diff --git a/application/HttpUtils.php b/application/HttpUtils.php
index 175333a..499220c 100644
--- a/application/HttpUtils.php
+++ b/application/HttpUtils.php
@@ -50,3 +50,83 @@ function get_http_url($url, $timeout = 30, $maxBytes = 4194304)
return array(get_headers($url, 1), $content);
}
+
+/**
+ * Returns the server's base URL: scheme://domain.tld[:port]
+ *
+ * @param array $server the $_SERVER array
+ *
+ * @return string the server's base URL
+ *
+ * @see http://www.ietf.org/rfc/rfc7239.txt
+ * @see http://www.ietf.org/rfc/rfc6648.txt
+ * @see http://stackoverflow.com/a/3561399
+ * @see http://stackoverflow.com/q/452375
+ */
+function server_url($server)
+{
+ $scheme = 'http';
+ $port = '';
+
+ // Shaarli is served behind a proxy
+ if (isset($server['HTTP_X_FORWARDED_PROTO'])) {
+ // Keep forwarded scheme
+ $scheme = $server['HTTP_X_FORWARDED_PROTO'];
+
+ if (isset($server['HTTP_X_FORWARDED_PORT'])) {
+ // Keep forwarded port
+ $port = ':'.$server['HTTP_X_FORWARDED_PORT'];
+ }
+
+ return $scheme.'://'.$server['SERVER_NAME'].$port;
+ }
+
+ // SSL detection
+ if ((! empty($server['HTTPS']) && strtolower($server['HTTPS']) == 'on')
+ || (isset($server['SERVER_PORT']) && $server['SERVER_PORT'] == '443')) {
+ $scheme = 'https';
+ }
+
+ // Do not append standard port values
+ if (($scheme == 'http' && $server['SERVER_PORT'] != '80')
+ || ($scheme == 'https' && $server['SERVER_PORT'] != '443')) {
+ $port = ':'.$server['SERVER_PORT'];
+ }
+
+ return $scheme.'://'.$server['SERVER_NAME'].$port;
+}
+
+/**
+ * Returns the absolute URL of the current script, without the query
+ *
+ * If the resource is "index.php", then it is removed (for better-looking URLs)
+ *
+ * @param array $server the $_SERVER array
+ *
+ * @return string the absolute URL of the current script, without the query
+ */
+function index_url($server)
+{
+ $scriptname = $server['SCRIPT_NAME'];
+ if (endswith($scriptname, 'index.php')) {
+ $scriptname = substr($scriptname, 0, -9);
+ }
+ return server_url($server) . $scriptname;
+}
+
+/**
+ * Returns the absolute URL of the current script, with the query
+ *
+ * If the resource is "index.php", then it is removed (for better-looking URLs)
+ *
+ * @param array $server the $_SERVER array
+ *
+ * @return string the absolute URL of the current script, with the query
+ */
+function page_url($server)
+{
+ if (! empty($server['QUERY_STRING'])) {
+ return index_url($server).'?'.$server['QUERY_STRING'];
+ }
+ return index_url($server);
+}
diff --git a/index.php b/index.php
index 7818ee8..c1ddf4b 100755
--- a/index.php
+++ b/index.php
@@ -131,7 +131,7 @@ header("Pragma: no-cache");
if (!is_writable(realpath(dirname(__FILE__)))) die('ERROR: Shaarli does not have the right to write in its own directory.
');
// Handling of old config file which do not have the new parameters.
-if (empty($GLOBALS['title'])) $GLOBALS['title']='Shared links on '.escape(indexUrl());
+if (empty($GLOBALS['title'])) $GLOBALS['title']='Shared links on '.escape(index_url($_SERVER));
if (empty($GLOBALS['timezone'])) $GLOBALS['timezone']=date_default_timezone_get();
if (empty($GLOBALS['redirector'])) $GLOBALS['redirector']='';
if (empty($GLOBALS['disablesessionprotection'])) $GLOBALS['disablesessionprotection']=false;
@@ -277,8 +277,8 @@ function pubsubhub()
{
$p = new Publisher($GLOBALS['config']['PUBSUBHUB_URL']);
$topic_url = array (
- indexUrl().'?do=atom',
- indexUrl().'?do=rss'
+ index_url($_SERVER).'?do=atom',
+ index_url($_SERVER).'?do=rss'
);
$p->publish_update($topic_url);
}
@@ -458,34 +458,6 @@ if (isset($_POST['login']))
// ------------------------------------------------------------------------------------------
// Misc utility functions:
-// Returns the server URL (including port and http/https), without path.
-// e.g. "http://myserver.com:8080"
-// You can append $_SERVER['SCRIPT_NAME'] to get the current script URL.
-function serverUrl()
-{
- $https = (!empty($_SERVER['HTTPS']) && (strtolower($_SERVER['HTTPS'])=='on')) || $_SERVER["SERVER_PORT"]=='443' || (!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https'); // HTTPS detection.
- $serverport = ($_SERVER["SERVER_PORT"]=='80' || ($https && $_SERVER["SERVER_PORT"]=='443') ? '' : ':'.$_SERVER["SERVER_PORT"]);
- return 'http'.($https?'s':'').'://'.$_SERVER['SERVER_NAME'].$serverport;
-}
-
-// Returns the absolute URL of current script, without the query.
-// (e.g. http://sebsauvage.net/links/)
-function indexUrl()
-{
- $scriptname = $_SERVER["SCRIPT_NAME"];
- // If the script is named 'index.php', we remove it (for better looking URLs,
- // e.g. http://mysite.com/shaarli/?abcde instead of http://mysite.com/shaarli/index.php?abcde)
- if (endswith($scriptname,'index.php')) $scriptname = substr($scriptname,0,strlen($scriptname)-9);
- return serverUrl() . $scriptname;
-}
-
-// Returns the absolute URL of current script, WITH the query.
-// (e.g. http://sebsauvage.net/links/?toto=titi&spamspamspam=humbug)
-function pageUrl()
-{
- return indexUrl().(!empty($_SERVER["QUERY_STRING"]) ? '?'.$_SERVER["QUERY_STRING"] : '');
-}
-
// Convert post_max_size/upload_max_filesize (e.g. '16M') parameters to bytes.
function return_bytes($val)
{
@@ -591,14 +563,14 @@ class pageBuilder
{
$this->tpl = new RainTPL;
$this->tpl->assign('newversion',escape(checkUpdate()));
- $this->tpl->assign('feedurl',escape(indexUrl()));
+ $this->tpl->assign('feedurl',escape(index_url($_SERVER)));
$searchcrits=''; // Search criteria
if (!empty($_GET['searchtags'])) $searchcrits.='&searchtags='.urlencode($_GET['searchtags']);
elseif (!empty($_GET['searchterm'])) $searchcrits.='&searchterm='.urlencode($_GET['searchterm']);
$this->tpl->assign('searchcrits',$searchcrits);
- $this->tpl->assign('source',indexUrl());
+ $this->tpl->assign('source',index_url($_SERVER));
$this->tpl->assign('version',shaarli_version);
- $this->tpl->assign('scripturl',indexUrl());
+ $this->tpl->assign('scripturl',index_url($_SERVER));
$this->tpl->assign('pagetitle','Shaarli');
$this->tpl->assign('privateonly',!empty($_SESSION['privateonly'])); // Show only private links?
if (!empty($GLOBALS['title'])) $this->tpl->assign('pagetitle',$GLOBALS['title']);
@@ -639,7 +611,7 @@ function showRSS()
$query = $_SERVER["QUERY_STRING"];
$cache = new CachedPage(
$GLOBALS['config']['PAGECACHE'],
- pageUrl(),
+ page_url($_SERVER),
startsWith($query,'do=rss') && !isLoggedIn()
);
$cached = $cache->cachedVersion();
@@ -668,7 +640,7 @@ function showRSS()
$nblinksToDisplay = $_GET['nb']=='all' ? count($linksToDisplay) : max($_GET['nb']+0,1) ;
}
- $pageaddr=escape(indexUrl());
+ $pageaddr=escape(index_url($_SERVER));
echo '';
echo ''.$GLOBALS['title'].''.$pageaddr.'';
echo 'Shared linksen-en'.$pageaddr.''."\n\n";
@@ -706,7 +678,7 @@ function showRSS()
echo ''."\n\n";
$i++;
}
- echo '';
+ echo '';
$cache->cache(ob_get_contents());
ob_end_flush();
@@ -727,7 +699,7 @@ function showATOM()
$query = $_SERVER["QUERY_STRING"];
$cache = new CachedPage(
$GLOBALS['config']['PAGECACHE'],
- pageUrl(),
+ page_url($_SERVER),
startsWith($query,'do=atom') && !isLoggedIn()
);
$cached = $cache->cachedVersion();
@@ -756,7 +728,7 @@ function showATOM()
$nblinksToDisplay = $_GET['nb']=='all' ? count($linksToDisplay) : max($_GET['nb']+0,1) ;
}
- $pageaddr=escape(indexUrl());
+ $pageaddr=escape(index_url($_SERVER));
$latestDate = '';
$entries='';
$i=0;
@@ -794,7 +766,7 @@ function showATOM()
$feed='';
$feed.=''.$GLOBALS['title'].'';
if (!$GLOBALS['config']['HIDE_TIMESTAMPS'] || isLoggedIn()) $feed.=''.escape($latestDate).'';
- $feed.='';
+ $feed.='';
if (!empty($GLOBALS['config']['PUBSUBHUB_URL']))
{
$feed.='';
@@ -804,7 +776,7 @@ function showATOM()
$feed.=''.$pageaddr.''.$pageaddr.'';
$feed.=''.$pageaddr.''."\n\n"; // Yes, I know I should use a real IRI (RFC3987), but the site URL will do.
$feed.=$entries;
- $feed.='';
+ $feed.='';
echo $feed;
$cache->cache(ob_get_contents());
@@ -821,7 +793,7 @@ function showDailyRSS() {
$query = $_SERVER["QUERY_STRING"];
$cache = new CachedPage(
$GLOBALS['config']['PAGECACHE'],
- pageUrl(),
+ page_url($_SERVER),
startsWith($query,'do=dailyrss') && !isLoggedIn()
);
$cached = $cache->cachedVersion();
@@ -866,7 +838,7 @@ function showDailyRSS() {
// Build the RSS feed.
header('Content-Type: application/rss+xml; charset=utf-8');
- $pageaddr = escape(indexUrl());
+ $pageaddr = escape(index_url($_SERVER));
echo '';
echo '';
echo 'Daily - '. $GLOBALS['title'] . '';
@@ -879,7 +851,7 @@ function showDailyRSS() {
foreach ($days as $day => $linkdates) {
$daydate = linkdate2timestamp($day.'_000000'); // Full text date
$rfc822date = linkdate2rfc822($day.'_000000');
- $absurl = escape(indexUrl().'?do=daily&day='.$day); // Absolute URL of the corresponding "Daily" page.
+ $absurl = escape(index_url($_SERVER).'?do=daily&day='.$day); // Absolute URL of the corresponding "Daily" page.
// Build the HTML body of this RSS entry.
$html = '';
@@ -893,7 +865,7 @@ function showDailyRSS() {
$l['thumbnail'] = thumbnail($l['url']);
$l['timestamp'] = linkdate2timestamp($l['linkdate']);
if (startsWith($l['url'], '?')) {
- $l['url'] = indexUrl() . $l['url']; // make permalink URL absolute
+ $l['url'] = index_url($_SERVER) . $l['url']; // make permalink URL absolute
}
$links[$linkdate] = $l;
}
@@ -909,7 +881,7 @@ function showDailyRSS() {
echo $html . PHP_EOL;
}
- echo '';
+ echo '';
$cache->cache(ob_get_contents());
ob_end_flush();
@@ -1201,7 +1173,7 @@ function renderPage()
{
$PAGE = new pageBuilder;
$PAGE->assign('linkcount',count($LINKSDB));
- $PAGE->assign('pageabsaddr',indexUrl());
+ $PAGE->assign('pageabsaddr',index_url($_SERVER));
$PAGE->renderPage('tools');
exit;
}
@@ -1767,7 +1739,7 @@ function buildLinkList($PAGE,$LINKSDB)
if ($link["url"][0] === '?' && // Check for both signs of a note: starting with ? and 7 chars long. I doubt that you'll post any links that look like this.
strlen($link["url"]) === 7) {
- $link["url"] = indexUrl() . $link["url"];
+ $link["url"] = index_url($_SERVER) . $link["url"];
}
$linkDisp[$keys[$i]] = $link;
@@ -1902,7 +1874,7 @@ function computeThumbnail($url,$href=false)
if ("/talks/" !== substr($path,0,7)) return array(); // This is not a single video URL.
}
$sign = hash_hmac('sha256', $url, $GLOBALS['salt']); // We use the salt to sign data (it's random, secret, and specific to each installation)
- return array('src'=>indexUrl().'?do=genthumbnail&hmac='.$sign.'&url='.urlencode($url),
+ return array('src'=>index_url($_SERVER).'?do=genthumbnail&hmac='.$sign.'&url='.urlencode($url),
'href'=>$href,'width'=>'120','style'=>'height:auto;','alt'=>'thumbnail');
}
@@ -1913,7 +1885,7 @@ function computeThumbnail($url,$href=false)
if ($ext=='jpg' || $ext=='jpeg' || $ext=='png' || $ext=='gif')
{
$sign = hash_hmac('sha256', $url, $GLOBALS['salt']); // We use the salt to sign data (it's random, secret, and specific to each installation)
- return array('src'=>indexUrl().'?do=genthumbnail&hmac='.$sign.'&url='.urlencode($url),
+ return array('src'=>index_url($_SERVER).'?do=genthumbnail&hmac='.$sign.'&url='.urlencode($url),
'href'=>$href,'width'=>'120','style'=>'height:auto;','alt'=>'thumbnail');
}
return array(); // No thumbnail.
@@ -1999,11 +1971,11 @@ function install()
if (!isset($_SESSION['session_tested']))
{ // Step 1 : Try to store data in session and reload page.
$_SESSION['session_tested'] = 'Working'; // Try to set a variable in session.
- header('Location: '.indexUrl().'?test_session'); // Redirect to check stored data.
+ header('Location: '.index_url($_SERVER).'?test_session'); // Redirect to check stored data.
}
if (isset($_GET['test_session']))
{ // Step 3: Sessions are OK. Remove test parameter from URL.
- header('Location: '.indexUrl());
+ header('Location: '.index_url($_SERVER));
}
@@ -2020,7 +1992,7 @@ function install()
$GLOBALS['login'] = $_POST['setlogin'];
$GLOBALS['salt'] = sha1(uniqid('',true).'_'.mt_rand()); // Salt renders rainbow-tables attacks useless.
$GLOBALS['hash'] = sha1($_POST['setpassword'].$GLOBALS['login'].$GLOBALS['salt']);
- $GLOBALS['title'] = (empty($_POST['title']) ? 'Shared links on '.escape(indexUrl()) : $_POST['title'] );
+ $GLOBALS['title'] = (empty($_POST['title']) ? 'Shared links on '.escape(index_url($_SERVER)) : $_POST['title'] );
$GLOBALS['config']['ENABLE_UPDATECHECK'] = !empty($_POST['updateCheck']);
try {
writeConfig($GLOBALS, isLoggedIn());
diff --git a/tests/HttpUtilsTest.php b/tests/HttpUtils/GetHttpUrlTest.php
similarity index 100%
rename from tests/HttpUtilsTest.php
rename to tests/HttpUtils/GetHttpUrlTest.php
diff --git a/tests/HttpUtils/IndexUrlTest.php b/tests/HttpUtils/IndexUrlTest.php
new file mode 100644
index 0000000..337dcab
--- /dev/null
+++ b/tests/HttpUtils/IndexUrlTest.php
@@ -0,0 +1,72 @@
+assertEquals(
+ 'http://host.tld/',
+ index_url(
+ array(
+ 'HTTPS' => 'Off',
+ 'SERVER_NAME' => 'host.tld',
+ 'SERVER_PORT' => '80',
+ 'SCRIPT_NAME' => '/index.php'
+ )
+ )
+ );
+
+ $this->assertEquals(
+ 'http://host.tld/admin/',
+ index_url(
+ array(
+ 'HTTPS' => 'Off',
+ 'SERVER_NAME' => 'host.tld',
+ 'SERVER_PORT' => '80',
+ 'SCRIPT_NAME' => '/admin/index.php'
+ )
+ )
+ );
+ }
+
+ /**
+ * The resource is != "index.php"
+ */
+ public function testOtherResource()
+ {
+ $this->assertEquals(
+ 'http://host.tld/page.php',
+ page_url(
+ array(
+ 'HTTPS' => 'Off',
+ 'SERVER_NAME' => 'host.tld',
+ 'SERVER_PORT' => '80',
+ 'SCRIPT_NAME' => '/page.php'
+ )
+ )
+ );
+
+ $this->assertEquals(
+ 'http://host.tld/admin/page.php',
+ page_url(
+ array(
+ 'HTTPS' => 'Off',
+ 'SERVER_NAME' => 'host.tld',
+ 'SERVER_PORT' => '80',
+ 'SCRIPT_NAME' => '/admin/page.php'
+ )
+ )
+ );
+ }
+}
diff --git a/tests/HttpUtils/PageUrlTest.php b/tests/HttpUtils/PageUrlTest.php
new file mode 100644
index 0000000..4dbbe9c
--- /dev/null
+++ b/tests/HttpUtils/PageUrlTest.php
@@ -0,0 +1,76 @@
+assertEquals(
+ 'http://host.tld/?p1=v1&p2=v2',
+ page_url(
+ array(
+ 'HTTPS' => 'Off',
+ 'SERVER_NAME' => 'host.tld',
+ 'SERVER_PORT' => '80',
+ 'SCRIPT_NAME' => '/index.php',
+ 'QUERY_STRING' => 'p1=v1&p2=v2'
+ )
+ )
+ );
+
+ $this->assertEquals(
+ 'http://host.tld/admin/?action=edit_tag',
+ page_url(
+ array(
+ 'HTTPS' => 'Off',
+ 'SERVER_NAME' => 'host.tld',
+ 'SERVER_PORT' => '80',
+ 'SCRIPT_NAME' => '/admin/index.php',
+ 'QUERY_STRING' => 'action=edit_tag'
+ )
+ )
+ );
+ }
+
+ /**
+ * The resource is != "index.php"
+ */
+ public function testOtherResource()
+ {
+ $this->assertEquals(
+ 'http://host.tld/page.php?p1=v1&p2=v2',
+ page_url(
+ array(
+ 'HTTPS' => 'Off',
+ 'SERVER_NAME' => 'host.tld',
+ 'SERVER_PORT' => '80',
+ 'SCRIPT_NAME' => '/page.php',
+ 'QUERY_STRING' => 'p1=v1&p2=v2'
+ )
+ )
+ );
+
+ $this->assertEquals(
+ 'http://host.tld/admin/page.php?action=edit_tag',
+ page_url(
+ array(
+ 'HTTPS' => 'Off',
+ 'SERVER_NAME' => 'host.tld',
+ 'SERVER_PORT' => '80',
+ 'SCRIPT_NAME' => '/admin/page.php',
+ 'QUERY_STRING' => 'action=edit_tag'
+ )
+ )
+ );
+ }
+}
diff --git a/tests/HttpUtils/ServerUrlTest.php b/tests/HttpUtils/ServerUrlTest.php
new file mode 100644
index 0000000..5096db6
--- /dev/null
+++ b/tests/HttpUtils/ServerUrlTest.php
@@ -0,0 +1,135 @@
+assertEquals(
+ 'https://host.tld',
+ server_url(
+ array(
+ 'HTTPS' => 'ON',
+ 'SERVER_NAME' => 'host.tld',
+ 'SERVER_PORT' => '443'
+ )
+ )
+ );
+
+ $this->assertEquals(
+ 'https://host.tld:8080',
+ server_url(
+ array(
+ 'HTTPS' => 'ON',
+ 'SERVER_NAME' => 'host.tld',
+ 'SERVER_PORT' => '8080'
+ )
+ )
+ );
+ }
+
+ /**
+ * Detect a Proxy with SSL enabled
+ */
+ public function testHttpsProxyForward()
+ {
+ $this->assertEquals(
+ 'https://host.tld:8080',
+ server_url(
+ array(
+ 'HTTPS' => 'Off',
+ 'SERVER_NAME' => 'host.tld',
+ 'SERVER_PORT' => '80',
+ 'HTTP_X_FORWARDED_PROTO' => 'https',
+ 'HTTP_X_FORWARDED_PORT' => '8080'
+ )
+ )
+ );
+
+ $this->assertEquals(
+ 'https://host.tld',
+ server_url(
+ array(
+ 'HTTPS' => 'Off',
+ 'SERVER_NAME' => 'host.tld',
+ 'SERVER_PORT' => '80',
+ 'HTTP_X_FORWARDED_PROTO' => 'https'
+ )
+ )
+ );
+ }
+
+ /**
+ * Detect if the server uses a specific port (!= 80)
+ */
+ public function testPort()
+ {
+ // HTTP
+ $this->assertEquals(
+ 'http://host.tld:8080',
+ server_url(
+ array(
+ 'HTTPS' => 'OFF',
+ 'SERVER_NAME' => 'host.tld',
+ 'SERVER_PORT' => '8080'
+ )
+ )
+ );
+
+ // HTTPS
+ $this->assertEquals(
+ 'https://host.tld:8080',
+ server_url(
+ array(
+ 'HTTPS' => 'ON',
+ 'SERVER_NAME' => 'host.tld',
+ 'SERVER_PORT' => '8080'
+ )
+ )
+ );
+ }
+
+ /**
+ * HTTP server on port 80
+ */
+ public function testStandardHttpPort()
+ {
+ $this->assertEquals(
+ 'http://host.tld',
+ server_url(
+ array(
+ 'HTTPS' => 'OFF',
+ 'SERVER_NAME' => 'host.tld',
+ 'SERVER_PORT' => '80'
+ )
+ )
+ );
+ }
+
+ /**
+ * HTTPS server on port 443
+ */
+ public function testStandardHttpsPort()
+ {
+ $this->assertEquals(
+ 'https://host.tld',
+ server_url(
+ array(
+ 'HTTPS' => 'ON',
+ 'SERVER_NAME' => 'host.tld',
+ 'SERVER_PORT' => '443'
+ )
+ )
+ );
+ }
+}