From d3bb01b5983a8778e2fa844fda0a5a4f71659f47 Mon Sep 17 00:00:00 2001
From: Frank Karlitschek <frank@owncloud.org>
Date: Tue, 5 Jun 2012 12:53:48 +0200
Subject: [PATCH] more reliable host detection for reverse proxy scenarios

---
 lib/base.php | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/lib/base.php b/lib/base.php
index 8647705de8a..9fc7d0dae8f 100644
--- a/lib/base.php
+++ b/lib/base.php
@@ -376,13 +376,18 @@ class OC{
 
                 // CSRF protection
                 if(isset($_SERVER['HTTP_REFERER'])) $referer=$_SERVER['HTTP_REFERER']; else $referer='';
-                $protocol=OC_Helper::serverProtocol().'://'; 
-		$server=$protocol.OC_Helper::serverHost();
-                if(($_SERVER['REQUEST_METHOD']=='POST') and (substr($referer,0,strlen($server))<>$server)) {
-			$url = $protocol.OC_Helper::serverProtocol().OC::$WEBROOT.'/index.php'; 
-                        header("Location: $url");
-                        exit();
-                } 
+                $refererhost=parse_url($referer);
+                if(isset($refererhost['host'])) $refererhost=$refererhost['host']; else $refererhost='';
+                $server=OC_Helper::serverHost();
+                $serverhost=parse_url($server);
+                if(isset($serverhost['host'])) $serverhost=$serverhost['host']; else $serverhost='';
+                if(!self::$CLI){
+                        if(($_SERVER['REQUEST_METHOD']=='POST') and ($refererhost<>$serverhost)) {
+                                $url = OC_Helper::serverProtocol().'://'.$server.OC::$WEBROOT.'/index.php';
+                                header("Location: $url");
+                                exit();
+                        }
+                }
 
 		self::initSession();
 		self::initTemplateEngine();
-- 
GitLab