$file['link'] = Api\Html::a_href(Api\Html::htmlspecialchars($file['name']), $link);
 		$file['url'] = $link;
 
diff --git a/notifications/inc/class.notifications_email.inc.php b/notifications/inc/class.notifications_email.inc.php
index e8532ea327..dfb593e714 100644
--- a/notifications/inc/class.notifications_email.inc.php
+++ b/notifications/inc/class.notifications_email.inc.php
@@ -157,10 +157,7 @@ class notifications_email implements notifications_iface {
 			// do not expose sensitive data
 			$url = preg_replace('/(sessionid|kp3|domain)=[^&]+&?/','',Api\Html::link('/index.php', $link->view));
 			// complete missing protocol and domain part if needed
-			if ($url{0} == '/' && $_render_external) {
-				$url = ($_SERVER['HTTPS'] || $GLOBALS['egw_info']['server']['enforce_ssl'] ? 'https://' : 'http://').
-					($GLOBALS['egw_info']['server']['hostname'] ? $GLOBALS['egw_info']['server']['hostname'] : $_SERVER['HTTP_HOST']).$url;
-			}
+			if ($url[0] == '/' && $_render_external) $url = Api\Framework::getUrl($url);
 			$a_href = '<a href="'.$url.'" target="_blank">'.$link->text.'</a>';
 			$rendered_links[] = $_render_html ? $a_href : $url;
 		}