Fix port detection (2388423)

author pdontthink <pdontthink@7612ce4b-ef26-0410-bec9-ea0150e637f0>

Thu, 4 Dec 2008 21:34:53 +0000 (21:34 +0000)

committer pdontthink <pdontthink@7612ce4b-ef26-0410-bec9-ea0150e637f0>

Thu, 4 Dec 2008 21:34:53 +0000 (21:34 +0000)
author pdontthink <pdontthink@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Thu, 4 Dec 2008 21:34:53 +0000 (21:34 +0000)
committer pdontthink <pdontthink@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Thu, 4 Dec 2008 21:34:53 +0000 (21:34 +0000)
diff --git a/functions/strings.php b/functions/strings.php

index 1fcbd6dc9b7bfc5c8484e4d87f69cb12755f1fde..b199b1f8f810d2af4eed8a34ff2a298a8bbe9621 100644 (file)
--- a/functions/strings.php
+++ b/functions/strings.php
@@ -509,6 +509,17 @@ function get_location () {
  
      $port = '';
      if (! strstr($host, ':')) {
+        // Note: HTTP_X_FORWARDED_PROTO could be sent from the client and
+        //       therefore possibly spoofed/hackable - for now, the
+        //       administrator can tell SM to ignore this value by setting
+        //       $sq_ignore_http_x_forwarded_headers to boolean TRUE in
+        //       config/config_local.php, but in the future we may
+        //       want to default this to TRUE and make administrators
+        //       who use proxy systems turn it off (see 1.5.2+).
+        global $sq_ignore_http_x_forwarded_headers;
+        if ($sq_ignore_http_x_forwarded_headers
+         || !sqgetGlobalVar('HTTP_X_FORWARDED_PROTO', $forwarded_proto, SQ_SERVER))
+            $forwarded_proto = '';
          if (sqgetGlobalVar('SERVER_PORT', $server_port, SQ_SERVER)) {
              if (($server_port != 80 && $proto == 'http://') ||
                  ($server_port != 443 && $proto == 'https://' &&
author	pdontthink <pdontthink@7612ce4b-ef26-0410-bec9-ea0150e637f0>
	Thu, 4 Dec 2008 21:34:53 +0000 (21:34 +0000)
committer	pdontthink <pdontthink@7612ce4b-ef26-0410-bec9-ea0150e637f0>
	Thu, 4 Dec 2008 21:34:53 +0000 (21:34 +0000)