$cfg->setConfigEntry('cookie_expire', (60*60*2)); // Two hours!
// CFG: COOKIE-PATH
-$cfg->setConfigEntry('cookie_path', dirname($_SERVER['SCRIPT_NAME']) . "/");
+$cfg->setConfigEntry('cookie_path', $cfg->detectScriptPath() . "/");
// CFG: COOKIE-DOMAIN
$cfg->setConfigEntry('cookie_domain', $cfg->detectDomain()); // Is mostly the same...
} // END - if
// Construct the full URL now and secure it against CSRF attacks
- $baseUrl = $baseUrl . "://" . $this->detectDomain() . dirname($_SERVER['SCRIPT_NAME']);
+ $baseUrl = $baseUrl . "://" . $this->detectDomain() . $this->detectScriptPath();
// Return the URL
return $baseUrl;
return $fullDomain;
}
+ /**
+ * Detect safely the script path without trailing slash which is the part
+ * between "http://your-domain.invalid/" and "script-name.php"
+ */
+ public function detectScriptPath () {
+ // Default is empty
+ $scriptPath = "";
+
+ // Is the scriptname set?
+ if (isset($_SERVER['SCRIPT_NAME'])) {
+ // Get dirname of it
+ $scriptPath = dirname($_SERVER['SCRIPT_NAME']);
+ } // END - if
+
+ // Return it
+ return $scriptPath;
+ }
+
/**
* Getter for field name
*