forked from extern/egroupware
* all apps: fixing serveral cases of wrong Url when proxying and terminating TLS on the proxy
This commit is contained in:
parent
71baa8654c
commit
7cd4169768
@ -278,8 +278,7 @@ class CalDAV extends HTTP_WebDAV_Server
|
|||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
$this->current_user_principal = (@$_SERVER["HTTPS"] === "on" ? "https:" : "http:") .
|
$this->current_user_principal = Framework::getUrl($_SERVER['SCRIPT_NAME']) . '/';
|
||||||
'//' . $_SERVER['HTTP_HOST'] . $_SERVER['SCRIPT_NAME'] . '/';
|
|
||||||
}
|
}
|
||||||
$this->current_user_principal .= 'principals/users/'.$GLOBALS['egw_info']['user']['account_lid'].'/';
|
$this->current_user_principal .= 'principals/users/'.$GLOBALS['egw_info']['user']['account_lid'].'/';
|
||||||
|
|
||||||
@ -1519,16 +1518,7 @@ class CalDAV extends HTTP_WebDAV_Server
|
|||||||
*/
|
*/
|
||||||
protected static function path2location($path)
|
protected static function path2location($path)
|
||||||
{
|
{
|
||||||
static $url_prefix = null;
|
return Framework::getUrl(Framework::link(Vfs::download_url($path)));
|
||||||
if (!isset($url_prefix))
|
|
||||||
{
|
|
||||||
$url_prefix = '';
|
|
||||||
if ($GLOBALS['egw_info']['server']['webserver_url'][0] == '/')
|
|
||||||
{
|
|
||||||
$url_prefix = ($_SERVER['HTTPS'] ? 'https' : 'http').'://'.$_SERVER['HTTP_HOST'];
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return $url_prefix.Framework::link(Vfs::download_url($path));
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -369,12 +369,7 @@ abstract class Handler
|
|||||||
{
|
{
|
||||||
if ($_SERVER['REQUEST_METHOD'] == 'POST')
|
if ($_SERVER['REQUEST_METHOD'] == 'POST')
|
||||||
{
|
{
|
||||||
$location = $this->caldav->base_uri.$options['path'];
|
header('Content-Location: '.Api\Framework::getUrl($this->caldav->base_uri.$options['path']));
|
||||||
if ($location[0] == '/')
|
|
||||||
{
|
|
||||||
$location = (@$_SERVER['HTTPS'] === 'on' ? 'https' : 'http').'://'.$_SERVER['HTTP_HOST'].$location;
|
|
||||||
}
|
|
||||||
header('Content-Location: '.$location);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// remove If-Match or If-None-Match headers, otherwise HTTP status 412 goes into endless loop!
|
// remove If-Match or If-None-Match headers, otherwise HTTP status 412 goes into endless loop!
|
||||||
@ -687,7 +682,7 @@ abstract class Handler
|
|||||||
$uri = $path = $this->caldav->base_uri;
|
$uri = $path = $this->caldav->base_uri;
|
||||||
if ($uri[0] == '/')
|
if ($uri[0] == '/')
|
||||||
{
|
{
|
||||||
$uri = ($_SERVER["HTTPS"] === "on" ? "https:" : "http:") .'//' . $_SERVER['HTTP_HOST'] . $uri;
|
$uri = Api\Framework::getUrl($uri);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
@ -290,9 +290,9 @@ class Egw extends Egw\Base
|
|||||||
*/
|
*/
|
||||||
function verify_session()
|
function verify_session()
|
||||||
{
|
{
|
||||||
if($GLOBALS['egw_info']['server']['enforce_ssl'] === 'redirect' && !$_SERVER['HTTPS'])
|
if($GLOBALS['egw_info']['server']['enforce_ssl'] === 'redirect' && Header\Http::schema() !== 'https')
|
||||||
{
|
{
|
||||||
Header('Location: https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
|
Header('Location: https://' . Header\Http::host() . $_SERVER['REQUEST_URI']);
|
||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
// check if we have a session, if not try to automatic create one
|
// check if we have a session, if not try to automatic create one
|
||||||
|
@ -6797,7 +6797,7 @@ class Mail
|
|||||||
$myUrl = $directory.$filename;
|
$myUrl = $directory.$filename;
|
||||||
if ($myUrl[0]=='/') // local path -> we only allow path's that are available via http/https (or vfs)
|
if ($myUrl[0]=='/') // local path -> we only allow path's that are available via http/https (or vfs)
|
||||||
{
|
{
|
||||||
$basedir = ($_SERVER['HTTPS']?'https://':'http://'.$_SERVER['HTTP_HOST']);
|
$basedir = Api\Framework::getUrl('/');
|
||||||
}
|
}
|
||||||
// use vfs instead of url containing webdav.php
|
// use vfs instead of url containing webdav.php
|
||||||
// ToDo: we should test if the webdav url is of our own scope, as we cannot handle foreign
|
// ToDo: we should test if the webdav url is of our own scope, as we cannot handle foreign
|
||||||
|
@ -1633,7 +1633,7 @@ class Session
|
|||||||
!$cookietime && $is_iOS ? time()+self::IOS_SESSION_COOKIE_LIFETIME : $cookietime,
|
!$cookietime && $is_iOS ? time()+self::IOS_SESSION_COOKIE_LIFETIME : $cookietime,
|
||||||
is_null($cookiepath) ? self::$cookie_path : $cookiepath,self::$cookie_domain,
|
is_null($cookiepath) ? self::$cookie_path : $cookiepath,self::$cookie_domain,
|
||||||
// if called via HTTPS, only send cookie for https and only allow cookie access via HTTP (true)
|
// if called via HTTPS, only send cookie for https and only allow cookie access via HTTP (true)
|
||||||
empty($GLOBALS['egw_info']['server']['insecure_cookies']) && !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off', true);
|
empty($GLOBALS['egw_info']['server']['insecure_cookies']) && Header\Http::schema() === 'https', true);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1671,7 +1671,7 @@ class Session
|
|||||||
|
|
||||||
session_set_cookie_params(0, self::$cookie_path, self::$cookie_domain,
|
session_set_cookie_params(0, self::$cookie_path, self::$cookie_domain,
|
||||||
// if called via HTTPS, only send cookie for https and only allow cookie access via HTTP (true)
|
// if called via HTTPS, only send cookie for https and only allow cookie access via HTTP (true)
|
||||||
empty($GLOBALS['egw_info']['server']['insecure_cookies']) && !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off', true);
|
empty($GLOBALS['egw_info']['server']['insecure_cookies']) && Header\Http::schema() === 'https', true);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -734,15 +734,7 @@ class StreamWrapper implements Vfs\StreamWrapperIface
|
|||||||
|
|
||||||
$relpath = substr($url,strlen($mount_url));
|
$relpath = substr($url,strlen($mount_url));
|
||||||
|
|
||||||
$download_url = Vfs::concat($get['url'],$relpath);
|
return Api\Framework::getUrl(Vfs::concat($get['url'],$relpath));
|
||||||
if ($download_url[0] == '/')
|
|
||||||
{
|
|
||||||
$download_url = ($_SERVER['HTTPS'] ? 'https://' : 'http://').
|
|
||||||
$_SERVER['HTTP_HOST'].$download_url;
|
|
||||||
}
|
|
||||||
|
|
||||||
//die(__METHOD__."('$url') --> relpath = $relpath --> $download_url");
|
|
||||||
return $download_url;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -75,7 +75,7 @@ function _egw_log_exception($e,&$headline=null)
|
|||||||
error_log($line);
|
error_log($line);
|
||||||
}
|
}
|
||||||
error_log('# Instance='.$GLOBALS['egw_info']['user']['domain'].', User='.$GLOBALS['egw_info']['user']['account_lid'].
|
error_log('# Instance='.$GLOBALS['egw_info']['user']['domain'].', User='.$GLOBALS['egw_info']['user']['account_lid'].
|
||||||
', Request='.$_SERVER['REQUEST_METHOD'].' '.($_SERVER['HTTPS']?'https://':'http://').$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'].
|
', Request='.$_SERVER['REQUEST_METHOD'].' '.Api\Framework::getUrl($_SERVER['REQUEST_URI']).
|
||||||
', User-agent='.$_SERVER['HTTP_USER_AGENT']);
|
', User-agent='.$_SERVER['HTTP_USER_AGENT']);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -2116,9 +2116,8 @@ class calendar_bo
|
|||||||
. ':' . $GLOBALS['egw_info']['user']['passwd'];
|
. ':' . $GLOBALS['egw_info']['user']['passwd'];
|
||||||
$credentials = '&cred=' . base64_encode($credentials);
|
$credentials = '&cred=' . base64_encode($credentials);
|
||||||
}
|
}
|
||||||
return (!$GLOBALS['egw_info']['server']['webserver_url'] || $GLOBALS['egw_info']['server']['webserver_url'][0] == '/' ?
|
return Api\Framework::getUrl($GLOBALS['egw_info']['server']['webserver_url']).
|
||||||
($_SERVER['HTTPS'] ? 'https://' : 'http://').$_SERVER['HTTP_HOST'] : '').
|
'/calendar/freebusy.php/?user='.urlencode($user).$credentials;
|
||||||
$GLOBALS['egw_info']['server']['webserver_url'].'/calendar/freebusy.php/?user='.urlencode($user).$credentials;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -20,15 +20,6 @@
|
|||||||
|
|
||||||
use EGroupware\Api;
|
use EGroupware\Api;
|
||||||
|
|
||||||
// switching off output compression for Lighttpd and HTTPS, as it makes problems with TB Lightning
|
|
||||||
if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on' &&
|
|
||||||
strpos($_SERVER['SERVER_SOFTWARE'],'lighttpd/1.4') === 0 &&
|
|
||||||
strpos($_SERVER['HTTP_USER_AGENT'],'Lightning') !== false)
|
|
||||||
{
|
|
||||||
ini_set('zlib.output_compression',0);
|
|
||||||
}
|
|
||||||
//error_log("HTTPS='$_SERVER[HTTPS]', SERVER_SOFTWARE='$_SERVER[SERVER_SOFTWARE]', HTTP_USER_AGENT='$_SERVER[HTTP_USER_AGENT]', REQUEST_METHOD='$_SERVER[REQUEST_METHOD]' --> zlib.output_compression=".ini_get('zlib.output_compression'));
|
|
||||||
|
|
||||||
$starttime = microtime(true);
|
$starttime = microtime(true);
|
||||||
|
|
||||||
$GLOBALS['egw_info'] = array(
|
$GLOBALS['egw_info'] = array(
|
||||||
|
@ -42,11 +42,7 @@ function replace_callback($matches)
|
|||||||
switch($matches[1])
|
switch($matches[1])
|
||||||
{
|
{
|
||||||
case 'egw_dc_url':
|
case 'egw_dc_url':
|
||||||
$replacement = $GLOBALS['egw_info']['server']['webserver_url'];
|
$replacement = Api\Framework::getUrl($GLOBALS['egw_info']['server']['webserver_url']);
|
||||||
if (empty($replacement) || $replacement[0] == '/')
|
|
||||||
{
|
|
||||||
$replacement = ($_SERVER['HTTPS'] ? 'https://' : 'http://').$_SERVER['HTTP_HOST'].$replacement;
|
|
||||||
}
|
|
||||||
break;
|
break;
|
||||||
case 'egw_dc_logindomain':
|
case 'egw_dc_logindomain':
|
||||||
$replacement = $GLOBALS['egw_info']['user']['domain'];
|
$replacement = $GLOBALS['egw_info']['user']['domain'];
|
||||||
|
@ -188,7 +188,7 @@ class setup
|
|||||||
}
|
}
|
||||||
setcookie($cookiename, $cookievalue, $cookietime, '/', $this->cookie_domain,
|
setcookie($cookiename, $cookievalue, $cookietime, '/', $this->cookie_domain,
|
||||||
// if called via HTTPS, only send cookie for https and only allow cookie access via HTTP (true)
|
// if called via HTTPS, only send cookie for https and only allow cookie access via HTTP (true)
|
||||||
!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off', true);
|
Api\Header\Http::schema() === 'https', true);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -257,7 +257,7 @@ class setup
|
|||||||
session_name(self::SESSIONID);
|
session_name(self::SESSIONID);
|
||||||
session_set_cookie_params(0, '/', self::cookiedomain(),
|
session_set_cookie_params(0, '/', self::cookiedomain(),
|
||||||
// if called via HTTPS, only send cookie for https and only allow cookie access via HTTP (true)
|
// if called via HTTPS, only send cookie for https and only allow cookie access via HTTP (true)
|
||||||
!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off', true);
|
Api\Header\Http::schema() === 'https', true);
|
||||||
|
|
||||||
if (isset($_COOKIE[self::SESSIONID])) session_id($_COOKIE[self::SESSIONID]);
|
if (isset($_COOKIE[self::SESSIONID])) session_id($_COOKIE[self::SESSIONID]);
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user