From 0a0f05c66a21540d2cb93c3101231db60dadc8fe Mon Sep 17 00:00:00 2001
From: kink <kink@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Date: Thu, 18 May 2006 15:09:30 +0000
Subject: [PATCH] Take X-Forwarded-Host HTTP header in consideration when
 constructing base_uri for redirects; reduces problems with transparent
 proxies (#1488590). Also test strcasecmp on literally '0' with respect to
 #1047883 although I don't think it's absolutely necessary, it's safest.

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@11147 7612ce4b-ef26-0410-bec9-ea0150e637f0
---
 ChangeLog             |  3 +++
 functions/strings.php | 14 ++++++++------
 2 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index bc4780e3..f64500bc 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -56,6 +56,9 @@ Version 1.5.2 - CVS
   - Added PHP 5.1.0 date_default_timezone_set() function support. Allows
     to use time zone settings in PHP safe_mode.
   - Sanitized IMAP folder names in error_message() function and filters plugin.
+  - Take X-Forwarded-Host HTTP header in consideration when constructing
+    base_uri for redirects; reduces problems with transparent proxies
+    (#1488590).
 
 Version 1.5.1 (branched on 2006-02-12)
 --------------------------------------
diff --git a/functions/strings.php b/functions/strings.php
index 5f99b385..b95ff592 100644
--- a/functions/strings.php
+++ b/functions/strings.php
@@ -493,17 +493,19 @@ function get_location () {
      *     OR if you are on port 443
      */
     $getEnvVar = getenv('HTTPS');
-    if ((isset($getEnvVar) && !strcasecmp($getEnvVar, 'on')) ||
-        (sqgetGlobalVar('HTTPS', $https_on, SQ_SERVER) && !strcasecmp($https_on, 'on')) ||
+    if ((isset($getEnvVar) && strcasecmp($getEnvVar, 'on') === 0) ||
+        (sqgetGlobalVar('HTTPS', $https_on, SQ_SERVER) && strcasecmp($https_on, 'on') === 0) ||
         (sqgetGlobalVar('SERVER_PORT', $server_port, SQ_SERVER) &&  $server_port == 443)) {
         $proto = 'https://';
     }
 
     /* Get the hostname from the Host header or server config. */
-    if ( !sqgetGlobalVar('HTTP_HOST', $host, SQ_SERVER) || empty($host) ) {
-      if ( !sqgetGlobalVar('SERVER_NAME', $host, SQ_SERVER) || empty($host) ) {
-        $host = '';
-      }
+    if ( !sqgetGlobalVar('HTTP_X_FORWARDED_HOST', $host, SQ_SERVER) || empty($host) ) {
+        if ( !sqgetGlobalVar('HTTP_HOST', $host, SQ_SERVER) || empty($host) ) {
+            if ( !sqgetGlobalVar('SERVER_NAME', $host, SQ_SERVER) || empty($host) ) {
+                $host = '';
+            }
+        }
     }
 
     $port = '';
-- 
2.25.1