View Issue Details

WikiRelated ChangesetsJump to Notes
IDProjectCategoryView StatusDate SubmittedLast Update
0009693mantisbtwebpagepublic2008-10-14 14:362008-10-18 18:33
Reporterjbert Assigned Tojreese  
PrioritynormalSeveritytweakReproducibilityalways
Status closedResolutionfixed 
Product Version1.1.2 
Fixed in Version1.1.4 
Summary0009693: Generated HTML contains multiple hostnames when proxied
Description

When Mantis is hosted on a webserver which is accessed through a chain of proxies, the generated HTML code contains multiple hostnames when linking to the CSS stylesheet, images, ...

A snippet of the generated HTML code for the stylesheet:
<link rel="stylesheet" type="text/css" href="http://mantistest2.domain.local, mantistest.domain.local, mantis.domain.local/css/default.css" />

Steps To Reproduce

-Set up two proxies and a webserver. Proxy A forwards to B, and proxy B forwards replies to the webserver hosting mantis.
-Go to proxy A and browse to mantis.
-The site will display, but no images are shown and there is no styling other than the issues being coloured.

Additional Information

The problem lies in config_defaults_inc.php: when $t_host is set using the "HTTP_X_FORWARDED_HOST" server variable, the code does not take in account that this variable can be a list.

The format of this variable is specified in the Apache docs when the "X-Forwarded-Host" header is discussed ( http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#x-headers ).

Tagspatch
Attached Files
multiple_proxies.patch (727 bytes)    
Index: config_defaults_inc.php
===================================================================
--- config_defaults_inc.php	(revision 5670)
+++ config_defaults_inc.php	(working copy)
@@ -85,7 +85,12 @@
 		}
 
 		if ( isset( $_SERVER['HTTP_X_FORWARDED_HOST'] ) ) { // Support ProxyPass
-			$t_host = $_SERVER['HTTP_X_FORWARDED_HOST'];
+			$host_delim = strpos( $_SERVER['HTTP_X_FORWARDED_HOST'], "," );
+			if( $host_delim === false ) {
+				$t_host = $_SERVER['HTTP_X_FORWARDED_HOST'];
+			} else {
+				$t_host = substr( $_SERVER['HTTP_X_FORWARDED_HOST'], 0, $host_delim);
+			}
 		} else if ( isset( $_SERVER['HTTP_HOST'] ) ) {
 			$t_host = $_SERVER['HTTP_HOST'];
 		} else if ( isset( $_SERVER['SERVER_NAME'] ) ) {
multiple_proxies.patch (727 bytes)   

Activities

jbert

jbert

2008-10-14 14:38

reporter   ~0019560

This issue is related to issue 0004831, the fix offered there did not foresee multiple proxies.
jbert

jbert

2008-10-14 15:03

reporter   ~0019561

I added "multiple_proxies.patch" which is supposed to fix this.

Beware that I could not test it.
jreese

jreese

2008-10-14 18:24

reporter   ~0019563

Simplified version of patch applied to SVN trunk, r5673, and SVN 1.1.x, r5674.

Related Changesets

MantisBT: master 5b0afab3

2008-10-14 18:23

jreese


Details Diff		 Fix 0009693: Handle multi-proxy forwarding.

git-svn-id: http://mantisbt.svn.sourceforge.net/svnroot/mantisbt/trunk@5673 <a class="text" href="/?p=mantisbt.git;a=object;h=f5dc347c">f5dc347c</a>-c33d-0410-90a0-b07cc1902cb9		 Affected Issues
0009693
mod - config_defaults_inc.php Diff File

MantisBT: master-1.1.x 86f071a5

2008-10-14 18:24

jreese


Details Diff		 Fix 0009693: Handle multi-proxy forwarding.

git-svn-id: http://mantisbt.svn.sourceforge.net/svnroot/mantisbt/branches/BRANCH_1_1_0@5674 <a class="text" href="/?p=mantisbt.git;a=object;h=f5dc347c">f5dc347c</a>-c33d-0410-90a0-b07cc1902cb9		 Affected Issues
0009693
mod - config_defaults_inc.php Diff File