fu: Close-up of Fu, bringing a scoop of water to her mouth (Default)
fu ([personal profile] fu) wrote in [site community profile] changelog2011-10-28 08:48 am
  • Add Memory
  • Share This Entry

[dw-free] Need to lowercase incoming hostname

[commit: http://hg.dwscoalition.org/dw-free/rev/01805f9be836]

http://bugs.dwscoalition.org/show_bug.cgi?id=3929

Make sure that the hostname is lowercased everywhere.

Patch by [personal profile] exor674.

Files modified:
  • cgi-bin/Apache/LiveJournal.pm
  • cgi-bin/DW/Controller/Protected.pm
  • cgi-bin/DW/Request.pm
  • cgi-bin/DW/Request/Base.pm
  • cgi-bin/ljlib.pl
  • cgi-bin/weblib.pl
  • t/create-url.t
--------------------------------------------------------------------------------
diff -r e983998524fa -r 01805f9be836 cgi-bin/Apache/LiveJournal.pm
--- a/cgi-bin/Apache/LiveJournal.pm	Fri Oct 28 13:36:59 2011 +0800
+++ b/cgi-bin/Apache/LiveJournal.pm	Fri Oct 28 16:48:04 2011 +0800
@@ -286,7 +286,7 @@
     my $uri = $r->uri;
     my $args = $r->args;
     my $args_wq = $args ? "?$args" : "";
-    my $host = $r->headers_in->{"Host"};
+    my $host = lc( $r->headers_in->{"Host"} );
     my $hostport = ( $host =~ s/(:\d+)$// ) ? $1 : "";
 
     # Allow hosts ending in . to work properly.
diff -r e983998524fa -r 01805f9be836 cgi-bin/DW/Controller/Protected.pm
--- a/cgi-bin/DW/Controller/Protected.pm	Fri Oct 28 13:36:59 2011 +0800
+++ b/cgi-bin/DW/Controller/Protected.pm	Fri Oct 28 16:48:04 2011 +0800
@@ -39,7 +39,8 @@
     # using the current request url
     my $returnto = $r->note( 'returnto' ) || LJ::ehtml( $r->get_args->{returnto} );
     if ( ( ! $returnto ) && ( $r->uri ne '/protected' ) ) {
-        my $host = $r->header_in('Host');
+        # FIXME: Convert this to create_url
+        my $host = $r->host;
         my $query_string = $r->query_string ? "?" . $r->query_string : "";
         $returnto = LJ::ehtml( "http://$host" . $r->uri . "$query_string" );
     }
diff -r e983998524fa -r 01805f9be836 cgi-bin/DW/Request.pm
--- a/cgi-bin/DW/Request.pm	Fri Oct 28 13:36:59 2011 +0800
+++ b/cgi-bin/DW/Request.pm	Fri Oct 28 16:48:04 2011 +0800
@@ -139,6 +139,10 @@
 
 Returns the remote IP.
 
+=head2 C<< $r->host >>
+
+Return the (normalized) value of the Host header.
+
 =head2 C<< $r->header_in( $header[, $value] ) >>
 
 Sets or gets an request header.
diff -r e983998524fa -r 01805f9be836 cgi-bin/DW/Request/Base.pm
--- a/cgi-bin/DW/Request/Base.pm	Fri Oct 28 13:36:59 2011 +0800
+++ b/cgi-bin/DW/Request/Base.pm	Fri Oct 28 16:48:04 2011 +0800
@@ -39,6 +39,10 @@
     $self->{get_args} = undef;
 }
 
+sub host {
+    return lc( $_[0]->header_in("Host") );
+}
+
 sub cookie {
     my DW::Request::Base $self = $_[0];
 
diff -r e983998524fa -r 01805f9be836 cgi-bin/ljlib.pl
--- a/cgi-bin/ljlib.pl	Fri Oct 28 13:36:59 2011 +0800
+++ b/cgi-bin/ljlib.pl	Fri Oct 28 16:48:04 2011 +0800
@@ -1419,7 +1419,7 @@
 
     my @fields = ($$, $what);
     if ($what eq "start") {
-        my $host = $r->header_in("Host");
+        my $host = $r->host;
         my $uri = $r->uri;
         my $args = $r->query_string;
         $args = substr($args, 0, 100) if length $args > 100;
diff -r e983998524fa -r 01805f9be836 cgi-bin/weblib.pl
--- a/cgi-bin/weblib.pl	Fri Oct 28 13:36:59 2011 +0800
+++ b/cgi-bin/weblib.pl	Fri Oct 28 16:48:04 2011 +0800
@@ -1234,7 +1234,7 @@
     my $r = DW::Request->get;
     my %out_args = %{ $opts{args} || {} };
 
-    my $host = $opts{host} || $r->header_in("Host");
+    my $host = lc( $opts{host} || $r->host );
     $path ||= $r->uri;
 
     # Default SSL if SSL is set and we are on the same host, unless we explicitly don't want it
@@ -2725,7 +2725,7 @@
 
     my $r = DW::Request->get;
     my $passed_in_location = $opts{host} && $opts{uri} ? 1 : 0;
-    my $host = delete $opts{host} || $r->header_in('Host');
+    my $host = delete $opts{host} || $r->host;
     my $uri = delete $opts{uri} || $r->uri;
 
     my $args;
@@ -3166,7 +3166,7 @@
     my $ret;
 
     my $r = DW::Request->get;
-    my $host = $r->header_in( 'Host' );
+    my $host = $r->host;
     my $uri = $r->uri;
     my $args = LJ::eurl( $r->query_string ) || '';
     my $view = $r->note( 'view' ) || '';
diff -r e983998524fa -r 01805f9be836 t/create-url.t
--- a/t/create-url.t	Fri Oct 28 13:36:59 2011 +0800
+++ b/t/create-url.t	Fri Oct 28 16:48:04 2011 +0800
@@ -1,6 +1,6 @@
 # -*-perl-*-
 use strict;
-use Test::More tests => 19; # replace this number with the number of check_req calls
+use Test::More tests => 20; # replace this number with the number of check_req calls
 use lib "$ENV{LJHOME}/cgi-bin";
 
 require 'ljlib.pl';
@@ -250,6 +250,15 @@
     },
 );
 
+check_req(
+    "http://www.ExAmPlE.com/",
+    undef, {
+        keep_args => 1,
+    },
+    { ssl => 0, host => "www.example.com", uri => "/", },
+    {},
+);
+
 sub check_req {
     my ( $url, $path, $opts, $eopts, $expected ) = @_;
 
--------------------------------------------------------------------------------