From 842e8f9e01ca0835e28e906bbb84f3f7e3f90508 Mon Sep 17 00:00:00 2001 From: odain Date: Wed, 10 Mar 2021 15:32:44 +0100 Subject: [PATCH 1/4] php doc --- datamodels/2.x/itop-attachments/module.itop-attachments.php | 1 + setup/applicationinstaller.class.inc.php | 1 + 2 files changed, 2 insertions(+) diff --git a/datamodels/2.x/itop-attachments/module.itop-attachments.php b/datamodels/2.x/itop-attachments/module.itop-attachments.php index f8ae08ba1..ea2d0b6c3 100644 --- a/datamodels/2.x/itop-attachments/module.itop-attachments.php +++ b/datamodels/2.x/itop-attachments/module.itop-attachments.php @@ -81,6 +81,7 @@ if (!class_exists('AttachmentInstaller')) } /** + * @since 2.7.4 N°3788 * @param string $sTableName * @param int $iBulkSize * diff --git a/setup/applicationinstaller.class.inc.php b/setup/applicationinstaller.class.inc.php index 29cfd992c..8a57472f5 100644 --- a/setup/applicationinstaller.class.inc.php +++ b/setup/applicationinstaller.class.inc.php @@ -727,6 +727,7 @@ class ApplicationInstaller SetupPage::log_info("There are $iOrphanCount useless records in {$sDBPrefix}priv_change (".sprintf('%.2f', ((100.0*$iOrphanCount)/$iTotalCount))."%)"); if ($iOrphanCount > 0) { + //N°3793 if ($iOrphanCount > 100000) { SetupPage::log_warning("There are too much useless records ($iOrphanCount) in {$sDBPrefix}priv_change. Cleanup cannot be done during setup."); From 3bcae734e52551f18769c658325760491c4f815c Mon Sep 17 00:00:00 2001 From: odain Date: Mon, 15 Mar 2021 12:27:05 +0100 Subject: [PATCH 2/4] =?UTF-8?q?N=C2=B03671=20:=20persist=20absolute=20URL?= =?UTF-8?q?=20when=20setup=20context=20(force=20trustproxy=20enabled)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- application/utils.inc.php | 2 +- test/application/UtilsTest.php | 61 ++++++++++++++++++++++++++++++++-- 2 files changed, 60 insertions(+), 3 deletions(-) diff --git a/application/utils.inc.php b/application/utils.inc.php index 721fda1d7..5daf209b3 100644 --- a/application/utils.inc.php +++ b/application/utils.inc.php @@ -812,7 +812,7 @@ class utils public static function GetAbsoluteUrlAppRoot($bForceTrustProxy = false) { static $sUrl = null; - if ($sUrl === null) + if ($sUrl === null || $bForceTrustProxy) { $sUrl = self::GetConfig()->Get('app_root_url'); if ($sUrl == '') diff --git a/test/application/UtilsTest.php b/test/application/UtilsTest.php index 779ea8b38..210995a98 100644 --- a/test/application/UtilsTest.php +++ b/test/application/UtilsTest.php @@ -168,6 +168,63 @@ class UtilsTest extends \Combodo\iTop\Test\UnitTest\ItopTestCase ); } + public function GetDefaultUrlAppRootPersistWhenTrustProxyActivatedAtFirstProvider() { + $this->setUp(); + + $baseServerVar = [ + 'REMOTE_ADDR' => '127.0.0.1', //is not set, disable IsProxyTrusted + 'SERVER_NAME' => 'example.com', + 'HTTP_X_FORWARDED_HOST' => null, + 'SERVER_PORT' => '80', + 'HTTP_X_FORWARDED_PORT' => null, + 'REQUEST_URI' => '/index.php?baz=1', + 'SCRIPT_NAME' => '/index.php', + 'SCRIPT_FILENAME' => APPROOT.'index.php', + 'QUERY_STRING' => 'baz=1', + 'HTTP_X_FORWARDED_PROTO' => null, + 'HTTP_X_FORWARDED_PROTOCOL' => null, + 'HTTPS' => null, + ]; + + return [ + 'ForceTrustProxy disabled' => [ + 'bForceTrustProxy' => false, + 'bConfTrustProxy' => false, + 'aServerVars' => array_merge($baseServerVar, []), + 'sExpectedAppRootUrl' => 'http://example.com/', + ], + 'ForceTrustProxy enabled' => [ + 'bForceTrustProxy' => false, + 'bConfTrustProxy' => true, + 'aServerVars' => array_merge($baseServerVar, []), + 'sExpectedAppRootUrl' => 'http://example.com/', + ], + ]; + } + + /** + * @dataProvider GetDefaultUrlAppRootPersistWhenTrustProxyActivatedAtFirstProvider + */ + public function testGetDefaultUrlAppRootPersistWhenTrustProxyActivatedAtFirst($bForceTrustProxy, $bConfTrustProxy, $aServerVars, $sExpectedAppRootUrl) + { + $_SERVER = $aServerVars; + utils::GetConfig()->Set('trust_proxies', $bConfTrustProxy); + $sAppRootUrl = utils::GetDefaultUrlAppRoot($bForceTrustProxy); + $this->assertEquals($sExpectedAppRootUrl, $sAppRootUrl); + $sPersistedExpectedAppRootUrl = $sAppRootUrl; + + $sAppRootUrl = utils::GetDefaultUrlAppRoot(!$bForceTrustProxy); + if ($bForceTrustProxy){ + $this->assertNotEquals($sExpectedAppRootUrl, $sAppRootUrl); + } else { + $this->assertEquals($sExpectedAppRootUrl, $sAppRootUrl); + $sPersistedExpectedAppRootUrl = $sAppRootUrl; + } + + $this->assertEquals($sPersistedExpectedAppRootUrl, utils::GetDefaultUrlAppRoot($bForceTrustProxy)); + } + + /** * @dataProvider GetDefaultUrlAppRootProvider */ @@ -250,7 +307,7 @@ class UtilsTest extends \Combodo\iTop\Test\UnitTest\ItopTestCase ]), 'sExpectedAppRootUrl' => 'http://example.com/', ], - 'with proxy, enabled' => [ + 'with proxy, enabled HTTP_X_FORWARDED_PROTO' => [ 'bForceTrustProxy' => false, 'bConfTrustProxy' => true, 'aServerVars' => array_merge($baseServerVar, [ @@ -260,7 +317,7 @@ class UtilsTest extends \Combodo\iTop\Test\UnitTest\ItopTestCase ]), 'sExpectedAppRootUrl' => 'https://proxy.com:4443/', ], - 'with proxy, enabled - alt' => [ + 'with proxy, enabled - alt HTTP_X_FORWARDED_PROTO COL' => [ 'bForceTrustProxy' => false, 'bConfTrustProxy' => true, 'aServerVars' => array_merge($baseServerVar, [ From 5d0c61178b997ec770ab4e337f99eee1107022f7 Mon Sep 17 00:00:00 2001 From: odain Date: Mon, 15 Mar 2021 14:34:56 +0100 Subject: [PATCH 3/4] =?UTF-8?q?N=C2=B03671=20:=20persist=20absolute=20URL?= =?UTF-8?q?=20when=20setup=20context=20(force=20trustproxy=20enabled)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- setup/index.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/setup/index.php b/setup/index.php index c98ea1d8d..890c930e8 100644 --- a/setup/index.php +++ b/setup/index.php @@ -54,5 +54,7 @@ if (!function_exists('json_decode')) } ///////////////////////////////////////////////////////////////////// +//N°3671 setup context: force $bForceTrustProxy to be persisted in next calls +utils::GetAbsoluteUrlAppRoot(true); $oWizard = new WizardController('WizStepWelcome'); $oWizard->Run(); From 386c90c601b45675ba181d06f6bb0bd9102b5a65 Mon Sep 17 00:00:00 2001 From: odain Date: Mon, 15 Mar 2021 14:56:16 +0100 Subject: [PATCH 4/4] =?UTF-8?q?N=C2=B03668=20-=20URL=20direct=20error:=20r?= =?UTF-8?q?enamed=20trust=5Fproxies<-behind=5Freverse=5Fproxy?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- application/utils.inc.php | 4 ++-- core/config.class.inc.php | 4 ++-- setup/setuppage.class.inc.php | 2 +- test/application/UtilsTest.php | 4 ++-- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/application/utils.inc.php b/application/utils.inc.php index 5daf209b3..5909a4fe3 100644 --- a/application/utils.inc.php +++ b/application/utils.inc.php @@ -783,7 +783,7 @@ class utils } /** - * @return bool The boolean value of the conf. "trust_proxies" (except if there is no REMOTE_ADDR int his case, it return false) + * @return bool The boolean value of the conf. "behind_reverse_proxy" (except if there is no REMOTE_ADDR int his case, it return false) * * @since 2.7.4 */ @@ -793,7 +793,7 @@ class utils return false; } - $bTrustProxies = (bool) self::GetConfig()->Get('trust_proxies'); + $bTrustProxies = (bool) self::GetConfig()->Get('behind_reverse_proxy'); return $bTrustProxies; } diff --git a/core/config.class.inc.php b/core/config.class.inc.php index 313bb1b94..8881d6ad3 100644 --- a/core/config.class.inc.php +++ b/core/config.class.inc.php @@ -1265,13 +1265,13 @@ class Config 'source_of_value' => '', 'show_in_conf_sample' => false, ], - 'trust_proxies' => [ + 'behind_reverse_proxy' => [ 'type' => 'bool', 'description' => 'If true, then proxies custom header (X-Forwarded-*) are taken into account. Use only if the webserver is not publicly accessible (reachable only by the reverse proxy)', 'default' => false, 'value' => false, 'source_of_value' => '', - 'show_in_conf_sample' => false, + 'show_in_conf_sample' => true, ], ); diff --git a/setup/setuppage.class.inc.php b/setup/setuppage.class.inc.php index 2c4bbef22..a25ad3d23 100644 --- a/setup/setuppage.class.inc.php +++ b/setup/setuppage.class.inc.php @@ -144,7 +144,7 @@ class SetupPage extends NiceWebPage public function output() { - $sLogo = utils::GetAbsoluteUrlAppRoot(true).'/images/itop-logo.png'; + $sLogo = utils::GetAbsoluteUrlAppRoot().'/images/itop-logo.png'; $this->s_content = "

\" ".htmlentities($this->s_title, ENT_QUOTES, self::PAGES_CHARSET)."

\n
{$this->s_content}\n
\n"; diff --git a/test/application/UtilsTest.php b/test/application/UtilsTest.php index 210995a98..73425f61d 100644 --- a/test/application/UtilsTest.php +++ b/test/application/UtilsTest.php @@ -208,7 +208,7 @@ class UtilsTest extends \Combodo\iTop\Test\UnitTest\ItopTestCase public function testGetDefaultUrlAppRootPersistWhenTrustProxyActivatedAtFirst($bForceTrustProxy, $bConfTrustProxy, $aServerVars, $sExpectedAppRootUrl) { $_SERVER = $aServerVars; - utils::GetConfig()->Set('trust_proxies', $bConfTrustProxy); + utils::GetConfig()->Set('behind_reverse_proxy', $bConfTrustProxy); $sAppRootUrl = utils::GetDefaultUrlAppRoot($bForceTrustProxy); $this->assertEquals($sExpectedAppRootUrl, $sAppRootUrl); $sPersistedExpectedAppRootUrl = $sAppRootUrl; @@ -231,7 +231,7 @@ class UtilsTest extends \Combodo\iTop\Test\UnitTest\ItopTestCase public function testGetDefaultUrlAppRoot($bForceTrustProxy, $bConfTrustProxy, $aServerVars, $sExpectedAppRootUrl) { $_SERVER = $aServerVars; - utils::GetConfig()->Set('trust_proxies', $bConfTrustProxy); + utils::GetConfig()->Set('behind_reverse_proxy', $bConfTrustProxy); $sAppRootUrl = utils::GetDefaultUrlAppRoot($bForceTrustProxy); $this->assertEquals($sExpectedAppRootUrl, $sAppRootUrl); }