mirror of
https://github.com/snipe/snipe-it.git
synced 2024-12-25 05:34:06 -08:00
Add some guardrails around very-badly formatted APP_URL settings
This commit is contained in:
parent
b153138d1e
commit
476075235a
|
@ -46,8 +46,12 @@ class AppServiceProvider extends ServiceProvider
|
|||
// TODO - isn't it somehow 'gauche' to check the environment directly; shouldn't we be using config() somehow?
|
||||
if ( ! env('APP_ALLOW_INSECURE_HOSTS')) { // unless you set APP_ALLOW_INSECURE_HOSTS, you should PROHIBIT forging domain parts of URL via Host: headers
|
||||
$url_parts = parse_url(config('app.url'));
|
||||
$root_url = $url_parts['scheme'].'://'.$url_parts['host'].( isset($url_parts['port']) ? ':'.$url_parts['port'] : '');
|
||||
\URL::forceRootUrl($root_url);
|
||||
if($url_parts && array_key_exists('scheme', $url_parts) && array_key_exists('host', $url_parts)) {
|
||||
$root_url = $url_parts['scheme'].'://'.$url_parts['host'].( isset($url_parts['port']) ? ':'.$url_parts['port'] : '');
|
||||
\URL::forceRootUrl($root_url);
|
||||
} else {
|
||||
\Log::error("Your APP_URL in your .env is misconfigured - it is: ".config('app.url').". Many things will work strangely unless you fix it.");
|
||||
}
|
||||
}
|
||||
|
||||
\Illuminate\Pagination\Paginator::useBootstrap();
|
||||
|
|
Loading…
Reference in a new issue