Skip to content

Commit 2b4b7c0

Browse files
pitbulkpitbulk
authored
Merge pull request SAML-Toolkits#158 from dhensby/pulls/proxy-optin
NEW Control usage of X-Forwarded-* headers
2 parents 570a5d9 + 6026142 commit 2b4b7c0

File tree

1 file changed

+31
-9
lines changed

1 file changed

+31
-9
lines changed

lib/Saml2/Utils.php

Lines changed: 31 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -8,14 +8,20 @@
88

99
class OneLogin_Saml2_Utils
1010
{
11+
1112
/**
12-
* Translates any string. Accepts args
13-
*
14-
* @param string $msg Message to be translated
15-
* @param array|null $args Arguments
16-
*
17-
* @return string $translatedMsg Translated text
18-
*/
13+
* @var bool Control if the `Forwarded-For-*` headers are used
14+
*/
15+
private static $_proxyVars = false;
16+
17+
/**
18+
* Translates any string. Accepts args
19+
*
20+
* @param string $msg Message to be translated
21+
* @param array|null $args Arguments
22+
*
23+
* @return string $translatedMsg Translated text
24+
*/
1925
public static function t($msg, $args = array())
2026
{
2127
assert('is_string($msg)');
@@ -272,6 +278,22 @@ public static function redirect($url, $parameters = array(), $stay = false)
272278
exit();
273279
}
274280

281+
/**
282+
* @param $proxyVars bool Whether to use `X-Forwarded-*` headers to determine port/domain/protocol
283+
*/
284+
public static function setProxyVars($proxyVars)
285+
{
286+
self::$_proxyVars = (bool)$proxyVars;
287+
}
288+
289+
/**
290+
* return bool
291+
*/
292+
public static function getProxyVars()
293+
{
294+
return self::$_proxyVars;
295+
}
296+
275297
/**
276298
* Returns the protocol + the current host + the port (if different than
277299
* common ports).
@@ -290,7 +312,7 @@ public static function getSelfURLhost()
290312
$protocol = 'http';
291313
}
292314

293-
if (isset($_SERVER["HTTP_X_FORWARDED_PORT"])) {
315+
if (self::getProxyVars() && isset($_SERVER["HTTP_X_FORWARDED_PORT"])) {
294316
$portnumber = $_SERVER["HTTP_X_FORWARDED_PORT"];
295317
} else if (isset($_SERVER["SERVER_PORT"])) {
296318
$portnumber = $_SERVER["SERVER_PORT"];
@@ -342,7 +364,7 @@ public static function isHTTPS()
342364
{
343365
$isHttps = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off')
344366
|| (isset($_SERVER['SERVER_PORT']) && $_SERVER['SERVER_PORT'] == 443)
345-
|| (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https');
367+
|| (self::getProxyVars() && isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https');
346368
return $isHttps;
347369
}
348370

0 commit comments

Comments
 (0)