/* * Simplify finding the path to embed.php by sending it as a HTTP header * Idea: * In your integration setup you need to find out * - the filesystem path for embed.php * - the g2Uri and the embedUri. * You can get the embed.php path with your g2Uri by fetching * http://example.com/gallery2/embed.php?getEmbedPath=1 via fsockopen. */ $getEmbedPath = GalleryUtilities::getRequestVariablesNoPrefix('getEmbedPath'); if (!empty($getEmbedPath)) { if (!headers_sent()) { /* * Don't use GalleryUtilities::getRemoteHostAddress() * since it checks headers that can be forged easily too */ $remotehost = GalleryUtilities::getServerVar('REMOTE_ADDR'); $remotehost = !empty($remotehost) ? gethostbyname($remotehost) : ''; $localhost = GalleryUtilities::getServerVar('HTTP_HOST'); $localhost = !empty($localhost) ? gethostbyname($localhost) : '127.0.0.1'; if (!empty($remotehost) && $remotehost == $localhost) { if (defined('GALLERY_CONFIG_DIR')) { /* GALLERY_CONFIG_DIR is multisite-aware */ header('X-G2-EMBED-PATH: ' . GALLERY_CONFIG_DIR . '/embed.php'); } else { /* Fallback if G2 isn't installed yet */ header('X-G2-EMBED-PATH: ' . __FILE__); } } } }
function _GalleryMain_doRedirect($redirectUrl, $template = null, $controller = null) { global $gallery; /* Create a valid sessionId for guests, if required */ $session =& $gallery->getSession(); $ret = $session->start(); if ($ret) { return array($ret->wrap(__FILE__, __LINE__), null); } $redirectUrl = $session->replaceTempSessionIdIfNecessary($redirectUrl); $session->doNotUseTempId(); /* * UserLogin returnUrls don't have a sessionId in the URL to replace, make sure * there's a sessionId in the redirectUrl for users that don't use cookies */ if (!$session->isUsingCookies() && $session->isPersistent() && strpos($redirectUrl, $session->getKey()) === false) { $redirectUrl = GalleryUrlGenerator::appendParamsToUrl($redirectUrl, array($session->getKey() => $session->getId())); } if ($gallery->getDebug() == false || $gallery->getDebug() == 'logged') { /* * The URL generator makes HTML 4.01 compliant URLs using * & but we don't want those in our Location: header. */ $redirectUrl = str_replace('&', '&', $redirectUrl); $redirectUrl = rtrim($redirectUrl, '&? '); /* * IIS 3.0 - 5.0 webservers will ignore all other headers if the location header is set. * It will simply not send other headers, e.g. the set-cookie header, which is important * for us in the login and logout requests / redirects. * see: http://support.microsoft.com/kb/q176113/ * Our solution: detect IIS version and append GALLERYSID to the Location URL if necessary */ if (in_array($controller, array('core.Logout', 'core.UserLogin', 'publishxp.Login'))) { /* Check if it's IIS and if the version is < 6.0 */ $webserver = GalleryUtilities::getServerVar('SERVER_SOFTWARE'); if (!empty($webserver) && preg_match('|^Microsoft-IIS/(\\d)\\.\\d$|', trim($webserver), $matches) && $matches[1] < 6) { /* * It is IIS and it's a version with this bug, check if GALLERYSID is already in * the URL, else append it */ $session =& $gallery->getSession(); $sessionParamString = GalleryUtilities::prefixFormVariable(urlencode($session->getKey())) . '=' . urlencode($session->getId()); if ($session->isPersistent() && !strstr($redirectUrl, $sessionParamString)) { $redirectUrl .= strpos($redirectUrl, '?') === false ? '?' : '&'; $redirectUrl .= $sessionParamString; } } } /* Use our PHP VM for testability */ $phpVm = $gallery->getPhpVm(); $phpVm->header("Location: {$redirectUrl}"); return array('isDone' => true); } else { return array('isDone' => true, 'redirectUrl' => $redirectUrl, 'template' => $template); } }
function getBaseUrl() { /* Can't use GalleryUrlGenerator::makeUrl since it's an object method */ if (!($hostName = GalleryUtilities::getServerVar('HTTP_X_FORWARDED_HOST'))) { $hostName = GalleryUtilities::getServerVar('HTTP_HOST'); } $protocol = GalleryUtilities::getServerVar('HTTPS') == 'on' ? 'https' : 'http'; return sprintf('%s://%s', $protocol, $hostName); }