Page Menu
Home
In-Portal Phabricator
Search
Configure Global Search
Log In
Files
F823617
D511.id.diff
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Subscribers
None
File Metadata
Details
File Info
Storage
Attached
Created
Sun, Mar 9, 10:08 PM
Size
4 KB
Mime Type
text/x-diff
Expires
Mon, Mar 10, 10:08 PM (13 h, 38 m)
Engine
blob
Format
Raw Data
Handle
585757
Attached To
D511: INP-1903 - Disallow opening a website on unsupported domains/protocols
D511.id.diff
View Options
Index: core/admin_templates/login.tpl
===================================================================
--- core/admin_templates/login.tpl
+++ core/admin_templates/login.tpl
@@ -259,7 +259,16 @@
if (window.top.frames.length > 0) {
redirect();
}
+ else {
+ // Change the hostname in the URL to match the Admin Console domain when necessary.
+ var $actual_hostname = window.location.hostname,
+ $expected_hostname = (new URL('<inp2:m_AutoDomainLink no_amp="1" js_escape="1"/>')).hostname;
+
+ if ( $actual_hostname !== $expected_hostname ) {
+ window.location.hostname = $expected_hostname;
+ }
+ }
</script>
</inp2:m_if>
-<inp2:m_include t="incs/footer"/>
\ No newline at end of file
+<inp2:m_include t="incs/footer"/>
Index: core/kernel/application.php
===================================================================
--- core/kernel/application.php
+++ core/kernel/application.php
@@ -990,6 +990,8 @@
}
// process maintenance mode redirect: end
+ $this->assertDomain();
+
if ( defined('DEBUG_MODE') && $this->isDebugMode() && kUtil::constOn('DBG_PROFILE_MEMORY') ) {
$this->Debugger->appendMemoryUsage('Application before Run:');
}
@@ -1054,6 +1056,55 @@
}
/**
+ * Don't show website when incorrect "Host" HTTP header is used.
+ *
+ * @return void
+ */
+ protected function assertDomain()
+ {
+ if ( !$this->isDomainAllowed() ) {
+ header('HTTP/1.0 404 Not Found');
+
+ if ( $this->isDebugMode() ) {
+ echo '<br/><br/>';
+ echo 'The "<strong>' . PROTOCOL . SERVER_NAME . '</strong>" protocol/domain combo is not allowed.';
+ }
+
+ exit;
+ }
+ }
+
+ /**
+ * Don't show website when incorrect "Host" HTTP header is used.
+ *
+ * @return boolean
+ */
+ public function isDomainAllowed()
+ {
+ if ( $this->isCachingType(CACHING_TYPE_MEMORY) && $this->getCache($this->getDomainCheckFlagName()) ) {
+ return true;
+ }
+
+ $allowed_domain = DOMAIN;
+
+ if ( PROTOCOL === 'https://' ) {
+ $allowed_domain = $this->getSecureDomain();
+ }
+
+ return SERVER_NAME === $allowed_domain || $this->siteDomainField('DomainName') !== false;
+ }
+
+ /**
+ * Returns domain check flag name.
+ *
+ * @return string
+ */
+ public function getDomainCheckFlagName()
+ {
+ return 'ignore_domain_check_' . $this->getClientIp();
+ }
+
+ /**
* Replaces current rendered template with given one.
*
* @param string|null $template Template.
Index: core/kernel/processors/main_processor.php
===================================================================
--- core/kernel/processors/main_processor.php
+++ core/kernel/processors/main_processor.php
@@ -158,6 +158,25 @@
return $ret;
}
+ /**
+ * Builds link using the protocol-based domain (not the domain from the current URL).
+ *
+ * @param array $params Tag params.
+ *
+ * @return string
+ */
+ protected function AutoDomainLink(array $params)
+ {
+ $params['__SSL__'] = 0;
+
+ // Only build an SSL URL when a secure domain is configured.
+ if ( PROTOCOL === 'https://' && $this->Application->getSecureDomain() ) {
+ $params['__SSL__'] = 1;
+ }
+
+ return $this->Link($params);
+ }
+
function Link($params)
{
// pass "m" prefix, instead of "all", that is by default on Front-End
Index: core/units/configuration/configuration_event_handler.php
===================================================================
--- core/units/configuration/configuration_event_handler.php
+++ core/units/configuration/configuration_event_handler.php
@@ -505,6 +505,29 @@
// keeps module and section in REQUEST to ensure, that last admin template will work
$event->SetRedirectParam('module', $this->Application->GetVar('module'));
$event->SetRedirectParam('section', $this->Application->GetVar('section'));
+
+ if ( !$this->Application->isDomainAllowed() ) {
+ /** @var UserHelper $user_helper */
+ $user_helper = $this->Application->recallObject('UserHelper');
+
+ $user_helper->event =& $event;
+ $user_helper->logoutUser();
+
+ /*
+ * Ignore domain checks for a while to complete the domain change:
+ * 1. finish the logout procedure:
+ * - delete session cookies on the incorrect domain;
+ * - redirect to the login form on the incorrect domain;
+ * 2. redirect from the incorrect domain to the correct domain.
+ */
+ if ( $this->Application->isCachingType(CACHING_TYPE_MEMORY) ) {
+ $this->Application->setCache(
+ $this->Application->getDomainCheckFlagName(),
+ true,
+ 30
+ );
+ }
+ }
}
/**
Event Timeline
Log In to Comment