From a65d273a165cbbc422c11f100b510d0d9e41ca7d Mon Sep 17 00:00:00 2001 From: James Morcom Date: Sun, 21 Aug 2016 18:42:47 +0100 Subject: [PATCH 1/6] Strip port from host header when calculating redirect URL. --- OpenIDConnectClient.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/OpenIDConnectClient.php b/OpenIDConnectClient.php index 246cfa4e..0ed1be68 100644 --- a/OpenIDConnectClient.php +++ b/OpenIDConnectClient.php @@ -361,7 +361,9 @@ public function getRedirectURL() { } if(isset($_SERVER['HTTP_HOST'])) { - $hostname = $_SERVER['HTTP_HOST']; + $http_host_value = $_SERVER['HTTP_HOST']; + $tmp = explode(":", $http_host_value); + $hostname = $tmp[0]; } else if(isset($_SERVER['SERVER_NAME'])) { $hostname = $_SERVER['SERVER_NAME']; } else if(isset($_SERVER['SERVER_ADDR'])) { From 575dc82d3592788330c2f483b658f8aff0c3a226 Mon Sep 17 00:00:00 2001 From: James Morcom Date: Tue, 23 Aug 2016 20:38:40 +0100 Subject: [PATCH 2/6] Revert "Strip port from host header when calculating redirect URL." This reverts commit a65d273a165cbbc422c11f100b510d0d9e41ca7d. --- OpenIDConnectClient.php | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/OpenIDConnectClient.php b/OpenIDConnectClient.php index 0ed1be68..246cfa4e 100644 --- a/OpenIDConnectClient.php +++ b/OpenIDConnectClient.php @@ -361,9 +361,7 @@ public function getRedirectURL() { } if(isset($_SERVER['HTTP_HOST'])) { - $http_host_value = $_SERVER['HTTP_HOST']; - $tmp = explode(":", $http_host_value); - $hostname = $tmp[0]; + $hostname = $_SERVER['HTTP_HOST']; } else if(isset($_SERVER['SERVER_NAME'])) { $hostname = $_SERVER['SERVER_NAME']; } else if(isset($_SERVER['SERVER_ADDR'])) { From 2c9599a9224e1e424dcadd59cbc30304ce449ad3 Mon Sep 17 00:00:00 2001 From: James Morcom Date: Tue, 23 Aug 2016 21:30:33 +0100 Subject: [PATCH 3/6] Adjust for host header containing port number when calculating redirect URL --- OpenIDConnectClient.php | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/OpenIDConnectClient.php b/OpenIDConnectClient.php index 246cfa4e..c399aee3 100644 --- a/OpenIDConnectClient.php +++ b/OpenIDConnectClient.php @@ -337,7 +337,7 @@ public function getRedirectURL() { $protocol = null; $port = null; - $hostname = null; + $host = null; $setport = null; if(isset($_SERVER['HTTP_X_FORWARDED_PROTO'])) { @@ -361,21 +361,24 @@ public function getRedirectURL() { } if(isset($_SERVER['HTTP_HOST'])) { - $hostname = $_SERVER['HTTP_HOST']; + $host = $_SERVER['HTTP_HOST']; } else if(isset($_SERVER['SERVER_NAME'])) { - $hostname = $_SERVER['SERVER_NAME']; + $host = $_SERVER['SERVER_NAME'] . ':' . $port; } else if(isset($_SERVER['SERVER_ADDR'])) { - $hostname = $_SERVER['SERVER_ADDR']; + $host = $_SERVER['SERVER_ADDR'] . ':' . $port; } - $useport = ($protocol === 'https' && $port !== 443) || ($protocol === 'http' && $port !== 80); + $is_default_port = ($protocol === 'https' && $port === 443) || ($protocol === 'http' && $port === 80); - $base_page_url = $protocol . '://' . $hostname . ($useport ? (':' . $port) : ''); + if($is_default_port) { + $tmp = explode(":", $host); + $host = $tmp[0]; + } $tmp = explode("?", $_SERVER['REQUEST_URI']); - $base_page_url .= $tmp[0]; - - return $base_page_url; + $path = $tmp[0]; + + return $protocol . '://' . $host . $path; } /** @@ -428,6 +431,7 @@ private function requestAuthorization() { $auth_endpoint .= '?' . http_build_query($auth_params, null, '&'); session_commit(); + $this->redirect($auth_endpoint); } From 5382c09a0f1dd4af0cd8da45159d4f8b2f966402 Mon Sep 17 00:00:00 2001 From: James Morcom Date: Tue, 23 Aug 2016 21:34:09 +0100 Subject: [PATCH 4/6] Fix whitespace. --- OpenIDConnectClient.php | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/OpenIDConnectClient.php b/OpenIDConnectClient.php index c399aee3..c966a6e8 100644 --- a/OpenIDConnectClient.php +++ b/OpenIDConnectClient.php @@ -370,14 +370,14 @@ public function getRedirectURL() { $is_default_port = ($protocol === 'https' && $port === 443) || ($protocol === 'http' && $port === 80); - if($is_default_port) { - $tmp = explode(":", $host); - $host = $tmp[0]; - } + if($is_default_port) { + $tmp = explode(":", $host); + $host = $tmp[0]; + } $tmp = explode("?", $_SERVER['REQUEST_URI']); - $path = $tmp[0]; - + $path = $tmp[0]; + return $protocol . '://' . $host . $path; } From e14d452d3eb3f2a847c6edf39b3bb4dad7b4ab7f Mon Sep 17 00:00:00 2001 From: James Morcom Date: Tue, 23 Aug 2016 21:38:31 +0100 Subject: [PATCH 5/6] Undo accidental whitespace changes --- OpenIDConnectClient.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/OpenIDConnectClient.php b/OpenIDConnectClient.php index c966a6e8..a66433e7 100644 --- a/OpenIDConnectClient.php +++ b/OpenIDConnectClient.php @@ -377,7 +377,7 @@ public function getRedirectURL() { $tmp = explode("?", $_SERVER['REQUEST_URI']); $path = $tmp[0]; - + return $protocol . '://' . $host . $path; } @@ -431,7 +431,6 @@ private function requestAuthorization() { $auth_endpoint .= '?' . http_build_query($auth_params, null, '&'); session_commit(); - $this->redirect($auth_endpoint); } From 3f9384db59203fa1bd2fce84287e6e20d52adff8 Mon Sep 17 00:00:00 2001 From: James Morcom Date: Thu, 1 Sep 2016 08:50:57 +0100 Subject: [PATCH 6/6] Incorporated @jumbojett's simplifications and confirmed still working OK with IIS. --- OpenIDConnectClient.php | 62 +++++++++++------------------------------ 1 file changed, 17 insertions(+), 45 deletions(-) diff --git a/OpenIDConnectClient.php b/OpenIDConnectClient.php index a66433e7..903477fb 100644 --- a/OpenIDConnectClient.php +++ b/OpenIDConnectClient.php @@ -328,57 +328,29 @@ public function getRedirectURL() { * Thank you * http://stackoverflow.com/questions/189113/how-do-i-get-current-page-full-url-in-php-on-a-windows-iis-server */ - - /** + + /* * Compatibility with multiple host headers. * The problem with SSL over port 80 is resolved and non-SSL over port 443. * Support of 'ProxyReverse' configurations. */ - - $protocol = null; - $port = null; - $host = null; - $setport = null; - - if(isset($_SERVER['HTTP_X_FORWARDED_PROTO'])) { - $protocol = $_SERVER['HTTP_X_FORWARDED_PROTO']; - } else if(isset($_SERVER['REQUEST_SCHEME'])) { - $protocol = $_SERVER['REQUEST_SCHEME']; - } else if(isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on") { - $protocol = "https"; - } else { - $protocol = "http"; - } - - if(isset($_SERVER['HTTP_X_FORWARDED_PORT'])) { - $port = intval($_SERVER['HTTP_X_FORWARDED_PORT']); - } else if(isset($_SERVER["SERVER_PORT"])) { - $port = intval($_SERVER["SERVER_PORT"]); - } else if($protocol === 'https') { - $port = 443; - } else { - $port = 80; - } - - if(isset($_SERVER['HTTP_HOST'])) { - $host = $_SERVER['HTTP_HOST']; - } else if(isset($_SERVER['SERVER_NAME'])) { - $host = $_SERVER['SERVER_NAME'] . ':' . $port; - } else if(isset($_SERVER['SERVER_ADDR'])) { - $host = $_SERVER['SERVER_ADDR'] . ':' . $port; - } - - $is_default_port = ($protocol === 'https' && $port === 443) || ($protocol === 'http' && $port === 80); - - if($is_default_port) { - $tmp = explode(":", $host); - $host = $tmp[0]; - } - $tmp = explode("?", $_SERVER['REQUEST_URI']); - $path = $tmp[0]; + $protocol = @$_SERVER['HTTP_X_FORWARDED_PROTO'] + ?: @$_SERVER['REQUEST_SCHEME'] + ?: ((isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on") ? "https" : "http"); + + $port = @intval($_SERVER['HTTP_X_FORWARDED_PORT']) + ?: @intval($_SERVER["SERVER_PORT"]) + ?: (($protocol === 'https') ? 443 : 80); + + $host = @explode(":", $_SERVER['HTTP_HOST'])[0] + ?: @$_SERVER['SERVER_NAME'] + ?: @$_SERVER['SERVER_ADDR']; + + // Don't include port if it's 80 or 443 and the protocol matches + $port = ($protocol === 'https' && $port === 443) || ($protocol === 'http' && $port === 80) ? '' : ':' . $port; - return $protocol . '://' . $host . $path; + return sprintf('%s://%s%s/%s', $protocol, $host, $port, @trim(reset(explode("?", $_SERVER['REQUEST_URI'])), '/')); } /**