From 45c283504e7503d1454327003ce4b77517e900ab Mon Sep 17 00:00:00 2001 From: Jonas L Date: Tue, 9 Aug 2022 20:24:09 +0200 Subject: [PATCH] fix(legacy): do not rely on undefined SERVER_NAME (#2031) --- legacy/application/logging/Logging.php | 4 ---- legacy/application/models/Auth.php | 21 ++++++++------------- legacy/application/models/StoredFile.php | 18 +----------------- 3 files changed, 9 insertions(+), 34 deletions(-) diff --git a/legacy/application/logging/Logging.php b/legacy/application/logging/Logging.php index d833a5982..52fca777b 100644 --- a/legacy/application/logging/Logging.php +++ b/legacy/application/logging/Logging.php @@ -49,10 +49,6 @@ class Logging { $linePrefix = ''; - if (array_key_exists('SERVER_NAME', $_SERVER)) { - $linePrefix .= $_SERVER['SERVER_NAME'] . ' '; - } - if ($debugMode) { // debug_backtrace is SLOW so we don't want this invoke unless there was a real error! (hence $debugMode) $bt = debug_backtrace(); diff --git a/legacy/application/models/Auth.php b/legacy/application/models/Auth.php index b111640a3..f500f071a 100644 --- a/legacy/application/models/Auth.php +++ b/legacy/application/models/Auth.php @@ -23,15 +23,13 @@ class Application_Model_Auth public function sendPasswordRestoreLink($user, $view) { - $token = $this->generateToken('password.restore', $user->getDbId()); + $public_url = Config::getPublicUrl(); - $e_link_protocol = empty($_SERVER['HTTPS']) ? 'http' : 'https'; - $e_link_base = $_SERVER['SERVER_NAME']; - $e_link_port = $_SERVER['SERVER_PORT']; - $e_link_path = $view->url(['user_id' => $user->getDbId(), 'token' => $token], 'password-change'); + $token = $this->generateToken('password.restore', $user->getDbId()); + $link_path = $view->url(['user_id' => $user->getDbId(), 'token' => $token], 'password-change'); $message = sprintf(_("Hi %s, \n\nPlease click this link to reset your password: "), $user->getDbLogin()); - $message .= "{$e_link_protocol}://{$e_link_base}:{$e_link_port}{$e_link_path}"; + $message .= "{$public_url}{$link_path}"; $message .= sprintf(_("\n\nIf you have any problems, please contact our support team: %s"), SUPPORT_ADDRESS); $message .= sprintf(_("\n\nThank you,\nThe %s Team"), SAAS_PRODUCT_BRANDING_NAME); @@ -132,17 +130,14 @@ class Application_Model_Auth /** It is essential to do this before interacting with Zend_Auth otherwise sessions could be shared between * different copies of Airtime on the same webserver. This essentially pins this session to: - * - The server hostname - including subdomain so we segment multiple Airtime installs on different subdomains - * - The remote IP of the browser - to help prevent session hijacking - * - The client ID - same reason as server hostname. + * - The server public url. * * @param Zend_Auth $auth get this with Zend_Auth::getInstance() */ public static function pinSessionToClient($auth) { - $serverName = isset($_SERVER['SERVER_NAME']) ? $_SERVER['SERVER_NAME'] : ''; - $remoteAddr = isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : ''; - $sessionIdentifier = 'Airtime' . '-' . $serverName . '-' . $remoteAddr . '-' . Application_Model_Preference::GetClientId() . '-' . Config::getBasePath(); - $auth->setStorage(new Zend_Auth_Storage_Session($sessionIdentifier)); + $session_id = PRODUCT_NAME . '-'; + $session_id .= bin2hex(Config::getPublicUrl()); + $auth->setStorage(new Zend_Auth_Storage_Session($session_id)); } } diff --git a/legacy/application/models/StoredFile.php b/legacy/application/models/StoredFile.php index a9197ed7a..479afa223 100644 --- a/legacy/application/models/StoredFile.php +++ b/legacy/application/models/StoredFile.php @@ -516,23 +516,7 @@ SQL; */ public function getFileUrl() { - $protocol = empty($_SERVER['HTTPS']) ? 'http' : 'https'; - - $serverName = $_SERVER['SERVER_NAME']; - $serverPort = $_SERVER['SERVER_PORT']; - $subDir = Config::getBasePath(); - - if ($protocol === 'https' && $serverPort == 80) { - $serverPort = 443; - } - - if ($subDir[0] === '/') { - $subDir = substr($subDir, 1, strlen($subDir) - 1); - } - - $baseUrl = "{$protocol}://{$serverName}:{$serverPort}/{$subDir}"; - - return $this->getRelativeFileUrl($baseUrl); + return $this->getRelativeFileUrl(Config::getPublicUrl()); } /**