diff options
| author | Tristan Darricau <tristan.darricau@sensiolabs.com> | 2016-03-27 12:56:03 +0200 |
|---|---|---|
| committer | Tristan Darricau <tristan.darricau@sensiolabs.com> | 2016-03-27 12:56:03 +0200 |
| commit | 5442a2596718ea2ce81dfa31c44549f62311cd47 (patch) | |
| tree | 43d3ba6aba4298e155b2926d5133fb213d3ef846 | |
| parent | 50737da051bc949b71aa7516dda8bebbfe61c73c (diff) | |
| parent | f22bd4e511697bedb76c1909148753b3581adb1f (diff) | |
| download | forums-5442a2596718ea2ce81dfa31c44549f62311cd47.tar forums-5442a2596718ea2ce81dfa31c44549f62311cd47.tar.gz forums-5442a2596718ea2ce81dfa31c44549f62311cd47.tar.bz2 forums-5442a2596718ea2ce81dfa31c44549f62311cd47.tar.xz forums-5442a2596718ea2ce81dfa31c44549f62311cd47.zip | |
Merge pull request #4182 from marc1706/ticket/14481
[ticket/14481] Respect HTTP_X_FORWARDED headers for implying https
* marc1706/ticket/14481:
[ticket/14481] Add tests for x_forwarded_proto header
[ticket/14481] Use port 443 if https is specified in x-forwarded-proto
[ticket/14481] Respect HTTP_X_FORWARDED headers for implying https
| -rw-r--r-- | phpBB/common.php | 8 | ||||
| -rw-r--r-- | phpBB/includes/functions.php | 6 | ||||
| -rw-r--r-- | phpBB/phpbb/auth/provider/oauth/oauth.php | 8 | ||||
| -rw-r--r-- | phpBB/phpbb/request/request.php | 4 | ||||
| -rw-r--r-- | tests/request/request_test.php | 106 |
5 files changed, 126 insertions, 6 deletions
diff --git a/phpBB/common.php b/phpBB/common.php index 0782bd7321..71d501e926 100644 --- a/phpBB/common.php +++ b/phpBB/common.php @@ -38,7 +38,13 @@ if (!defined('PHPBB_INSTALLED')) // available as used by the redirect function $server_name = (!empty($_SERVER['HTTP_HOST'])) ? strtolower($_SERVER['HTTP_HOST']) : ((!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME')); $server_port = (!empty($_SERVER['SERVER_PORT'])) ? (int) $_SERVER['SERVER_PORT'] : (int) getenv('SERVER_PORT'); - $secure = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? 1 : 0; + $secure = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') ? 1 : 0; + + if (!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') + { + $secure = 1; + $server_port = 443; + } $script_name = (!empty($_SERVER['PHP_SELF'])) ? $_SERVER['PHP_SELF'] : getenv('PHP_SELF'); if (!$script_name) diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 8e3f62230a..b225effacc 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -2234,6 +2234,12 @@ function generate_board_url($without_script_path = false) $server_name = $user->host; $server_port = $request->server('SERVER_PORT', 0); + $forwarded_proto = $request->server('HTTP_X_FORWARDED_PROTO'); + + if (!empty($forwarded_proto) && $forwarded_proto === 'https') + { + $server_port = 443; + } // Forcing server vars is the only way to specify/override the protocol if ($config['force_server_vars'] || !$server_name) diff --git a/phpBB/phpbb/auth/provider/oauth/oauth.php b/phpBB/phpbb/auth/provider/oauth/oauth.php index be0fbf5831..9f6345fbba 100644 --- a/phpBB/phpbb/auth/provider/oauth/oauth.php +++ b/phpBB/phpbb/auth/provider/oauth/oauth.php @@ -271,7 +271,13 @@ class oauth extends \phpbb\auth\provider\base } $uri_factory = new \OAuth\Common\Http\Uri\UriFactory(); - $current_uri = $uri_factory->createFromSuperGlobalArray($this->request->get_super_global(\phpbb\request\request_interface::SERVER)); + $super_globals = $this->request->get_super_global(\phpbb\request\request_interface::SERVER); + if (!empty($super_globals['HTTP_X_FORWARDED_PROTO']) && $super_globals['HTTP_X_FORWARDED_PROTO'] === 'https') + { + $super_globals['HTTPS'] = 'on'; + $super_globals['SERVER_PORT'] = 443; + } + $current_uri = $uri_factory->createFromSuperGlobalArray($super_globals); $current_uri->setQuery($query); $this->current_uri = $current_uri; diff --git a/phpBB/phpbb/request/request.php b/phpBB/phpbb/request/request.php index 56ce3999ed..4cac6fbaea 100644 --- a/phpBB/phpbb/request/request.php +++ b/phpBB/phpbb/request/request.php @@ -325,7 +325,9 @@ class request implements \phpbb\request\request_interface */ public function is_secure() { - return $this->server('HTTPS') == 'on'; + $https = $this->server('HTTPS'); + $https = $this->server('HTTP_X_FORWARDED_PROTO') === 'https' ? 'on' : $https; + return !empty($https) && $https !== 'off'; } /** diff --git a/tests/request/request_test.php b/tests/request/request_test.php index 131abe6aac..ebaea1f9ef 100644 --- a/tests/request/request_test.php +++ b/tests/request/request_test.php @@ -13,7 +13,10 @@ class phpbb_request_test extends phpbb_test_case { + /** @var \phpbb\request\type_cast_helper_interface */ private $type_cast_helper; + + /** @var \phpbb\request\request */ private $request; protected function setUp() @@ -143,15 +146,112 @@ class phpbb_request_test extends phpbb_test_case $this->assertTrue($this->request->is_ajax()); } - public function test_is_secure() + public function data_is_secure() + { + return array( + array( + array( + 'HTTPS' => 'on', + ), + true, + ), + array( + array( + 'HTTPS' => '1', + ), + true, + ), + array( + array( + 'HTTPS' => 'yes', + ), + true, + ), + array( + array( + 'HTTPS' => 1, + ), + true, + ), + array( + array( + 'HTTPS' => 'off', + ), + false, + ), + array( + array( + 'HTTPS' => '0', + ), + false, + ), + array( + array( + 'HTTPS' => 0, + ), + false, + ), + array( + array( + 'HTTPS' => '', + ), + false, + ), + array( + array( + 'HTTPS' => 'off', + 'HTTP_X_FORWARDED_PROTO' => 'https', + ), + true, + ), + array( + array( + 'HTTPS' => 'on', + 'HTTP_X_FORWARDED_PROTO' => 'http', + ), + true, + ), + array( + array( + 'HTTPS' => 'off', + 'HTTP_X_FORWARDED_PROTO' => 'http', + ), + false, + ), + array( + array( + 'HTTP_X_FORWARDED_PROTO' => 'http', + ), + false, + ), + array( + array( + 'HTTP_X_FORWARDED_PROTO' => 'https', + ), + true, + ), + array( + array( + 'HTTPS' => 'on', + 'HTTP_X_FORWARDED_PROTO' => 'http', + ), + true, + ), + ); + } + + /** + * @dataProvider data_is_secure + */ + public function test_is_secure($server_data, $expected) { $this->assertFalse($this->request->is_secure()); $this->request->enable_super_globals(); - $_SERVER['HTTPS'] = 'on'; + $_SERVER = $server_data; $this->request = new \phpbb\request\request($this->type_cast_helper); - $this->assertTrue($this->request->is_secure()); + $this->assertSame($expected, $this->request->is_secure()); } public function test_variable_names() |