mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-04-13 20:32:11 +02:00
Code Issues Releases Wiki Activity

[ticket/14481] Respect HTTP_X_FORWARDED headers for implying https

Browse Source 
PHPBB3-14481
This commit is contained in:
Marc Alexander 2016-02-15 21:40:52 +01:00
parent 17e21d5140
commit accf8f8625
3 changed files with 17 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
phpBB/common.php
View File

@ -38,7 +38,13 @@ if (!defined('PHPBB_INSTALLED'))
// available as used by the redirect function
$server_name = (!empty($_SERVER['HTTP_HOST'])) ? strtolower($_SERVER['HTTP_HOST']) : ((!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME'));
$server_port = (!empty($_SERVER['SERVER_PORT'])) ? (int) $_SERVER['SERVER_PORT'] : (int) getenv('SERVER_PORT');
$secure = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? 1 : 0;
$secure = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') ? 1 : 0;
if (!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https')
{
$secure = 1;
$server_port = 443;
}
$script_name = (!empty($_SERVER['PHP_SELF'])) ? $_SERVER['PHP_SELF'] : getenv('PHP_SELF');
if (!$script_name)

8
phpBB/phpbb/auth/provider/oauth/oauth.php
View File

@ -271,7 +271,13 @@ class oauth extends \phpbb\auth\provider\base
}
$uri_factory = new \OAuth\Common\Http\Uri\UriFactory();
$current_uri = $uri_factory->createFromSuperGlobalArray($this->request->get_super_global(\phpbb\request\request_interface::SERVER));
$super_globals = $this->request->get_super_global(\phpbb\request\request_interface::SERVER);
if (!empty($super_globals['HTTP_X_FORWARDED_PROTO']) && $super_globals['HTTP_X_FORWARDED_PROTO'] === 'https')
{
$super_globals['HTTPS'] = 'on';
$super_globals['SERVER_PORT'] = 443;
}
$current_uri = $uri_factory->createFromSuperGlobalArray($super_globals);
$current_uri->setQuery($query);
$this->current_uri = $current_uri;

4
phpBB/phpbb/request/request.php
View File

@ -325,7 +325,9 @@ class request implements \phpbb\request\request_interface
*/
public function is_secure()
{
return $this->server('HTTPS') == 'on';
$https = $this->server('HTTPS');
$https = $this->server('HTTP_X_FORWARDED_PROTO') === 'https' ? 'on' : $https;
return !empty($https) && $https !== 'off';
}
/**