/**
  * If the $url is a relative URL, will attempt to create
  * a full URL by prepending $this->baseURI to it.
  *
  * @param string $url
  *
  * @return string
  */
 protected function prepareURL(string $url) : string
 {
     // If it's a full URI, then we have nothing to do here...
     if (strpos($url, '://') !== false) {
         return $url;
     }
     $uri = $this->baseURI->resolveRelativeURI($url);
     return (string) $uri;
 }
Esempio n. 2
0
 /**
  * Sets up our URI object based on the information we have. This is
  * either provided by the user in the baseURL Config setting, or
  * determined from the environment as needed.
  *
  * @param $protocol
  * @param $baseURL
  */
 protected function detectURI($protocol, $baseURL)
 {
     $this->uri->setPath($this->detectPath($protocol));
     // Based on our baseURL provided by the developer (if set)
     // set our current domain name, scheme
     if (!empty($baseURL)) {
         $this->uri->setScheme(parse_url($baseURL, PHP_URL_SCHEME));
         $this->uri->setHost(parse_url($baseURL, PHP_URL_HOST));
         $this->uri->setPort(parse_url($baseURL, PHP_URL_PORT));
     } else {
         $this->isSecure() ? $this->uri->setScheme('https') : $this->uri->setScheme('http');
         // While both SERVER_NAME and HTTP_HOST are open to security issues,
         // if we have to choose, we will go with the server-controlled version first.
         !empty($_SERVER['SERVER_NAME']) ? isset($_SERVER['SERVER_NAME']) ? $this->uri->setHost($_SERVER['SERVER_NAME']) : null : (isset($_SERVER['HTTP_HOST']) ? $this->uri->setHost($_SERVER['HTTP_HOST']) : null);
         if (!empty($_SERVER['SERVER_PORT'])) {
             $this->uri->setPort($_SERVER['SERVER_PORT']);
         }
     }
 }
 /**
  * @dataProvider defaultResolutions
  */
 public function testResolveRelativeURI($rel, $expected)
 {
     $base = 'http://a/b/c/d';
     $uri = new URI($base);
     $new = $uri->resolveRelativeURI($rel);
     $this->assertEquals($expected, (string) $new);
 }
Esempio n. 4
0
 /**
  * Used to force a page to be accessed in via HTTPS.
  * Uses a standard redirect, plus will set the HSTS header
  * for modern browsers that support, which gives best
  * protection against man-in-the-middle attacks.
  *
  * @see https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
  *
  * @param int $duration How long should the SSL header be set for? (in seconds)
  *                      Defaults to 1 year.
  * @param RequestInterface $request
  * @param ResponseInterface $response
  */
 function force_https(int $duration = 31536000, RequestInterface $request = null, ResponseInterface $response = null)
 {
     if (is_null($request)) {
         $request = Services::request(null, true);
     }
     if (is_null($response)) {
         $response = Services::response(null, true);
     }
     if ($request->isSecure()) {
         return;
     }
     // If the session library is loaded, we should regenerate
     // the session ID for safety sake.
     if (class_exists('Session', false)) {
         Services::session(null, true)->regenerate();
     }
     $uri = $request->uri;
     $uri->setScheme('https');
     $uri = \CodeIgniter\HTTP\URI::createURIString($uri->getScheme(), $uri->getAuthority(true), $uri->getPath(), $uri->getQuery(), $uri->getFragment());
     // Set an HSTS header
     $response->setHeader('Strict-Transport-Security', 'max-age=' . $duration);
     $response->redirect($uri);
     exit;
 }