nette/http

Unfortunate crossover of `HTTP_HOST` and `SERVER_PORT` variables

zeleznypa opened this issue · 3 comments

An unfortunate combination of parameters leads to an unexpected result when generating a URL.

if (
(isset($_SERVER[$tmp = 'HTTP_HOST']) || isset($_SERVER[$tmp = 'SERVER_NAME']))
&& preg_match('#^([a-z0-9_.-]+|\[[a-f0-9:]+\])(:\d+)?$#Di', $_SERVER[$tmp], $pair)
) {
$url->setHost(rtrim(strtolower($pair[1]), '.'));
if (isset($pair[2])) {
$url->setPort((int) substr($pair[2], 1));
} elseif (isset($_SERVER['SERVER_PORT'])) {
$url->setPort((int) $_SERVER['SERVER_PORT']);
}
}
}

When a user accesses the address http://example.local, NGINX passes the value example.local to the variable $_SERVER['HTTP_HOST']. Nette will use this as the basis for future URL generation. However, it does not find a value for the port in the content and so reaches for the $_SERVER['SERVER_PORT'] variable, which may lead to an undesirable result.

If there is an extra nginx proxy in front of the application that listens for example on port 80 and then redirects the communication to the application that listens by default on port 8080, the value of this variable will be just 8080. But the user has entered and is expecting port 80.

If the variable $_SERVER['HTTP_HOST'] is populated but does not contain the port part, it means that the default is used, i.e. 80 for HTTP and 443 for HTTPS.

Using $_SERVER['SERVER_PORT'] only makes sense in conjunction with $_SERVER['SERVER_NAME'].

dg commented

Can $_SERVER['SERVER_NAME'] even contain a port, e.g. foo.cz:8080?

@dg Default configuration of NGINX have just foo.cz in the $_SERVER['SERVER_NAME'].
But in theory you can setup anything into this variable :)

❤️🙇‍♂️👍