upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-05-28 04:32:30 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 26

more reliable host detection for reverse proxy scenarios

Browse source
This commit is contained in:
Frank Karlitschek 2012-06-05 12:53:48 +02:00
parent 44260a552c
commit d3bb01b598
1 changed files with 12 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
lib/base.php
View file

@ -376,13 +376,18 @@ class OC{
// CSRF protection
if(isset($_SERVER['HTTP_REFERER'])) $referer=$_SERVER['HTTP_REFERER']; else $referer='';
$protocol=OC_Helper::serverProtocol().'://';
$server=$protocol.OC_Helper::serverHost();
if(($_SERVER['REQUEST_METHOD']=='POST') and (substr($referer,0,strlen($server))<>$server)) {
$url = $protocol.OC_Helper::serverProtocol().OC::$WEBROOT.'/index.php';
header("Location: $url");
exit();
}
$refererhost=parse_url($referer);
if(isset($refererhost['host'])) $refererhost=$refererhost['host']; else $refererhost='';
$server=OC_Helper::serverHost();
$serverhost=parse_url($server);
if(isset($serverhost['host'])) $serverhost=$serverhost['host']; else $serverhost='';
if(!self::$CLI){
if(($_SERVER['REQUEST_METHOD']=='POST') and ($refererhost<>$serverhost)) {
$url = OC_Helper::serverProtocol().'://'.$server.OC::$WEBROOT.'/index.php';
header("Location: $url");
exit();
}
}
self::initSession();
self::initTemplateEngine();