aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
Diffstat (limited to 'include')
-rw-r--r--include/common.inc.php12
-rw-r--r--include/functions_session.inc.php19
-rw-r--r--include/functions_url.inc.php23
-rw-r--r--include/picture_comment.inc.php5
4 files changed, 37 insertions, 22 deletions
diff --git a/include/common.inc.php b/include/common.inc.php
index aea694639..d65b69641 100644
--- a/include/common.inc.php
+++ b/include/common.inc.php
@@ -179,10 +179,8 @@ if ($conf['gallery_locked'])
if ( script_basename() != 'identification' and !is_admin() )
{
- //next line required if PATH_INFO (no ? in url) but won't work for scripts outside PWG
- $page['root_path'] = cookie_path();
echo $lang['gallery_locked_message']
- .'<a href="'.get_root_url().'identification.php">.</a>';
+ .'<a href="'.get_absolute_root_url(false).'identification.php">.</a>';
exit();
}
}
@@ -197,9 +195,7 @@ if ($user['is_the_guest'] and !$conf['guest_access']
)
)
{
- //next line required if PATH_INFO (no ? in url) but won't work for scripts outside PWG
- $page['root_path'] = cookie_path();
- redirect (get_root_url().'identification.php');
+ redirect (get_absolute_root_url(false).'identification.php');
}
if ($conf['check_upgrade_feed']
@@ -220,10 +216,8 @@ SELECT id
// which upgrades need to be applied?
if (count(array_diff($existing, $applied)) > 0)
{
- //next line required if PATH_INFO (no ? in url) but won't work for scripts outside PWG
- $page['root_path'] = cookie_path();
$header_msgs[] = 'Some database upgrades are missing, '
- .'<a href="'.get_root_url().'upgrade_feed.php">upgrade now</a>';
+ .'<a href="'.get_absolute_root_url(false).'upgrade_feed.php">upgrade now</a>';
}
}
diff --git a/include/functions_session.inc.php b/include/functions_session.inc.php
index ba1820028..d02fea3ae 100644
--- a/include/functions_session.inc.php
+++ b/include/functions_session.inc.php
@@ -111,8 +111,25 @@ function cookie_path()
$scr = $_SERVER['SCRIPT_NAME'];
}
$scr = substr($scr,0,strrpos( $scr,'/'));
+
// add a trailing '/' if needed
- return ($scr{strlen($scr)-1} == '/') ? $scr : $scr . '/';
+ $scr .= ($scr{strlen($scr)-1} == '/') ? '' : '/';
+
+ if ( substr(PHPWG_ROOT_PATH,0,3)=='../')
+ { // this is maybe a plugin inside pwg directory
+ // TODO - what if it is an external script outside PWG ?
+ $scr = $scr.PHPWG_ROOT_PATH;
+ while (1)
+ {
+ $new = preg_replace('#[^/]+/\.\.(/|$)#', '', $scr);
+ if ($new==$scr)
+ {
+ break;
+ }
+ $scr=$new;
+ }
+ }
+ return $scr;
}
/**
diff --git a/include/functions_url.inc.php b/include/functions_url.inc.php
index 1410243da..376d4f4e9 100644
--- a/include/functions_url.inc.php
+++ b/include/functions_url.inc.php
@@ -38,7 +38,7 @@ function get_root_url()
$root_url = $page['root_path'];
}
else
- {
+ {// TODO - add HERE the possibility to call PWG functions from external scripts
$root_url = PHPWG_ROOT_PATH;
}
if ( dirname($root_url)!='.' )
@@ -52,17 +52,22 @@ function get_root_url()
}
/**
- * returns the url of the current host (e.g. http://www.toto.com )
- * TODO: if required by someone, treat https case
+ * returns the absolute url to the root of PWG
+ * @param boolean with_scheme if false - does not add http://toto.com
*/
-function get_host_url()
+function get_absolute_root_url($with_scheme=true)
{
- $url = "http://";
- $url .= $_SERVER['HTTP_HOST'];
- if ($_SERVER['SERVER_PORT']!=80)
+ // TODO - add HERE the possibility to call PWG functions from external scripts
+ $url = '';
+ if ($with_scheme)
{
- $url .= ':'.$_SERVER['SERVER_PORT'];
+ $url .= 'http://'.$_SERVER['HTTP_HOST'];
+ if ($_SERVER['SERVER_PORT']!=80)
+ {
+ $url .= ':'.$_SERVER['SERVER_PORT'];
+ }
}
+ $url .= cookie_path();
return $url;
}
@@ -419,7 +424,7 @@ function set_make_full_url()
$page['save_root_path']['path'] = $page['root_path'];
}
$page['save_root_path']['count'] = 1;
- $page['root_path'] = get_host_url().cookie_path();
+ $page['root_path'] = get_absolute_root_url();
}
else
{
diff --git a/include/picture_comment.inc.php b/include/picture_comment.inc.php
index faf1d9d7d..194e715c8 100644
--- a/include/picture_comment.inc.php
+++ b/include/picture_comment.inc.php
@@ -209,8 +209,7 @@ if ( $page['show_comments'] and isset( $_POST['content'] ) )
{
include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
- $del_url = get_host_url().cookie_path()
- .'comments.php?delete='.$comm['id'];
+ $del_url = get_absolute_root_url().'comments.php?delete='.$comm['id'];
$content =
'Author: '.$comm['author']."\n"
@@ -221,7 +220,7 @@ if ( $page['show_comments'] and isset( $_POST['content'] ) )
if ($comment_action!='validate')
{
$content .=
- 'Validate: '.get_host_url().cookie_path()
+ 'Validate: '.get_absolute_root_url()
.'comments.php?validate='.$comm['id'];
}
pwg_mail( get_webmaster_mail_address(), '',