Correct SERVER_NAME to HTTP_HOST to get a valid host url

shtse8 · shtse8 · commit 6c1aa1587918 · 2017-09-28T11:44:33.000Z
diff --git a/include/classes/user.class.php b/include/classes/user.class.php
@@ -666,7 +666,7 @@ public function logoutUser() {
     // Enforce a page reload and point towards login with referrer included, if supplied
     $port = ($_SERVER["SERVER_PORT"] == "80" || $_SERVER["SERVER_PORT"] == "443") ? "" : (":".$_SERVER["SERVER_PORT"]);
     $pushto = $_SERVER['SCRIPT_NAME'].'?page=login';
-    $location = (@$_SERVER['HTTPS'] == 'on') ? 'https://' . $_SERVER['SERVER_NAME'] . $port . $pushto : 'http://' . $_SERVER['SERVER_NAME'] . $port . $pushto;
+    $location = (@$_SERVER['HTTPS'] == 'on') ? 'https://' . $_SERVER['HTTP_HOST'] . $port . $pushto : 'http://' . $_SERVER['HTTP_HOST'] . $port . $pushto;
     if (!headers_sent()) header('Location: ' . $location);
     exit('<meta http-equiv="refresh" content="0; url=' . $location . '"/>');
   }
diff --git a/include/lib/swiftmailer/classes/Swift/Mime/SimpleMimeEntity.php b/include/lib/swiftmailer/classes/Swift/Mime/SimpleMimeEntity.php
@@ -687,7 +687,7 @@ protected function _clearCache()
     protected function getRandomId()
     {
         $idLeft = md5(getmypid() . '.' . time() . '.' . uniqid(mt_rand(), true));
-        $idRight = !empty($_SERVER['SERVER_NAME']) ? $_SERVER['SERVER_NAME'] : 'swift.generated';
+        $idRight = !empty($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : 'swift.generated';
         $id = $idLeft . '@' . $idRight;
 
         try {
diff --git a/include/lib/swiftmailer/classes/Swift/Transport/AbstractSmtpTransport.php b/include/lib/swiftmailer/classes/Swift/Transport/AbstractSmtpTransport.php
@@ -477,10 +477,10 @@ private function _sendBcc(Swift_Mime_Message $message, $reversePath, array $bcc,
     /** Try to determine the hostname of the server this is run on */
     private function _lookupHostname()
     {
-        if (!empty($_SERVER['SERVER_NAME'])
-            && $this->_isFqdn($_SERVER['SERVER_NAME']))
+        if (!empty($_SERVER['HTTP_HOST'])
+            && $this->_isFqdn($_SERVER['HTTP_HOST']))
         {
-            $this->_domain = $_SERVER['SERVER_NAME'];
+            $this->_domain = $_SERVER['HTTP_HOST'];
         } elseif (!empty($_SERVER['SERVER_ADDR'])) {
             $this->_domain = sprintf('[%s]', $_SERVER['SERVER_ADDR']);
         }
diff --git a/include/pages/account/reset_failed.inc.php b/include/pages/account/reset_failed.inc.php
@@ -6,7 +6,7 @@
   $user->setUserFailed($_SESSION['USERDATA']['id'], 0);
   $port = ($_SERVER["SERVER_PORT"] == "80" || $_SERVER["SERVER_PORT"] == "443") ? "" : (":".$_SERVER["SERVER_PORT"]);
   $pushto = $_SERVER['SCRIPT_NAME'].'?page=dashboard';
-  $location = (@$_SERVER['HTTPS'] == 'on') ? 'https://' . $_SERVER['SERVER_NAME'] . $port . $pushto : 'http://' . $_SERVER['SERVER_NAME'] . $port . $pushto;
+  $location = (@$_SERVER['HTTPS'] == 'on') ? 'https://' . $_SERVER['HTTP_HOST'] . $port . $pushto : 'http://' . $_SERVER['HTTP_HOST'] . $port . $pushto;
   header("Location: " . $location);
 }
 // Somehow we still need to load this empty template
diff --git a/include/pages/login.inc.php b/include/pages/login.inc.php
@@ -29,7 +29,7 @@
         if ($user->checkLogin(@$_POST['username'], @$_POST['password']) ) {
           $port = ($_SERVER["SERVER_PORT"] == "80" || $_SERVER["SERVER_PORT"] == "443") ? "" : (":".$_SERVER["SERVER_PORT"]);
           $location = (@$_SERVER['HTTPS'] == "on") ? 'https://' : 'http://';
-          $location .= $_SERVER['SERVER_NAME'] . $port . $_SERVER['SCRIPT_NAME'];
+          $location .= $_SERVER['HTTP_HOST'] . $port . $_SERVER['SCRIPT_NAME'];
           $location.= '?page=dashboard';
           if (!headers_sent()) header('Location: ' . $location);
           exit('<meta http-equiv="refresh" content="0; url=' . htmlspecialchars($location) . '"/>');
diff --git a/public/index.php b/public/index.php
@@ -40,7 +40,7 @@ function cfip() { return (@defined('SECURITY')) ? 1 : 0; }
 include_once(BASEPATH . '../include/bootstrap.php');
 
 // switch to https if config option is enabled
-$hts = ($config['https_only'] && (!empty($_SERVER['QUERY_STRING']))) ? "https://".$_SERVER['SERVER_NAME'].$_SERVER['SCRIPT_NAME']."?".$_SERVER['QUERY_STRING'] : "https://".$_SERVER['SERVER_NAME'].$_SERVER['SCRIPT_NAME'];
+$hts = ($config['https_only'] && (!empty($_SERVER['QUERY_STRING']))) ? "https://".$_SERVER['HTTP_HOST'].$_SERVER['SCRIPT_NAME']."?".$_SERVER['QUERY_STRING'] : "https://".$_SERVER['HTTP_HOST'].$_SERVER['SCRIPT_NAME'];
 ($config['https_only'] && @!$_SERVER['HTTPS']) ? exit(header("Location: ".$hts)):0;
 
 // Rate limiting, we use our initilized memcache from bootstrap/autoloader

Original file line number	Diff line number	Diff line change
`@@ -666,7 +666,7 @@ public function logoutUser() {`
`666`	`666`	`// Enforce a page reload and point towards login with referrer included, if supplied`
`667`	`667`	`$port = ($_SERVER["SERVER_PORT"] == "80" \|\| $_SERVER["SERVER_PORT"] == "443") ? "" : (":".$_SERVER["SERVER_PORT"]);`
`668`	`668`	`$pushto = $_SERVER['SCRIPT_NAME'].'?page=login';`
`669`		`- $location = (@$_SERVER['HTTPS'] == 'on') ? 'https://' . $_SERVER['SERVER_NAME'] . $port . $pushto : 'http://' . $_SERVER['SERVER_NAME'] . $port . $pushto;`
	`669`	`+ $location = (@$_SERVER['HTTPS'] == 'on') ? 'https://' . $_SERVER['HTTP_HOST'] . $port . $pushto : 'http://' . $_SERVER['HTTP_HOST'] . $port . $pushto;`
`670`	`670`	`if (!headers_sent()) header('Location: ' . $location);`
`671`	`671`	`exit('<meta http-equiv="refresh" content="0; url=' . $location . '"/>');`
`672`	`672`	`}`
Original file line number	Diff line number	Diff line change
`@@ -687,7 +687,7 @@ protected function _clearCache()`
`687`	`687`	`protected function getRandomId()`
`688`	`688`	`{`
`689`	`689`	`$idLeft = md5(getmypid() . '.' . time() . '.' . uniqid(mt_rand(), true));`
`690`		`- $idRight = !empty($_SERVER['SERVER_NAME']) ? $_SERVER['SERVER_NAME'] : 'swift.generated';`
	`690`	`+ $idRight = !empty($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : 'swift.generated';`
`691`	`691`	`$id = $idLeft . '@' . $idRight;`
`692`	`692`
`693`	`693`	`try {`
Original file line number	Diff line number	Diff line change
`@@ -477,10 +477,10 @@ private function _sendBcc(Swift_Mime_Message $message, $reversePath, array $bcc,`
`477`	`477`	`/** Try to determine the hostname of the server this is run on */`
`478`	`478`	`private function _lookupHostname()`
`479`	`479`	`{`
`480`		`- if (!empty($_SERVER['SERVER_NAME'])`
`481`		`- && $this->_isFqdn($_SERVER['SERVER_NAME']))`
	`480`	`+ if (!empty($_SERVER['HTTP_HOST'])`
	`481`	`+ && $this->_isFqdn($_SERVER['HTTP_HOST']))`
`482`	`482`	`{`
`483`		`- $this->_domain = $_SERVER['SERVER_NAME'];`
	`483`	`+ $this->_domain = $_SERVER['HTTP_HOST'];`
`484`	`484`	`} elseif (!empty($_SERVER['SERVER_ADDR'])) {`
`485`	`485`	`$this->_domain = sprintf('[%s]', $_SERVER['SERVER_ADDR']);`
`486`	`486`	`}`
Original file line number	Diff line number	Diff line change
`@@ -6,7 +6,7 @@`
`6`	`6`	`$user->setUserFailed($_SESSION['USERDATA']['id'], 0);`
`7`	`7`	`$port = ($_SERVER["SERVER_PORT"] == "80" \|\| $_SERVER["SERVER_PORT"] == "443") ? "" : (":".$_SERVER["SERVER_PORT"]);`
`8`	`8`	`$pushto = $_SERVER['SCRIPT_NAME'].'?page=dashboard';`
`9`		`- $location = (@$_SERVER['HTTPS'] == 'on') ? 'https://' . $_SERVER['SERVER_NAME'] . $port . $pushto : 'http://' . $_SERVER['SERVER_NAME'] . $port . $pushto;`
	`9`	`+ $location = (@$_SERVER['HTTPS'] == 'on') ? 'https://' . $_SERVER['HTTP_HOST'] . $port . $pushto : 'http://' . $_SERVER['HTTP_HOST'] . $port . $pushto;`
`10`	`10`	`header("Location: " . $location);`
`11`	`11`	`}`
`12`	`12`	`// Somehow we still need to load this empty template`