From 1eb7aa239f8a539ebb458863e3bbd76e56160add Mon Sep 17 00:00:00 2001 From: =?utf8?q?Roland=20H=C3=A4der?= Date: Sat, 14 Jun 2008 19:28:31 +0000 Subject: [PATCH] Opps, domain detection is wrong --- inc/config.php | 2 +- inc/config/class_FrameworkConfiguration.php | 15 ++++++++++++++- 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/inc/config.php b/inc/config.php index 817609c..a5b19d4 100644 --- a/inc/config.php +++ b/inc/config.php @@ -228,7 +228,7 @@ $cfg->setConfigEntry('cookie_expire', 60*60*24*2); // Two hours! $cfg->setConfigEntry('cookie_path', dirname($_SERVER['SCRIPT_NAME']) . "/"); // CFG: COOKIE-DOMAIN -$cfg->setConfigEntry('cookie_domain', $cfg->readConfig('base_url')); // Is mostly the same... +$cfg->setConfigEntry('cookie_domain', $cfg->detectDomain()); // Is mostly the same... // CFG: COOKIE-SSL $cfg->setConfigEntry('cookie_ssl', (isset($_SERVER['HTTPS']))); diff --git a/inc/config/class_FrameworkConfiguration.php b/inc/config/class_FrameworkConfiguration.php index 5e9b87e..794925d 100644 --- a/inc/config/class_FrameworkConfiguration.php +++ b/inc/config/class_FrameworkConfiguration.php @@ -278,11 +278,24 @@ class FrameworkConfiguration implements Registerable { } // END - if // Construct the full URL now and secure it against CSRF attacks - $baseUrl = $baseUrl . "://" . htmlentities(strip_tags($_SERVER['SERVER_NAME']), ENT_QUOTES) . dirname($_SERVER['SCRIPT_NAME']); + $baseUrl = $baseUrl . "://" . $this->detectDomain() . dirname($_SERVER['SCRIPT_NAME']); // Return the URL return $baseUrl; } + + /** + * Detect safely and return the full domain where this script is installed + * + * @return $fullDomain The detected full domain + */ + public function detectDomain () { + // Detect the full domain + $fullDomain = htmlentities(strip_tags($_SERVER['SERVER_NAME']), ENT_QUOTES); + + // Return it + return $fullDomain; + } } // END - class // [EOF] -- 2.39.5