Merge branch 'support/2.7' into develop

application/utils.inc.php

@@ -861,7 +861,7 @@ class utils
 	}
 
 	/**
-	 * @return bool The boolean value of the conf. "trust_proxies" (except if there is no REMOTE_ADDR int his case, it return false)
+	 * @return bool The boolean value of the conf. "behind_reverse_proxy" (except if there is no REMOTE_ADDR int his case, it return false)
 	 *
 	 * @since 2.7.4
 	 */
@@ -871,7 +871,7 @@ class utils
 			return false;
 		}
 
-		$bTrustProxies = (bool) self::GetConfig()->Get('trust_proxies');
+		$bTrustProxies = (bool) self::GetConfig()->Get('behind_reverse_proxy');
 
 		return $bTrustProxies;
 	}
@@ -890,7 +890,7 @@ class utils
 	public static function GetAbsoluteUrlAppRoot($bForceTrustProxy = false)
 	{
 		static $sUrl = null;
-		if ($sUrl === null)
+		if ($sUrl === null || $bForceTrustProxy)
 		{
 			$sUrl = self::GetConfig()->Get('app_root_url');
 			if ($sUrl == '')

core/config.class.inc.php

@@ -1365,13 +1365,13 @@ class Config
 			'source_of_value' => '',
 			'show_in_conf_sample' => false,
 		],
-		'trust_proxies' => [
+		'behind_reverse_proxy' => [
 			'type' => 'bool',
 			'description' => 'If true, then proxies custom header (X-Forwarded-*) are taken into account. Use only if the webserver is not publicly accessible (reachable only by the reverse proxy)',
 			'default' => false,
 			'value' => false,
 			'source_of_value' => '',
-			'show_in_conf_sample' => false,
+			'show_in_conf_sample' => true,
 		],
 	];
 

datamodels/2.x/itop-attachments/module.itop-attachments.php

@@ -82,6 +82,7 @@ if (!class_exists('AttachmentInstaller'))
 		}
 
 		/**
+		 * @since 2.7.4 N°3788
 		 * @param string $sTableName
 		 * @param int $iBulkSize
 		 *

setup/applicationinstaller.class.inc.php

@@ -727,6 +727,7 @@ class ApplicationInstaller
 				SetupLog::Info("There are $iOrphanCount useless records in {$sDBPrefix}priv_change (".sprintf('%.2f', ((100.0*$iOrphanCount)/$iTotalCount))."%)");
 				if ($iOrphanCount > 0)
 				{
+					//N°3793
 					if ($iOrphanCount > 100000)
 					{
 						SetupLog::Info("There are too much useless records ($iOrphanCount) in {$sDBPrefix}priv_change. Cleanup cannot be done during setup.");

setup/setuppage.class.inc.php

@@ -152,7 +152,7 @@ class SetupPage extends NiceWebPage
 
 	public function output()
 	{
-		$sLogo = utils::GetAbsoluteUrlAppRoot(true).'/images/itop-logo.png?t='.utils::GetCacheBusterTimestamp();
+		$sLogo = utils::GetAbsoluteUrlAppRoot().'/images/itop-logo.png?t='.utils::GetCacheBusterTimestamp();
 		$oSetupPage = UIContentBlockUIBlockFactory::MakeStandard();
 		$oHeader = UIContentBlockUIBlockFactory::MakeStandard('header', ['ibo-setup--header']);
 		$oSetupPage->AddSubBlock($oHeader);

test/application/UtilsTest.php

@@ -168,13 +168,70 @@ class UtilsTest extends \Combodo\iTop\Test\UnitTest\ItopTestCase
 		);
 	}
 
+	public function GetDefaultUrlAppRootPersistWhenTrustProxyActivatedAtFirstProvider() {
+		$this->setUp();
+
+		$baseServerVar = [
+			'REMOTE_ADDR' => '127.0.0.1', //is not set, disable IsProxyTrusted
+			'SERVER_NAME' => 'example.com',
+			'HTTP_X_FORWARDED_HOST' => null,
+			'SERVER_PORT' => '80',
+			'HTTP_X_FORWARDED_PORT' => null,
+			'REQUEST_URI' => '/index.php?baz=1',
+			'SCRIPT_NAME' => '/index.php',
+			'SCRIPT_FILENAME' => APPROOT.'index.php',
+			'QUERY_STRING' => 'baz=1',
+			'HTTP_X_FORWARDED_PROTO' => null,
+			'HTTP_X_FORWARDED_PROTOCOL' => null,
+			'HTTPS' => null,
+		];
+
+		return [
+			'ForceTrustProxy disabled' => [
+				'bForceTrustProxy' => false,
+				'bConfTrustProxy' => false,
+				'aServerVars' => array_merge($baseServerVar, []),
+				'sExpectedAppRootUrl' => 'http://example.com/',
+			],
+			'ForceTrustProxy enabled' => [
+				'bForceTrustProxy' => false,
+				'bConfTrustProxy' => true,
+				'aServerVars' => array_merge($baseServerVar, []),
+				'sExpectedAppRootUrl' => 'http://example.com/',
+			],
+		];
+	}
+
+	/**
+	 * @dataProvider GetDefaultUrlAppRootPersistWhenTrustProxyActivatedAtFirstProvider
+	 */
+	public function testGetDefaultUrlAppRootPersistWhenTrustProxyActivatedAtFirst($bForceTrustProxy, $bConfTrustProxy, $aServerVars, $sExpectedAppRootUrl)
+	{
+		$_SERVER = $aServerVars;
+		utils::GetConfig()->Set('behind_reverse_proxy', $bConfTrustProxy);
+		$sAppRootUrl = utils::GetDefaultUrlAppRoot($bForceTrustProxy);
+		$this->assertEquals($sExpectedAppRootUrl, $sAppRootUrl);
+		$sPersistedExpectedAppRootUrl = $sAppRootUrl;
+
+		$sAppRootUrl = utils::GetDefaultUrlAppRoot(!$bForceTrustProxy);
+		if ($bForceTrustProxy){
+			$this->assertNotEquals($sExpectedAppRootUrl, $sAppRootUrl);
+		} else {
+			$this->assertEquals($sExpectedAppRootUrl, $sAppRootUrl);
+			$sPersistedExpectedAppRootUrl = $sAppRootUrl;
+		}
+
+		$this->assertEquals($sPersistedExpectedAppRootUrl, utils::GetDefaultUrlAppRoot($bForceTrustProxy));
+	}
+
+
 	/**
 	 * @dataProvider GetDefaultUrlAppRootProvider
 	 */
 	public function testGetDefaultUrlAppRoot($bForceTrustProxy, $bConfTrustProxy, $aServerVars, $sExpectedAppRootUrl)
 	{
 		$_SERVER = $aServerVars;
-		utils::GetConfig()->Set('trust_proxies', $bConfTrustProxy);
+		utils::GetConfig()->Set('behind_reverse_proxy', $bConfTrustProxy);
 		$sAppRootUrl = utils::GetDefaultUrlAppRoot($bForceTrustProxy);
 		$this->assertEquals($sExpectedAppRootUrl, $sAppRootUrl);
 	}
@@ -250,7 +307,7 @@ class UtilsTest extends \Combodo\iTop\Test\UnitTest\ItopTestCase
 				]),
 				'sExpectedAppRootUrl' => 'http://example.com/',
 			],
-			'with proxy, enabled' => [
+			'with proxy, enabled HTTP_X_FORWARDED_PROTO' => [
 				'bForceTrustProxy' => false,
 				'bConfTrustProxy' => true,
 				'aServerVars' => array_merge($baseServerVar, [
@@ -260,7 +317,7 @@ class UtilsTest extends \Combodo\iTop\Test\UnitTest\ItopTestCase
 				]),
 				'sExpectedAppRootUrl' => 'https://proxy.com:4443/',
 			],
-			'with proxy, enabled - alt' => [
+			'with proxy, enabled - alt HTTP_X_FORWARDED_PROTO COL' => [
 				'bForceTrustProxy' => false,
 				'bConfTrustProxy' => true,
 				'aServerVars' => array_merge($baseServerVar, [