/*
* Simplify finding the path to embed.php by sending it as a HTTP header
* Idea:
* In your integration setup you need to find out
* - the filesystem path for embed.php
* - the g2Uri and the embedUri.
* You can get the embed.php path with your g2Uri by fetching
* http://example.com/gallery2/embed.php?getEmbedPath=1 via fsockopen.
*/
$getEmbedPath = GalleryUtilities::getRequestVariablesNoPrefix('getEmbedPath');
if (!empty($getEmbedPath)) {
if (!headers_sent()) {
/*
* Don't use GalleryUtilities::getRemoteHostAddress()
* since it checks headers that can be forged easily too
*/
$remotehost = GalleryUtilities::getServerVar('REMOTE_ADDR');
$remotehost = !empty($remotehost) ? gethostbyname($remotehost) : '';
$localhost = GalleryUtilities::getServerVar('HTTP_HOST');
$localhost = !empty($localhost) ? gethostbyname($localhost) : '127.0.0.1';
if (!empty($remotehost) && $remotehost == $localhost) {
if (defined('GALLERY_CONFIG_DIR')) {
/* GALLERY_CONFIG_DIR is multisite-aware */
header('X-G2-EMBED-PATH: ' . GALLERY_CONFIG_DIR . '/embed.php');
} else {
/* Fallback if G2 isn't installed yet */
header('X-G2-EMBED-PATH: ' . __FILE__);
}
}
}
}
function _GalleryMain_doRedirect($redirectUrl, $template = null, $controller = null)
{
global $gallery;
/* Create a valid sessionId for guests, if required */
$session =& $gallery->getSession();
$ret = $session->start();
if ($ret) {
return array($ret->wrap(__FILE__, __LINE__), null);
}
$redirectUrl = $session->replaceTempSessionIdIfNecessary($redirectUrl);
$session->doNotUseTempId();
/*
* UserLogin returnUrls don't have a sessionId in the URL to replace, make sure
* there's a sessionId in the redirectUrl for users that don't use cookies
*/
if (!$session->isUsingCookies() && $session->isPersistent() && strpos($redirectUrl, $session->getKey()) === false) {
$redirectUrl = GalleryUrlGenerator::appendParamsToUrl($redirectUrl, array($session->getKey() => $session->getId()));
}
if ($gallery->getDebug() == false || $gallery->getDebug() == 'logged') {
/*
* The URL generator makes HTML 4.01 compliant URLs using
* & but we don't want those in our Location: header.
*/
$redirectUrl = str_replace('&', '&', $redirectUrl);
$redirectUrl = rtrim($redirectUrl, '&? ');
/*
* IIS 3.0 - 5.0 webservers will ignore all other headers if the location header is set.
* It will simply not send other headers, e.g. the set-cookie header, which is important
* for us in the login and logout requests / redirects.
* see: http://support.microsoft.com/kb/q176113/
* Our solution: detect IIS version and append GALLERYSID to the Location URL if necessary
*/
if (in_array($controller, array('core.Logout', 'core.UserLogin', 'publishxp.Login'))) {
/* Check if it's IIS and if the version is < 6.0 */
$webserver = GalleryUtilities::getServerVar('SERVER_SOFTWARE');
if (!empty($webserver) && preg_match('|^Microsoft-IIS/(\\d)\\.\\d$|', trim($webserver), $matches) && $matches[1] < 6) {
/*
* It is IIS and it's a version with this bug, check if GALLERYSID is already in
* the URL, else append it
*/
$session =& $gallery->getSession();
$sessionParamString = GalleryUtilities::prefixFormVariable(urlencode($session->getKey())) . '=' . urlencode($session->getId());
if ($session->isPersistent() && !strstr($redirectUrl, $sessionParamString)) {
$redirectUrl .= strpos($redirectUrl, '?') === false ? '?' : '&';
$redirectUrl .= $sessionParamString;
}
}
}
/* Use our PHP VM for testability */
$phpVm = $gallery->getPhpVm();
$phpVm->header("Location: {$redirectUrl}");
return array('isDone' => true);
} else {
return array('isDone' => true, 'redirectUrl' => $redirectUrl, 'template' => $template);
}
}
function getBaseUrl()
{
/* Can't use GalleryUrlGenerator::makeUrl since it's an object method */
if (!($hostName = GalleryUtilities::getServerVar('HTTP_X_FORWARDED_HOST'))) {
$hostName = GalleryUtilities::getServerVar('HTTP_HOST');
}
$protocol = GalleryUtilities::getServerVar('HTTPS') == 'on' ? 'https' : 'http';
return sprintf('%s://%s', $protocol, $hostName);
}
