diff options
Diffstat (limited to 'include')
| -rw-r--r-- | include/common.inc.php | 12 | ||||
| -rw-r--r-- | include/functions_session.inc.php | 19 | ||||
| -rw-r--r-- | include/functions_url.inc.php | 23 | ||||
| -rw-r--r-- | include/picture_comment.inc.php | 5 |
4 files changed, 37 insertions, 22 deletions
diff --git a/include/common.inc.php b/include/common.inc.php index aea694639..d65b69641 100644 --- a/include/common.inc.php +++ b/include/common.inc.php @@ -179,10 +179,8 @@ if ($conf['gallery_locked']) if ( script_basename() != 'identification' and !is_admin() ) { - //next line required if PATH_INFO (no ? in url) but won't work for scripts outside PWG - $page['root_path'] = cookie_path(); echo $lang['gallery_locked_message'] - .'<a href="'.get_root_url().'identification.php">.</a>'; + .'<a href="'.get_absolute_root_url(false).'identification.php">.</a>'; exit(); } } @@ -197,9 +195,7 @@ if ($user['is_the_guest'] and !$conf['guest_access'] ) ) { - //next line required if PATH_INFO (no ? in url) but won't work for scripts outside PWG - $page['root_path'] = cookie_path(); - redirect (get_root_url().'identification.php'); + redirect (get_absolute_root_url(false).'identification.php'); } if ($conf['check_upgrade_feed'] @@ -220,10 +216,8 @@ SELECT id // which upgrades need to be applied? if (count(array_diff($existing, $applied)) > 0) { - //next line required if PATH_INFO (no ? in url) but won't work for scripts outside PWG - $page['root_path'] = cookie_path(); $header_msgs[] = 'Some database upgrades are missing, ' - .'<a href="'.get_root_url().'upgrade_feed.php">upgrade now</a>'; + .'<a href="'.get_absolute_root_url(false).'upgrade_feed.php">upgrade now</a>'; } } diff --git a/include/functions_session.inc.php b/include/functions_session.inc.php index ba1820028..d02fea3ae 100644 --- a/include/functions_session.inc.php +++ b/include/functions_session.inc.php @@ -111,8 +111,25 @@ function cookie_path() $scr = $_SERVER['SCRIPT_NAME']; } $scr = substr($scr,0,strrpos( $scr,'/')); + // add a trailing '/' if needed - return ($scr{strlen($scr)-1} == '/') ? $scr : $scr . '/'; + $scr .= ($scr{strlen($scr)-1} == '/') ? '' : '/'; + + if ( substr(PHPWG_ROOT_PATH,0,3)=='../') + { // this is maybe a plugin inside pwg directory + // TODO - what if it is an external script outside PWG ? + $scr = $scr.PHPWG_ROOT_PATH; + while (1) + { + $new = preg_replace('#[^/]+/\.\.(/|$)#', '', $scr); + if ($new==$scr) + { + break; + } + $scr=$new; + } + } + return $scr; } /** diff --git a/include/functions_url.inc.php b/include/functions_url.inc.php index 1410243da..376d4f4e9 100644 --- a/include/functions_url.inc.php +++ b/include/functions_url.inc.php @@ -38,7 +38,7 @@ function get_root_url() $root_url = $page['root_path']; } else - { + {// TODO - add HERE the possibility to call PWG functions from external scripts $root_url = PHPWG_ROOT_PATH; } if ( dirname($root_url)!='.' ) @@ -52,17 +52,22 @@ function get_root_url() } /** - * returns the url of the current host (e.g. http://www.toto.com ) - * TODO: if required by someone, treat https case + * returns the absolute url to the root of PWG + * @param boolean with_scheme if false - does not add http://toto.com */ -function get_host_url() +function get_absolute_root_url($with_scheme=true) { - $url = "http://"; - $url .= $_SERVER['HTTP_HOST']; - if ($_SERVER['SERVER_PORT']!=80) + // TODO - add HERE the possibility to call PWG functions from external scripts + $url = ''; + if ($with_scheme) { - $url .= ':'.$_SERVER['SERVER_PORT']; + $url .= 'http://'.$_SERVER['HTTP_HOST']; + if ($_SERVER['SERVER_PORT']!=80) + { + $url .= ':'.$_SERVER['SERVER_PORT']; + } } + $url .= cookie_path(); return $url; } @@ -419,7 +424,7 @@ function set_make_full_url() $page['save_root_path']['path'] = $page['root_path']; } $page['save_root_path']['count'] = 1; - $page['root_path'] = get_host_url().cookie_path(); + $page['root_path'] = get_absolute_root_url(); } else { diff --git a/include/picture_comment.inc.php b/include/picture_comment.inc.php index faf1d9d7d..194e715c8 100644 --- a/include/picture_comment.inc.php +++ b/include/picture_comment.inc.php @@ -209,8 +209,7 @@ if ( $page['show_comments'] and isset( $_POST['content'] ) ) { include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php'); - $del_url = get_host_url().cookie_path() - .'comments.php?delete='.$comm['id']; + $del_url = get_absolute_root_url().'comments.php?delete='.$comm['id']; $content = 'Author: '.$comm['author']."\n" @@ -221,7 +220,7 @@ if ( $page['show_comments'] and isset( $_POST['content'] ) ) if ($comment_action!='validate') { $content .= - 'Validate: '.get_host_url().cookie_path() + 'Validate: '.get_absolute_root_url() .'comments.php?validate='.$comm['id']; } pwg_mail( get_webmaster_mail_address(), '', |