diff options
author | Thomas Bruederli <thomas@roundcube.net> | 2022-11-02 23:49:57 +0300 |
---|---|---|
committer | Thomas Bruederli <thomas@roundcube.net> | 2022-11-02 23:49:57 +0300 |
commit | 64131d8bd83ef1d55902838fb68dc5c82b06989d (patch) | |
tree | 02418bf28948b975e4bf817db64717a15fe42312 | |
parent | 08bc8fd79eadcd24a63e73f5676a173cfe9f7970 (diff) |
Add check against the proxy_whitelist option
... before using a HTTP header field value for the request uri composition.
Refactor the rcmail::url() method to also work when composing fully qualified urls.
-rw-r--r-- | program/include/rcmail.php | 26 | ||||
-rw-r--r-- | program/lib/Roundcube/rcube_utils.php | 9 |
2 files changed, 26 insertions, 9 deletions
diff --git a/program/include/rcmail.php b/program/include/rcmail.php index dae5cc374..a3bbc3e2f 100644 --- a/program/include/rcmail.php +++ b/program/include/rcmail.php @@ -1119,7 +1119,11 @@ class rcmail extends rcube } $base_path = ''; - if (!empty($_SERVER['REDIRECT_SCRIPT_URL'])) { + $server_var = $this->get_requesr_uri_field(); + if ($server_var && !empty($_SERVER[$server_var])) { + $base_path = preg_replace('/[?&].*$/', '', $_SERVER[$server_var]) ?: './'; + } + else if (!empty($_SERVER['REDIRECT_SCRIPT_URL'])) { $base_path = $_SERVER['REDIRECT_SCRIPT_URL']; } else if (!empty($_SERVER['SCRIPT_NAME'])) { @@ -1154,19 +1158,25 @@ class rcmail extends rcube $prefix = rtrim($prefix, '/') . '/'; } else { - $server_var = $this->config->get('request_uri_field'); - if (isset($server_var) &&!empty($_SERVER[$server_var])) { - $prefix = preg_replace('/[?&].*$/', '', $_SERVER[$server_var]) ?: './'; - } - else { - $prefix = './'; - } + $prefix = $base_path ?: './'; } return $prefix . $url; } /** + * Get the 'request_uri_field' config option + * with an additional check against the 'proxy_whitelist' config + */ + protected function get_requesr_uri_field() { + $server_var = $this->config->get('request_uri_field'); + if (!empty($server_var) && (strpos($server_var, 'HTTP_') !== 0 || rcube_utils::check_proxy_whitelist_ip())) { + return $server_var; + } + return null; + } + + /** * Function to be executed in script shutdown */ public function shutdown() diff --git a/program/lib/Roundcube/rcube_utils.php b/program/lib/Roundcube/rcube_utils.php index 75c227638..29e8b93ad 100644 --- a/program/lib/Roundcube/rcube_utils.php +++ b/program/lib/Roundcube/rcube_utils.php @@ -673,7 +673,7 @@ class rcube_utils if (!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) == 'https' - && in_array($_SERVER['REMOTE_ADDR'], (array) rcube::get_instance()->config->get('proxy_whitelist', [])) + && self::check_proxy_whitelist_ip() ) { return true; } @@ -690,6 +690,13 @@ class rcube_utils } /** + * Check if the reported REMOTE_ADDR is in the 'proxy_whitelist' config option + */ + public static function check_proxy_whitelist_ip() { + return in_array($_SERVER['REMOTE_ADDR'], (array) rcube::get_instance()->config->get('proxy_whitelist', [])); + } + + /** * Replaces hostname variables. * * @param string $name Hostname |