Minz getBaseUrl correction and RSS template bug

https://github.com/FreshRSS/FreshRSS/issues/848 Corrections in Minz (HTTP_HOST was not sanitized, getURI() was never used and not working anyway with absolute base_url) $this->url was not defined in rss.phtml
10 years ago · 27d2b88a19
parent 9b69ec4b31
commit 27d2b88a19
4 changed files with 18 additions and 42 deletions
--- a/app/Controllers/indexController.php
+++ b/app/Controllers/indexController.php
@ -137,6 +137,7 @@ class FreshRSS_index_Controller extends Minz_ActionController {
 		}

 		// No layout for RSS output.
+		$this->view->url = empty($_SERVER['QUERY_STRING']) ? '' : '?' . $_SERVER['QUERY_STRING'];
 		$this->view->rss_title = FreshRSS_Context::$name . ' | ' . Minz_View::title();
 		$this->view->_useLayout(false);
 		header('Content-Type: application/rss+xml; charset=utf-8');
--- a/constants.php
+++ b/constants.php
@ -11,7 +11,8 @@ define('PHP_COMPRESSION', false);
 define('FRESHRSS_PATH', dirname(__FILE__));

 	define('PUBLIC_PATH', FRESHRSS_PATH . '/p');
-		define('INDEX_PATH', PUBLIC_PATH . '/i');
+		define('PUBLIC_TO_INDEX_PATH', '/i');
+		define('INDEX_PATH', PUBLIC_PATH . PUBLIC_TO_INDEX_PATH);
 		define('PUBLIC_RELATIVE', '..');

 	define('DATA_PATH', FRESHRSS_PATH . '/data');
--- a/lib/Minz/Request.php
+++ b/lib/Minz/Request.php
@ -84,45 +84,27 @@ class Minz_Request {
 		self::magicQuotesOff();
 	}

-	/**
-	 * Retourn le nom de domaine du site
-	 */
-	public static function getDomainName() {
-		return $_SERVER['HTTP_HOST'];
-	}
-
 	/**
 	 * Détermine la base de l'url
 	 * @return la base de l'url
 	 */
-	public static function getBaseUrl() {
+	public static function getBaseUrl($baseUrlSuffix = '') {
 		$conf = Minz_Configuration::get('system');
-		$defaultBaseUrl = $conf->base_url;
-		if (!empty($defaultBaseUrl)) {
-			return $defaultBaseUrl;
-		} elseif (isset($_SERVER['REQUEST_URI'])) {
-			return dirname($_SERVER['REQUEST_URI']) . '/';
+		$url = $conf->base_url;
+		if ($url == '' || !preg_match('%^https?://%i', $url)) {
+			$url = 'http';
+			$host = empty($_SERVER['HTTP_HOST']) ? $_SERVER['SERVER_NAME'] : $_SERVER['HTTP_HOST'];
+			$port = empty($_SERVER['SERVER_PORT']) ? 80 : $_SERVER['SERVER_PORT'];
+			if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on') {
+				$url .= 's://' . $host . ($port == 443 ? '' : ':' . $port);
 			} else {
-			return '/';
-		}
+				$url .= '://' . $host . ($port == 80 ? '' : ':' . $port);
 			}
-
-	/**
-	 * Récupère l'URI de la requête
-	 * @return l'URI
-	 */
-	public static function getURI() {
-		if (isset($_SERVER['REQUEST_URI'])) {
-			$base_url = self::getBaseUrl();
-			$uri = $_SERVER['REQUEST_URI'];
-
-			$len_base_url = strlen($base_url);
-			$real_uri = substr($uri, $len_base_url);
+			$url .= isset($_SERVER['REQUEST_URI']) ? dirname($_SERVER['REQUEST_URI']) : '';
 		} else {
-			$real_uri = '';
+			$url = rtrim($url, '/\\') . $baseUrlSuffix;
 		}
-
-		return $real_uri;
+		return filter_var($url . '/', FILTER_SANITIZE_URL);
 	}

 	/**
--- a/lib/Minz/Url.php
+++ b/lib/Minz/Url.php
@ -10,7 +10,6 @@ class Minz_Url {
 	 *                    $url['c'] = controller
 	 *                    $url['a'] = action
 	 *                    $url['params'] = tableau des paramètres supplémentaires
-	 *                    $url['protocol'] = protocole à utiliser (http par défaut)
 	 *             ou comme une chaîne de caractère
 	 * @param $encodage pour indiquer comment encoder les & (& ou &amp; pour html)
 	 * @return l'url formatée
@ -25,14 +24,7 @@ class Minz_Url {
 		$url_string = '';

 		if ($absolute) {
-			if ($isArray && isset ($url['protocol'])) {
-				$protocol = $url['protocol'];
-			} elseif (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') {
-				$protocol = 'https:';
-			} else {
-				$protocol = 'http:';
-			}
-			$url_string = $protocol . '//' . Minz_Request::getDomainName () . Minz_Request::getBaseUrl ();
+			$url_string = Minz_Request::getBaseUrl(PUBLIC_TO_INDEX_PATH);
 		} else {
 			$url_string = $isArray ? '.' : PUBLIC_RELATIVE;
 		}