def conf_init():
"""
Loads the configuration and sets the base URL, cookie domain, and
session name correctly.
"""
# These will come from settings
# db_url, db_prefix, cookie_domain, conf, installed_profile, update_free_access
if (lib_appglobals.base_url != None):
# Parse fixed base URL from settings.php.
parts = php.parse_url(lib_appglobals.base_url)
if (not php.isset(parts, 'path')):
parts['path'] = ''
lib_appglobals.base_path = parts['path'] + '/'
# Build base_root (everything until first slash after "scheme://").
lib_appglobals.base_root = \
php.substr(lib_appglobals.base_url, 0, \
php.strlen(lib_appglobals.base_url) - \
php.strlen(parts['path']))
else:
# Create base URL
lib_appglobals.base_root = \
('https' if (php.isset(php.SERVER, 'HTTPS') and \
php.SERVER['HTTPS'] == 'on') else 'http')
# As php.SERVER['HTTP_HOST'] is user input, ensure it only contains
# characters allowed in hostnames.
lib_appglobals.base_root += '://' + \
php.preg_replace('/[^a-z0-9-:._]/i', '', \
php.SERVER['HTTP_HOST'])
lib_appglobals.base_url = lib_appglobals.base_root
# php.SERVER['SCRIPT_NAME'] can, in contrast to php.SERVER['PHP_SELF'], not
# be modified by a visitor.
dir = php.trim(php.dirname(php.SERVER['SCRIPT_NAME']), '\,/')
if (len(dir) > 0):
lib_appglobals.base_path = "/dir"
lib_appglobals.base_url += lib_appglobals.base_path
lib_appglobals.base_path += '/'
else:
lib_appglobals.base_path = '/'
if (settings.cookie_domain != None):
# If the user specifies the cookie domain, also use it for session name.
session_name_ = settings.cookie_domain
else:
# Otherwise use base_url as session name, without the protocol
# to use the same session identifiers across http and https.
session_name_ = php.explode('://', lib_appglobals.base_url, 2)[1]
# We escape the hostname because it can be modified by a visitor.
if (not php.empty(php.SERVER['HTTP_HOST'])):
settings.cookie_domain = check_plain(php.SERVER['HTTP_HOST'])
# To prevent session cookies from being hijacked, a user can configure the
# SSL version of their website to only transfer session cookies via SSL by
# using PHP's session.cookie_secure setting. The browser will then use two
# separate session cookies for the HTTPS and HTTP versions of the site. So we
# must use different session identifiers for HTTPS and HTTP to prevent a
# cookie collision.
if (php.ini_get('session.cookie_secure')):
session_name_ += 'SSL'
# Strip leading periods, www., and port numbers from cookie domain.
settings.cookie_domain = php.ltrim(settings.cookie_domain, '.')
if (php.strpos(settings.cookie_domain, 'www.') == 0):
settings.cookie_domain = php.substr(settings.cookie_domain, 4)
settings.cookie_domain = php.explode(':', settings.cookie_domain)
settings.cookie_domain = '.' + settings.cookie_domain[0]
# Per RFC 2109, cookie domains must contain at least one dot other than the
# first. For hosts such as 'localhost' or IP Addresses we don't set a
# cookie domain.
if (php.count(php.explode('.', settings.cookie_domain)) > 2 and not \
php.is_numeric(php.str_replace('.', '', settings.cookie_domain))):
php.ini_set('session.cookie_domain', settings.cookie_domain)
#print session_name;
lib_session.name('SESS' + php.md5(session_name_))
def conf_init():
"""
Loads the configuration and sets the base URL, cookie domain, and
session name correctly.
"""
# These will come from settings
# db_url, db_prefix, cookie_domain, conf, installed_profile, update_free_access
if lib_appglobals.base_url != None:
# Parse fixed base URL from settings.php.
parts = php.parse_url(lib_appglobals.base_url)
if not php.isset(parts, "path"):
parts["path"] = ""
lib_appglobals.base_path = parts["path"] + "/"
# Build base_root (everything until first slash after "scheme://").
lib_appglobals.base_root = php.substr(
lib_appglobals.base_url, 0, php.strlen(lib_appglobals.base_url) - php.strlen(parts["path"])
)
else:
# Create base URL
lib_appglobals.base_root = (
"https" if (php.isset(php.SERVER, "HTTPS") and php.SERVER["HTTPS"] == "on") else "http"
)
# As php.SERVER['HTTP_HOST'] is user input, ensure it only contains
# characters allowed in hostnames.
lib_appglobals.base_root += "://" + php.preg_replace("/[^a-z0-9-:._]/i", "", php.SERVER["HTTP_HOST"])
lib_appglobals.base_url = lib_appglobals.base_root
# php.SERVER['SCRIPT_NAME'] can, in contrast to php.SERVER['PHP_SELF'], not
# be modified by a visitor.
dir = php.trim(php.dirname(php.SERVER["SCRIPT_NAME"]), "\,/")
if len(dir) > 0:
lib_appglobals.base_path = "/dir"
lib_appglobals.base_url += lib_appglobals.base_path
lib_appglobals.base_path += "/"
else:
lib_appglobals.base_path = "/"
if settings.cookie_domain != None:
# If the user specifies the cookie domain, also use it for session name.
session_name_ = settings.cookie_domain
else:
# Otherwise use base_url as session name, without the protocol
# to use the same session identifiers across http and https.
session_name_ = php.explode("://", lib_appglobals.base_url, 2)[1]
# We escape the hostname because it can be modified by a visitor.
if not php.empty(php.SERVER["HTTP_HOST"]):
settings.cookie_domain = check_plain(php.SERVER["HTTP_HOST"])
# To prevent session cookies from being hijacked, a user can configure the
# SSL version of their website to only transfer session cookies via SSL by
# using PHP's session.cookie_secure setting. The browser will then use two
# separate session cookies for the HTTPS and HTTP versions of the site. So we
# must use different session identifiers for HTTPS and HTTP to prevent a
# cookie collision.
if php.ini_get("session.cookie_secure"):
session_name_ += "SSL"
# Strip leading periods, www., and port numbers from cookie domain.
settings.cookie_domain = php.ltrim(settings.cookie_domain, ".")
if php.strpos(settings.cookie_domain, "www.") == 0:
settings.cookie_domain = php.substr(settings.cookie_domain, 4)
settings.cookie_domain = php.explode(":", settings.cookie_domain)
settings.cookie_domain = "." + settings.cookie_domain[0]
# Per RFC 2109, cookie domains must contain at least one dot other than the
# first. For hosts such as 'localhost' or IP Addresses we don't set a
# cookie domain.
if php.count(php.explode(".", settings.cookie_domain)) > 2 and not php.is_numeric(
php.str_replace(".", "", settings.cookie_domain)
):
php.ini_set("session.cookie_domain", settings.cookie_domain)
# print session_name;
lib_session.name("SESS" + php.md5(session_name_))
