opensourcemirror
/
dokuwiki
mirror of https://github.com/splitbrain/dokuwiki.git
1
0
Fork 0
Code Issues Releases Wiki Activity

fix is_ssl() check 

There was a global statement missing? This seems to have to been
broken in one of the recent merges.

Tests have been cleaned up but not changes in logic.
This commit is contained in:
Andreas Gohr 2024-01-26 14:58:51 +01:00
parent 754eefa383
commit e860a4fbf1
2 changed files with 96 additions and 85 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

179
_test/tests/inc/init_checkssl.test.php
View File

@ -1,110 +1,119 @@
<?php
class init_checkssl_test extends DokuWikiTest {
class init_checkssl_test extends DokuWikiTest
{
/**
* Running behind an SSL proxy, HTTP between server and proxy
* Proxy (REMOTE_ADDR) is matched by default trustedproxy config regex
* HTTPS not set
* HTTP_X_FORWARDED_PROTO
* set to https
*/
function test1a() {
global $conf;
$conf['trustedproxy'] = '^(::1|[fF][eE]80:|127\.|10\.|192\.168\.|172\.((1[6-9])|(2[0-9])|(3[0-1]))\.)';
$_SERVER['REMOTE_ADDR'] = '127.0.0.1';
$_SERVER['HTTP_X_FORWARDED_PROTO'] = 'https';
$this->assertEquals(is_ssl(), true);
}
/**
* Running behind an SSL proxy, HTTP between server and proxy
* Running behind an SSL proxy, HTTP between server and proxy
* Proxy (REMOTE_ADDR) is matched by default trustedproxy config regex
* HTTPS not set
* HTTP_X_FORWARDED_PROTO
* set to https
*/
function test1a()
{
global $conf;
$conf['trustedproxy'] = '^(::1|[fF][eE]80:|127\.|10\.|192\.168\.|172\.((1[6-9])|(2[0-9])|(3[0-1]))\.)';
$_SERVER['REMOTE_ADDR'] = '127.0.0.1';
$_SERVER['HTTP_X_FORWARDED_PROTO'] = 'https';
$this->assertTrue(is_ssl());
}
/**
* Running behind an SSL proxy, HTTP between server and proxy
* Proxy (REMOTE_ADDR) is not matched by default trustedproxy config regex
* HTTPS not set
* HTTP_X_FORWARDED_PROTO
* set to https
*/
function test1b() {
* HTTPS not set
* HTTP_X_FORWARDED_PROTO
* set to https
*/
function test1b()
{
global $conf;
$conf['trustedproxy'] = '^(::1|[fF][eE]80:|127\.|10\.|192\.168\.|172\.((1[6-9])|(2[0-9])|(3[0-1]))\.)';
$_SERVER['REMOTE_ADDR'] = '8.8.8.8';
$_SERVER['HTTP_X_FORWARDED_PROTO'] = 'https';
$_SERVER['REMOTE_ADDR'] = '8.8.8.8';
$_SERVER['HTTP_X_FORWARDED_PROTO'] = 'https';
$this->assertEquals(is_ssl(), false);
}
$this->assertFalse(is_ssl());
}
/**
* Running behind a plain HTTP proxy, HTTP between server and proxy
* HTTPS not set
* HTTP_X_FORWARDED_PROTO set to http
*/
function test2() {
/**
* Running behind a plain HTTP proxy, HTTP between server and proxy
* HTTPS not set
* HTTP_X_FORWARDED_PROTO set to http
*/
function test2()
{
global $conf;
$conf['trustedproxy'] = '^(::1|[fF][eE]80:|127\.|10\.|192\.168\.|172\.((1[6-9])|(2[0-9])|(3[0-1]))\.)';
$_SERVER['REMOTE_ADDR'] = '127.0.0.1';
$_SERVER['HTTP_X_FORWARDED_PROTO'] = 'http';
$_SERVER['REMOTE_ADDR'] = '127.0.0.1';
$_SERVER['HTTP_X_FORWARDED_PROTO'] = 'http';
$this->assertEquals(is_ssl(), false);
}
$this->assertFalse(is_ssl());
}
/**
* Running behind an SSL proxy, HTTP between server and proxy
* HTTPS set to off,
* HTTP_X_FORWARDED_PROTO set to https
*/
function test3() {
/**
* Running behind an SSL proxy, HTTP between server and proxy
* HTTPS set to off,
* HTTP_X_FORWARDED_PROTO set to https
*/
function test3()
{
global $conf;
$conf['trustedproxy'] = '^(::1|[fF][eE]80:|127\.|10\.|192\.168\.|172\.((1[6-9])|(2[0-9])|(3[0-1]))\.)';
$_SERVER['REMOTE_ADDR'] = '127.0.0.1';
$_SERVER['HTTP_X_FORWARDED_PROTO'] = 'https';
$_SERVER['HTTPS'] = 'off';
$_SERVER['REMOTE_ADDR'] = '127.0.0.1';
$_SERVER['HTTP_X_FORWARDED_PROTO'] = 'https';
$_SERVER['HTTPS'] = 'off';
$this->assertEquals(is_ssl(), true);
}
$this->assertTrue(is_ssl());
}
/**
* Not running behind a proxy, HTTPS server
* HTTPS set to on,
* HTTP_X_FORWARDED_PROTO not set
*/
function test4() {
$_SERVER['HTTPS'] = 'on';
/**
* Not running behind a proxy, HTTPS server
* HTTPS set to on,
* HTTP_X_FORWARDED_PROTO not set
*/
function test4()
{
$_SERVER['HTTPS'] = 'on';
$this->assertEquals(is_ssl(), true);
}
$this->assertTrue(is_ssl());
}
/**
* Not running behind a proxy, plain HTTP server
* HTTPS not set
* HTTP_X_FORWARDED_PROTO not set
*/
function test5() {
$this->assertEquals(is_ssl(), false);
}
/**
* Not running behind a proxy, plain HTTP server
* HTTPS not set
* HTTP_X_FORWARDED_PROTO not set
*/
function test5()
{
$this->assertFalse(is_ssl());
}
/**
* Not running behind a proxy, plain HTTP server
* HTTPS set to off
* HTTP_X_FORWARDED_PROTO not set
*/
function test6() {
$_SERVER['HTTPS'] = 'off';
$this->assertEquals(is_ssl(), false);
}
/**
* Not running behind a proxy, plain HTTP server
* HTTPS set to off
* HTTP_X_FORWARDED_PROTO not set
*/
function test6()
{
$_SERVER['HTTPS'] = 'off';
$this->assertFalse(is_ssl());
}
/**
* Running behind an SSL proxy, SSL between proxy and HTTP server
* HTTPS set to on,
* HTTP_X_FORWARDED_PROTO set to https
*/
function test7() {
/**
* Running behind an SSL proxy, SSL between proxy and HTTP server
* HTTPS set to on,
* HTTP_X_FORWARDED_PROTO set to https
*/
function test7()
{
global $conf;
$conf['trustedproxy'] = '^(::1|[fF][eE]80:|127\.|10\.|192\.168\.|172\.((1[6-9])|(2[0-9])|(3[0-1]))\.)';
$_SERVER['REMOTE_ADDR'] = '127.0.0.1';
$_SERVER['HTTP_X_FORWARDED_PROTO'] = 'https';
$_SERVER['HTTPS'] = 'on';
$_SERVER['REMOTE_ADDR'] = '127.0.0.1';
$_SERVER['HTTP_X_FORWARDED_PROTO'] = 'https';
$_SERVER['HTTPS'] = 'on';
$this->assertEquals(is_ssl(), true);
}
$this->assertTrue(is_ssl());
}
}

2
inc/init.php
View File

@ -542,6 +542,8 @@ function getBaseURL($abs = null)
*/
function is_ssl()
{
global $conf;
// check if we are behind a reverse proxy
if (
(!empty($conf['trustedproxy'])) && isset($_SERVER['HTTP_X_FORWARDED_PROTO'])