From 999523ad1347c178859f809c4f46cec6cee44bfe Mon Sep 17 00:00:00 2001
From: Cerdic <cedric@yterium.com>
Date: Mon, 27 Jul 2015 20:13:23 +0000
Subject: [PATCH] Fix #3386 : gerer le host reel vs le host vu par PHP en cas
 de reverse proxy a l'aide de HTTP_X_FORWARDED_HOST

---
 ecrire/inc/utils.php        | 21 ++++++++++++++-------
 ecrire/public/assembler.php |  4 ++++
 2 files changed, 18 insertions(+), 7 deletions(-)

diff --git a/ecrire/inc/utils.php b/ecrire/inc/utils.php
index abac018483..31fc63b170 100644
--- a/ecrire/inc/utils.php
+++ b/ecrire/inc/utils.php
@@ -1540,13 +1540,20 @@ function url_de_base($profondeur=null) {
 		OR (isset($_SERVER['HTTPS']) AND
 		    test_valeur_serveur($_SERVER['HTTPS']))
 	) ? 'https' : 'http';
-	# note : HTTP_HOST contient le :port si necessaire
-	$host = $_SERVER['HTTP_HOST'];
-	if (isset($_SERVER['SERVER_PORT'])
-		AND $port=$_SERVER['SERVER_PORT']
-		AND strpos($host,":")==false){
-		if ($http=="http" AND $port!=80) $host.=":$port";
-		if ($http=="https" AND $port!=443) $host.=":$port";
+	if (isset($_SERVER['HTTP_X_FORWARDED_HOST'])){
+		$host = strtr($_SERVER['HTTP_X_FORWARDED_HOST'], "<>?\"' \r\n", '________');
+	}
+	else {
+		# note : HTTP_HOST contient le :port si necessaire
+		$host = $_SERVER['HTTP_HOST'];
+		if (isset($_SERVER['SERVER_PORT'])
+			AND $port=$_SERVER['SERVER_PORT']
+			AND strpos($host,":")==false){
+			if (!defined('_PORT_HTTP_STANDARD')) define('_PORT_HTTP_STANDARD','80');
+			if (!defined('_PORT_HTTPS_STANDARD')) define('_PORT_HTTPS_STANDARD','443');
+			if ($http=="http" AND !in_array($port,explode(',',_PORT_HTTP_STANDARD))) $host.=":$port";
+			if ($http=="https" AND !in_array($port,explode(',',_PORT_HTTPS_STANDARD))) $host.=":$port";
+		}
 	}
 	if (!$GLOBALS['REQUEST_URI']){
 		if (isset($_SERVER['REQUEST_URI'])) {
diff --git a/ecrire/public/assembler.php b/ecrire/public/assembler.php
index 715df4a154..730623077f 100644
--- a/ecrire/public/assembler.php
+++ b/ecrire/public/assembler.php
@@ -194,6 +194,10 @@ function calculer_contexte_implicite(){
 		'notes' => $notes?$notes('','contexter_cache'):'',
 		'spip_version_code' => $GLOBALS['spip_version_code'],
 	);
+	if (isset($_SERVER['HTTP_X_FORWARDED_HOST'])){
+		$contexte_implicite['host'] .= "|" . $_SERVER['HTTP_X_FORWARDED_HOST'];
+	}
+
 	return $contexte_implicite;
 }
 
-- 
GitLab