Inicio Explorar Axuda
Iniciar sesión
LBP
/
FressRSS
réplica de https://github.com/FreshRSS/FreshRSS.git
4
0
Fork 0
Ficheiros Incidencias 0 Wiki
Explorar o código

HTTP_X_FORWARDED_PREFIX for cookie path (#2201)

Forgotten. Follow-up of https://github.com/FreshRSS/FreshRSS/pull/2191
Alexandre Alapetite %!s(int64=7) %!d(string=hai) anos
pai
06ea2626e8
achega
e9d50f48eb
Modificáronse 2 ficheiros con 7 adicións e 2 borrados
Dividir vista Mostrar estatísticas de Diff
  1. 2 1
      app/install.php
  2. 5 1
      lib/Minz/Session.php

+ 2 - 1
app/install.php
Ver ficheiro 

@@ -7,7 +7,8 @@ header("Content-Security-Policy: default-src 'self'");
 
 require(LIB_PATH . '/lib_install.php');
 
 
 session_name('FreshRSS');
 
-session_set_cookie_params(0, dirname(empty($_SERVER['REQUEST_URI']) ? '/' : dirname($_SERVER['REQUEST_URI'])), null, false, true);
 
+$forwardedPrefix = empty($_SERVER['HTTP_X_FORWARDED_PREFIX']) ? '' : rtrim($_SERVER['HTTP_X_FORWARDED_PREFIX'], '/ ');
 
+session_set_cookie_params(0, $forwardedPrefix . dirname(empty($_SERVER['REQUEST_URI']) ? '/' : dirname($_SERVER['REQUEST_URI'])), null, false, true);
 
 session_start();
 
 
 if (isset($_GET['step'])) {

+ 5 - 1
lib/Minz/Session.php
Ver ficheiro 

@@ -61,7 +61,11 @@ class Minz_Session {
 
 
 	public static function getCookieDir() {
 
 		// Get the script_name (e.g. /p/i/index.php) and keep only the path.
 
-		$cookie_dir = empty($_SERVER['REQUEST_URI']) ? '/' : $_SERVER['REQUEST_URI'];
 
+		$cookie_dir = '';
 
+		if (!empty($_SERVER['HTTP_X_FORWARDED_PREFIX'])) {
 
+			$cookie_dir .= rtrim($_SERVER['HTTP_X_FORWARDED_PREFIX'], '/ ');
 
+		}
 
+		$cookie_dir .= empty($_SERVER['REQUEST_URI']) ? '/' : $_SERVER['REQUEST_URI'];
 
 		if (substr($cookie_dir, -1) !== '/') {
 
 			$cookie_dir = dirname($cookie_dir) . '/';
 
 		}