From e3031ae28be12b377f6a570f8048512b744d5951 Mon Sep 17 00:00:00 2001
From: Frank Karlitschek <frank@owncloud.org>
Date: Tue, 5 Jun 2012 12:52:23 +0200
Subject: [PATCH] more reliable host detection for reverse proxy servers

---
 lib/base.php   | 12 +++++++-----
 lib/helper.php |  2 +-
 2 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/lib/base.php b/lib/base.php
index bdfd05e8f1..b9c28119e3 100644
--- a/lib/base.php
+++ b/lib/base.php
@@ -367,16 +367,18 @@ class OC{
 
 		// CSRF protection
 		if(isset($_SERVER['HTTP_REFERER'])) $referer=$_SERVER['HTTP_REFERER']; else $referer='';
-		$protocol=OC_Helper::serverProtocol().'://'; 
+		$refererhost=parse_url($referer);
+		if(isset($refererhost['host'])) $refererhost=$refererhost['host']; else $refererhost='';
+		$server=OC_Helper::serverHost();
+		$serverhost=parse_url($server);
+		if(isset($serverhost['host'])) $serverhost=$serverhost['host']; else $serverhost='';
 		if(!self::$CLI){
-			$server=$protocol.OC_Helper::serverHost();
-			if(($_SERVER['REQUEST_METHOD']=='POST') and (substr($referer,0,strlen($server))<>$server)) {
-				$url = $protocol.OC_Helper::serverProtocol().OC::$WEBROOT.'/index.php';
+			if(($_SERVER['REQUEST_METHOD']=='POST') and ($refererhost<>$serverhost)) {
+				$url = OC_Helper::serverProtocol().'://'.$server.OC::$WEBROOT.'/index.php';
 				header("Location: $url");
 				exit();
 			}
 		}
-
 		self::initSession();
 		self::initTemplateEngine();
 		self::checkUpgrade();
diff --git a/lib/helper.php b/lib/helper.php
index aedac20405..decc1d6133 100644
--- a/lib/helper.php
+++ b/lib/helper.php
@@ -120,7 +120,7 @@ class OC_Helper {
 	 */
 	public static function linkToAbsolute( $app, $file ) {
 		$urlLinkTo = self::linkTo( $app, $file );
-		$urlLinkTo = OC_Helper::serverProtocol(). '://'  . self::serverHost() . $urlLinkTo;
+		$urlLinkTo = self::serverProtocol(). '://'  . self::serverHost() . $urlLinkTo;
 		return $urlLinkTo;
 	}
 
-- 
GitLab