From 4392fbc6c1c211896c93020bd64201326211b8bc Mon Sep 17 00:00:00 2001 From: =?utf8?q?Roland=20H=C3=A4der?= Date: Fri, 3 Oct 2008 00:30:56 +0000 Subject: [PATCH] Cookie path now detected by generic method --- inc/config.php | 2 +- inc/config/class_FrameworkConfiguration.php | 20 +++++++++++++++++++- 2 files changed, 20 insertions(+), 2 deletions(-) diff --git a/inc/config.php b/inc/config.php index 751dc7a..65eba41 100644 --- a/inc/config.php +++ b/inc/config.php @@ -267,7 +267,7 @@ $cfg->setConfigEntry('guest_class', "Guest"); $cfg->setConfigEntry('cookie_expire', (60*60*2)); // Two hours! // CFG: COOKIE-PATH -$cfg->setConfigEntry('cookie_path', dirname($_SERVER['SCRIPT_NAME']) . "/"); +$cfg->setConfigEntry('cookie_path', $cfg->detectScriptPath() . "/"); // CFG: COOKIE-DOMAIN $cfg->setConfigEntry('cookie_domain', $cfg->detectDomain()); // Is mostly the same... diff --git a/inc/config/class_FrameworkConfiguration.php b/inc/config/class_FrameworkConfiguration.php index 8f6fa15..e7dfb69 100644 --- a/inc/config/class_FrameworkConfiguration.php +++ b/inc/config/class_FrameworkConfiguration.php @@ -231,7 +231,7 @@ class FrameworkConfiguration implements Registerable { } // END - if // Construct the full URL now and secure it against CSRF attacks - $baseUrl = $baseUrl . "://" . $this->detectDomain() . dirname($_SERVER['SCRIPT_NAME']); + $baseUrl = $baseUrl . "://" . $this->detectDomain() . $this->detectScriptPath(); // Return the URL return $baseUrl; @@ -256,6 +256,24 @@ class FrameworkConfiguration implements Registerable { return $fullDomain; } + /** + * Detect safely the script path without trailing slash which is the part + * between "http://your-domain.invalid/" and "script-name.php" + */ + public function detectScriptPath () { + // Default is empty + $scriptPath = ""; + + // Is the scriptname set? + if (isset($_SERVER['SCRIPT_NAME'])) { + // Get dirname of it + $scriptPath = dirname($_SERVER['SCRIPT_NAME']); + } // END - if + + // Return it + return $scriptPath; + } + /** * Getter for field name * -- 2.39.2