From 25091294ccf5a0133e9102a4bf846c29433e7fff Mon Sep 17 00:00:00 2001
From: hyung-hwan <hyunghwan.chung@gmail.com>
Date: Fri, 17 Sep 2021 13:12:13 +0000
Subject: [PATCH] enhanced handling of proxied requests

---
 codepot/src/codepot/config/config.php | 33 +-----------------------
 codepot/src/index.php                 | 36 +++++++++++++++++++++++++++
 2 files changed, 37 insertions(+), 32 deletions(-)

diff --git a/codepot/src/codepot/config/config.php b/codepot/src/codepot/config/config.php
index e7c2c103..427656e0 100644
--- a/codepot/src/codepot/config/config.php
+++ b/codepot/src/codepot/config/config.php
@@ -12,38 +12,7 @@
 |
 */
 /*$config['base_url']	= "http://example.com"*/
-//$config['base_url'] = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on')? 'https': 'http';
-if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']))
-{
-	/* set to https if the first X-Forwarded-Proto is https */
-	if (array_search ("https", array_map ('strtolower', preg_split("/[\s,]+/", $_SERVER['HTTP_X_FORWARDED_PROTO']))) === 0)
-	{
-		$config['base_url'] = 'https';
-		$_SERVER['REQUEST_PROTOCOL'] = 'https';
-	}
-	else
-	{
-		$config['base_url'] = 'http';
-		$_SERVER['REQUEST_PROTOCOL'] = 'http';
-	}
-}
-else if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on')
-{
-	$config['base_url'] = 'https';
-	$_SERVER['REQUEST_PROTOCOL'] = 'https';
-}
-else
-{
-	$config['base_url'] = 'http';
-	$_SERVER['REQUEST_PROTOCOL'] = 'http';
-}
-
-if (array_key_exists('HTTP_X_FORWARDED_HOST', $_SERVER) && $_SERVER['HTTP_X_FORWARDED_HOST'] != '')
-{
-        $_SERVER['HTTP_HOST'] = $_SERVER['HTTP_X_FORWARDED_HOST'];
-}
-
-$config['base_url'] .= "://{$_SERVER['HTTP_HOST']}";
+$config['base_url'] = "{$_SERVER['REQUEST_PROTOCOL']}://{$_SERVER['HTTP_HOST']}";
 $config['base_url'] .= preg_replace('@/+$@','',dirname($_SERVER['SCRIPT_NAME'])).'/';
 
 /*
diff --git a/codepot/src/index.php b/codepot/src/index.php
index dcfb4f7a..058b9f15 100644
--- a/codepot/src/index.php
+++ b/codepot/src/index.php
@@ -84,6 +84,42 @@ define('FCPATH', str_replace(SELF, '', __FILE__));
 define('BASEPATH', $system_folder.'/');
 define('APPPATH', $application_folder.'/');
 
+/*
+|---------------------------------------------------------------
+| UPDATING $_SERVER
+|---------------------------------------------------------------
+*/ 
+if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']))
+{
+	// set to https if the first X-Forwarded-Proto is https
+	if (array_search ("https", array_map ('strtolower', preg_split("/[\s,]+/", $_SERVER['HTTP_X_FORWARDED_PROTO']))) === 0)
+	{
+		$_SERVER['REQUEST_PROTOCOL'] = 'https';
+	}
+	else
+	{
+		$_SERVER['REQUEST_PROTOCOL'] = 'http';
+	}
+}
+else if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on')
+{
+	$_SERVER['REQUEST_PROTOCOL'] = 'https';
+}
+else
+{
+	$_SERVER['REQUEST_PROTOCOL'] = 'http';
+}
+
+if (array_key_exists('HTTP_X_FORWARDED_HOST', $_SERVER) && $_SERVER['HTTP_X_FORWARDED_HOST'] != '')
+{
+	$_SERVER['HTTP_HOST'] = $_SERVER['HTTP_X_FORWARDED_HOST'];
+}
+
+if (array_key_exists('HTTP_X_FORWARDED_SERVER', $_SERVER) && $_SERVER['HTTP_X_FORWARDED_SERVER'] != '')
+{
+	$_SERVER['SERVER_NAME'] = $_SERVER['HTTP_X_FORWARDED_HOST'];
+}
+
 /*
 |---------------------------------------------------------------
 | COMPULSORY HTTPS