From: Cédric Barboiron <ced@winkie.fr>
Date: Mon, 10 Jul 2017 12:00:56 +0000 (+0200)
Subject: sanity: check X-Forwarded-Proto for self_url
X-Git-Tag: 17.12~145^2~2^2
X-Git-Url: https://git.wh0rd.org/?a=commitdiff_plain;h=643ebe4229249a5c3d1d7f584880ae7c35aa30b6;p=tt-rss.git

sanity: check X-Forwarded-Proto for self_url
---

diff --git a/include/sanity_check.php b/include/sanity_check.php
index 2f5315ed..ea7b0da8 100755
--- a/include/sanity_check.php
+++ b/include/sanity_check.php
@@ -15,7 +15,8 @@
 	 * to get out. */
 
 	function make_self_url_path() {
-		$url_path = ($_SERVER['HTTPS'] != "on" ? 'http://' :  'https://') . $_SERVER["HTTP_HOST"] . parse_url($_SERVER["REQUEST_URI"], PHP_URL_PATH);
+		$proto = ($_SERVER['HTTPS'] == 'on' || $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') ? 'https' : 'http';
+		$url_path = $proto . '://' . $_SERVER["HTTP_HOST"] . parse_url($_SERVER["REQUEST_URI"], PHP_URL_PATH);
 
 		return $url_path;
 	}