opensourcemirror
/
dokuwiki
mirror of https://github.com/splitbrain/dokuwiki.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #4104 from m-martin-78/xfhsupport 

Add support for X-Forwarded-Host proxy header
This commit is contained in:
Andreas Gohr 2024-01-26 09:52:29 +01:00 committed by GitHub
parent 33b3315418 c46f56cc7c
commit 6e2ee56d21
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 40 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
_test/tests/inc/init_checkssl.test.php
View File

@ -4,15 +4,35 @@ class init_checkssl_test extends DokuWikiTest {
/**
* Running behind an SSL proxy, HTTP between server and proxy
* Proxy (REMOTE_ADDR) is matched by default trustedproxy config regex
* HTTPS not set
* HTTP_X_FORWARDED_PROTO
* set to https
*/
function test1() {
function test1a() {
global $conf;
$conf['trustedproxy'] = '^(::1|[fF][eE]80:|127\.|10\.|192\.168\.|172\.((1[6-9])|(2[0-9])|(3[0-1]))\.)';
$_SERVER['REMOTE_ADDR'] = '127.0.0.1';
$_SERVER['HTTP_X_FORWARDED_PROTO'] = 'https';
$this->assertEquals(is_ssl(), true);
}
/**
* Running behind an SSL proxy, HTTP between server and proxy
* Proxy (REMOTE_ADDR) is not matched by default trustedproxy config regex
* HTTPS not set
* HTTP_X_FORWARDED_PROTO
* set to https
*/
function test1b() {
global $conf;
$conf['trustedproxy'] = '^(::1|[fF][eE]80:|127\.|10\.|192\.168\.|172\.((1[6-9])|(2[0-9])|(3[0-1]))\.)';
$_SERVER['REMOTE_ADDR'] = '8.8.8.8';
$_SERVER['HTTP_X_FORWARDED_PROTO'] = 'https';
$this->assertEquals(is_ssl(), false);
}
/**
* Running behind a plain HTTP proxy, HTTP between server and proxy
@ -20,6 +40,9 @@ class init_checkssl_test extends DokuWikiTest {
* HTTP_X_FORWARDED_PROTO set to http
*/
function test2() {
global $conf;
$conf['trustedproxy'] = '^(::1|[fF][eE]80:|127\.|10\.|192\.168\.|172\.((1[6-9])|(2[0-9])|(3[0-1]))\.)';
$_SERVER['REMOTE_ADDR'] = '127.0.0.1';
$_SERVER['HTTP_X_FORWARDED_PROTO'] = 'http';
$this->assertEquals(is_ssl(), false);
@ -31,6 +54,9 @@ class init_checkssl_test extends DokuWikiTest {
* HTTP_X_FORWARDED_PROTO set to https
*/
function test3() {
global $conf;
$conf['trustedproxy'] = '^(::1|[fF][eE]80:|127\.|10\.|192\.168\.|172\.((1[6-9])|(2[0-9])|(3[0-1]))\.)';
$_SERVER['REMOTE_ADDR'] = '127.0.0.1';
$_SERVER['HTTP_X_FORWARDED_PROTO'] = 'https';
$_SERVER['HTTPS'] = 'off';
@ -73,6 +99,9 @@ class init_checkssl_test extends DokuWikiTest {
* HTTP_X_FORWARDED_PROTO set to https
*/
function test7() {
global $conf;
$conf['trustedproxy'] = '^(::1|[fF][eE]80:|127\.|10\.|192\.168\.|172\.((1[6-9])|(2[0-9])|(3[0-1]))\.)';
$_SERVER['REMOTE_ADDR'] = '127.0.0.1';
$_SERVER['HTTP_X_FORWARDED_PROTO'] = 'https';
$_SERVER['HTTPS'] = 'on';

12
inc/init.php
View File

@ -495,7 +495,13 @@ function getBaseURL($abs = null)
//split hostheader into host and port
if (isset($_SERVER['HTTP_HOST'])) {
$parsed_host = parse_url('http://' . $_SERVER['HTTP_HOST']);
if ((!empty($conf['trustedproxy'])) && isset($_SERVER['HTTP_X_FORWARDED_HOST'])
&& preg_match('/' . $conf['trustedproxy'] . '/', $_SERVER['REMOTE_ADDR'])) {
$cur_host = $_SERVER['HTTP_X_FORWARDED_HOST'];
} else {
$cur_host = $_SERVER['HTTP_HOST'];
}
$parsed_host = parse_url('http://' . $cur_host);
$host = $parsed_host['host'] ?? '';
$port = $parsed_host['port'] ?? '';
} elseif (isset($_SERVER['SERVER_NAME'])) {
@ -535,7 +541,9 @@ function getBaseURL($abs = null)
function is_ssl()
{
// check if we are behind a reverse proxy
if (($_SERVER['HTTP_X_FORWARDED_PROTO'] ?? '') == 'https') {
if ((!empty($conf['trustedproxy'])) && isset($_SERVER['HTTP_X_FORWARDED_PROTO'])
&& preg_match('/' . $conf['trustedproxy'] . '/', $_SERVER['REMOTE_ADDR'])
&& ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')) {
return true;
}