diff --git a/application/utils.inc.php b/application/utils.inc.php index 6a39df2e0..669cb5661 100644 --- a/application/utils.inc.php +++ b/application/utils.inc.php @@ -861,7 +861,7 @@ class utils } /** - * @return bool The boolean value of the conf. "trust_proxies" (except if there is no REMOTE_ADDR int his case, it return false) + * @return bool The boolean value of the conf. "behind_reverse_proxy" (except if there is no REMOTE_ADDR int his case, it return false) * * @since 2.7.4 */ @@ -871,7 +871,7 @@ class utils return false; } - $bTrustProxies = (bool) self::GetConfig()->Get('trust_proxies'); + $bTrustProxies = (bool) self::GetConfig()->Get('behind_reverse_proxy'); return $bTrustProxies; } @@ -890,7 +890,7 @@ class utils public static function GetAbsoluteUrlAppRoot($bForceTrustProxy = false) { static $sUrl = null; - if ($sUrl === null) + if ($sUrl === null || $bForceTrustProxy) { $sUrl = self::GetConfig()->Get('app_root_url'); if ($sUrl == '') diff --git a/core/config.class.inc.php b/core/config.class.inc.php index b71f05caf..a32e5bae0 100644 --- a/core/config.class.inc.php +++ b/core/config.class.inc.php @@ -1365,13 +1365,13 @@ class Config 'source_of_value' => '', 'show_in_conf_sample' => false, ], - 'trust_proxies' => [ + 'behind_reverse_proxy' => [ 'type' => 'bool', 'description' => 'If true, then proxies custom header (X-Forwarded-*) are taken into account. Use only if the webserver is not publicly accessible (reachable only by the reverse proxy)', 'default' => false, 'value' => false, 'source_of_value' => '', - 'show_in_conf_sample' => false, + 'show_in_conf_sample' => true, ], ]; diff --git a/datamodels/2.x/itop-attachments/module.itop-attachments.php b/datamodels/2.x/itop-attachments/module.itop-attachments.php index cdb4977b8..8fa496665 100644 --- a/datamodels/2.x/itop-attachments/module.itop-attachments.php +++ b/datamodels/2.x/itop-attachments/module.itop-attachments.php @@ -82,6 +82,7 @@ if (!class_exists('AttachmentInstaller')) } /** + * @since 2.7.4 N°3788 * @param string $sTableName * @param int $iBulkSize * diff --git a/setup/applicationinstaller.class.inc.php b/setup/applicationinstaller.class.inc.php index 240758380..5b7d4a869 100644 --- a/setup/applicationinstaller.class.inc.php +++ b/setup/applicationinstaller.class.inc.php @@ -727,6 +727,7 @@ class ApplicationInstaller SetupLog::Info("There are $iOrphanCount useless records in {$sDBPrefix}priv_change (".sprintf('%.2f', ((100.0*$iOrphanCount)/$iTotalCount))."%)"); if ($iOrphanCount > 0) { + //N°3793 if ($iOrphanCount > 100000) { SetupLog::Info("There are too much useless records ($iOrphanCount) in {$sDBPrefix}priv_change. Cleanup cannot be done during setup."); diff --git a/setup/setuppage.class.inc.php b/setup/setuppage.class.inc.php index 7cf53fd64..a356ca7d9 100644 --- a/setup/setuppage.class.inc.php +++ b/setup/setuppage.class.inc.php @@ -152,7 +152,7 @@ class SetupPage extends NiceWebPage public function output() { - $sLogo = utils::GetAbsoluteUrlAppRoot(true).'/images/itop-logo.png?t='.utils::GetCacheBusterTimestamp(); + $sLogo = utils::GetAbsoluteUrlAppRoot().'/images/itop-logo.png?t='.utils::GetCacheBusterTimestamp(); $oSetupPage = UIContentBlockUIBlockFactory::MakeStandard(); $oHeader = UIContentBlockUIBlockFactory::MakeStandard('header', ['ibo-setup--header']); $oSetupPage->AddSubBlock($oHeader); diff --git a/test/application/UtilsTest.php b/test/application/UtilsTest.php index 02a9bd8c1..5966d08d0 100644 --- a/test/application/UtilsTest.php +++ b/test/application/UtilsTest.php @@ -168,13 +168,70 @@ class UtilsTest extends \Combodo\iTop\Test\UnitTest\ItopTestCase ); } + public function GetDefaultUrlAppRootPersistWhenTrustProxyActivatedAtFirstProvider() { + $this->setUp(); + + $baseServerVar = [ + 'REMOTE_ADDR' => '127.0.0.1', //is not set, disable IsProxyTrusted + 'SERVER_NAME' => 'example.com', + 'HTTP_X_FORWARDED_HOST' => null, + 'SERVER_PORT' => '80', + 'HTTP_X_FORWARDED_PORT' => null, + 'REQUEST_URI' => '/index.php?baz=1', + 'SCRIPT_NAME' => '/index.php', + 'SCRIPT_FILENAME' => APPROOT.'index.php', + 'QUERY_STRING' => 'baz=1', + 'HTTP_X_FORWARDED_PROTO' => null, + 'HTTP_X_FORWARDED_PROTOCOL' => null, + 'HTTPS' => null, + ]; + + return [ + 'ForceTrustProxy disabled' => [ + 'bForceTrustProxy' => false, + 'bConfTrustProxy' => false, + 'aServerVars' => array_merge($baseServerVar, []), + 'sExpectedAppRootUrl' => 'http://example.com/', + ], + 'ForceTrustProxy enabled' => [ + 'bForceTrustProxy' => false, + 'bConfTrustProxy' => true, + 'aServerVars' => array_merge($baseServerVar, []), + 'sExpectedAppRootUrl' => 'http://example.com/', + ], + ]; + } + + /** + * @dataProvider GetDefaultUrlAppRootPersistWhenTrustProxyActivatedAtFirstProvider + */ + public function testGetDefaultUrlAppRootPersistWhenTrustProxyActivatedAtFirst($bForceTrustProxy, $bConfTrustProxy, $aServerVars, $sExpectedAppRootUrl) + { + $_SERVER = $aServerVars; + utils::GetConfig()->Set('behind_reverse_proxy', $bConfTrustProxy); + $sAppRootUrl = utils::GetDefaultUrlAppRoot($bForceTrustProxy); + $this->assertEquals($sExpectedAppRootUrl, $sAppRootUrl); + $sPersistedExpectedAppRootUrl = $sAppRootUrl; + + $sAppRootUrl = utils::GetDefaultUrlAppRoot(!$bForceTrustProxy); + if ($bForceTrustProxy){ + $this->assertNotEquals($sExpectedAppRootUrl, $sAppRootUrl); + } else { + $this->assertEquals($sExpectedAppRootUrl, $sAppRootUrl); + $sPersistedExpectedAppRootUrl = $sAppRootUrl; + } + + $this->assertEquals($sPersistedExpectedAppRootUrl, utils::GetDefaultUrlAppRoot($bForceTrustProxy)); + } + + /** * @dataProvider GetDefaultUrlAppRootProvider */ public function testGetDefaultUrlAppRoot($bForceTrustProxy, $bConfTrustProxy, $aServerVars, $sExpectedAppRootUrl) { $_SERVER = $aServerVars; - utils::GetConfig()->Set('trust_proxies', $bConfTrustProxy); + utils::GetConfig()->Set('behind_reverse_proxy', $bConfTrustProxy); $sAppRootUrl = utils::GetDefaultUrlAppRoot($bForceTrustProxy); $this->assertEquals($sExpectedAppRootUrl, $sAppRootUrl); } @@ -250,7 +307,7 @@ class UtilsTest extends \Combodo\iTop\Test\UnitTest\ItopTestCase ]), 'sExpectedAppRootUrl' => 'http://example.com/', ], - 'with proxy, enabled' => [ + 'with proxy, enabled HTTP_X_FORWARDED_PROTO' => [ 'bForceTrustProxy' => false, 'bConfTrustProxy' => true, 'aServerVars' => array_merge($baseServerVar, [ @@ -260,7 +317,7 @@ class UtilsTest extends \Combodo\iTop\Test\UnitTest\ItopTestCase ]), 'sExpectedAppRootUrl' => 'https://proxy.com:4443/', ], - 'with proxy, enabled - alt' => [ + 'with proxy, enabled - alt HTTP_X_FORWARDED_PROTO COL' => [ 'bForceTrustProxy' => false, 'bConfTrustProxy' => true, 'aServerVars' => array_merge($baseServerVar, [