fix(legacy): do not rely on undefined SERVER_NAME ()

This commit is contained in:
Jonas L 2022-08-09 20:24:09 +02:00 committed by GitHub
parent 631a7956ea
commit 45c283504e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 9 additions and 34 deletions
legacy/application

View File

@ -49,10 +49,6 @@ class Logging
{
$linePrefix = '';
if (array_key_exists('SERVER_NAME', $_SERVER)) {
$linePrefix .= $_SERVER['SERVER_NAME'] . ' ';
}
if ($debugMode) {
// debug_backtrace is SLOW so we don't want this invoke unless there was a real error! (hence $debugMode)
$bt = debug_backtrace();

View File

@ -23,15 +23,13 @@ class Application_Model_Auth
public function sendPasswordRestoreLink($user, $view)
{
$token = $this->generateToken('password.restore', $user->getDbId());
$public_url = Config::getPublicUrl();
$e_link_protocol = empty($_SERVER['HTTPS']) ? 'http' : 'https';
$e_link_base = $_SERVER['SERVER_NAME'];
$e_link_port = $_SERVER['SERVER_PORT'];
$e_link_path = $view->url(['user_id' => $user->getDbId(), 'token' => $token], 'password-change');
$token = $this->generateToken('password.restore', $user->getDbId());
$link_path = $view->url(['user_id' => $user->getDbId(), 'token' => $token], 'password-change');
$message = sprintf(_("Hi %s, \n\nPlease click this link to reset your password: "), $user->getDbLogin());
$message .= "{$e_link_protocol}://{$e_link_base}:{$e_link_port}{$e_link_path}";
$message .= "{$public_url}{$link_path}";
$message .= sprintf(_("\n\nIf you have any problems, please contact our support team: %s"), SUPPORT_ADDRESS);
$message .= sprintf(_("\n\nThank you,\nThe %s Team"), SAAS_PRODUCT_BRANDING_NAME);
@ -132,17 +130,14 @@ class Application_Model_Auth
/** It is essential to do this before interacting with Zend_Auth otherwise sessions could be shared between
* different copies of Airtime on the same webserver. This essentially pins this session to:
* - The server hostname - including subdomain so we segment multiple Airtime installs on different subdomains
* - The remote IP of the browser - to help prevent session hijacking
* - The client ID - same reason as server hostname.
* - The server public url.
*
* @param Zend_Auth $auth get this with Zend_Auth::getInstance()
*/
public static function pinSessionToClient($auth)
{
$serverName = isset($_SERVER['SERVER_NAME']) ? $_SERVER['SERVER_NAME'] : '';
$remoteAddr = isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : '';
$sessionIdentifier = 'Airtime' . '-' . $serverName . '-' . $remoteAddr . '-' . Application_Model_Preference::GetClientId() . '-' . Config::getBasePath();
$auth->setStorage(new Zend_Auth_Storage_Session($sessionIdentifier));
$session_id = PRODUCT_NAME . '-';
$session_id .= bin2hex(Config::getPublicUrl());
$auth->setStorage(new Zend_Auth_Storage_Session($session_id));
}
}

View File

@ -516,23 +516,7 @@ SQL;
*/
public function getFileUrl()
{
$protocol = empty($_SERVER['HTTPS']) ? 'http' : 'https';
$serverName = $_SERVER['SERVER_NAME'];
$serverPort = $_SERVER['SERVER_PORT'];
$subDir = Config::getBasePath();
if ($protocol === 'https' && $serverPort == 80) {
$serverPort = 443;
}
if ($subDir[0] === '/') {
$subDir = substr($subDir, 1, strlen($subDir) - 1);
}
$baseUrl = "{$protocol}://{$serverName}:{$serverPort}/{$subDir}";
return $this->getRelativeFileUrl($baseUrl);
return $this->getRelativeFileUrl(Config::getPublicUrl());
}
/**