Allow overriding of host, port, protocol nsdr url path for URL building #175
Conversation
- Added ability to set custom host/port/protocol - Updated test coverage to include testing HTTP_X_FORWARDED_PORT - Split port detection into its own method
…saml into dhensby-pulls/url-injection
… parameter on the settings the Base URL to be used instead of guessing the URL of the currentURL where SAML messages are processed.
|
@dhensby, sorry for the delay, can you review this PR? |
pitbulk
force-pushed
the
url-injection
branch
from
79addd1 to
bdd88b1
Compare
| if (!empty($baseurl)) { | ||
| $baseurlpath = '/'; | ||
| if (preg_match('#^https?:\/\/([^\/]*)\/?(.*)#i', $baseurl, $matches)) { | ||
| if (strpos($baseurl, 'https://') == False) { |
There was a problem hiding this comment.
this needs to be type equality (===) and you should use false not False
| */ | ||
| public static function setBaseURLPath($baseurlpath) | ||
| { | ||
| if (!isset($baseurlpath) || empty($baseurlpath)) { |
There was a problem hiding this comment.
you can just used empty as isset will only return false if $baseurlpath is explicitly null, but empty will return true for null anyway.
| $baseurlpath = '/'; | ||
| } | ||
|
|
||
| self::$_baseurlpath = '/'. ltrim(rtrim($baseurlpath, '/') . '/', '/'); |
There was a problem hiding this comment.
Could you not do '/'.trim($baseurlpath, '/') . '/';
There was a problem hiding this comment.
I wanted to assure that all start and end with a /. What the reason for avoiding that?
There was a problem hiding this comment.
Won't my suggestion have the same effect? Trim / off both ends then spend it to both?
There was a problem hiding this comment.
haha, yes, sorry, yesterday was so late when I reviewed that
There was a problem hiding this comment.
Ohh, when $baseurlpath ==> '/'
'/'.trim($baseurlpath, '/') . '/'; returns //
but '/'. ltrim(rtrim($baseurlpath, '/') . '/', '/'); returns /
I will use
if (empty($baseurlpath) || $baseurlpath == '/') {
$baseurlpath = '/';
} else {
self::$_baseurlpath = '/' . trim($baseurlpath, '/') . '/';
}
There was a problem hiding this comment.
Ah, good point and that solution is more readable too, so cool.
| $selfURLhost = self::getSelfURLhost(); | ||
| $selfURLNoQuery = $selfURLhost . $_SERVER['SCRIPT_NAME']; | ||
|
|
||
| if (!empty(self::getBaseURLPath())) { |
There was a problem hiding this comment.
you can't use empty with method in php < 5.5 so you need to assign a var first as the module supports 5.3+
There was a problem hiding this comment.
Sure, I noticed that on travis
| @@ -493,6 +564,17 @@ public static function getSelfRoutedURLNoQuery() | |||
| } | |||
| } | |||
|
|
|||
| if (!empty(self::getBaseURLPath())) { | |||
There was a problem hiding this comment.
This code is repeated and could be pulled into a protected method and re-used
|
Thanks, I will fix that. |
|
any scenario we are not covering? Are we now ready to merge? |
|
For the life of me, I can't seem to really figure out why on earth why Also, why is it that
This is because the It seems as if this is missing a thorough explanation for the thought process behind changing the request URI like this when generating the current URL. What am I missing here? |
|
p.s. I first mentioned this here on this comment and tracked it down to this issue. silverstripe/silverstripe-activedirectory#104 (comment) |
…id URL parsing, documented here: SAML-Toolkits/php-saml#175 (comment)
A developer can use setSelfProtocol, setSelfHost, setSelfPort and getBaseURLPath to define a specific value to be returned by isHTTPS, getSelfHost, getSelfPort and getBaseURLPath. And define a setBasePath to be used on the getSelfURL and getSelfRoutedURLNoQuery to replace the data extracted from $_SERVER["REQUEST_URI"].
At the settings the developer will be able to set a 'baseurl' parameter that automatically will use setBaseURL to set values for setSelfProtocol, setSelfHost, setSelfPort and setBaseURLPath.