• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[split] CodeIgniter 3.0.3 and Windows

#1
Nice work on security... but my base_url gets detected as http://::1/webapp which doesn't work in my Win7/x64 using Chrome 46 when trying to access http://localhost/webapp

But, if I access as http://127.0.0.1/webapp the base_url gets detected as http://127.0.0.1/webapp  as it should, even if I try with the IP of the net (192.168.80.24) it gets resolved, and works!!

Is this a windows issue? or a CI one?

Anyway... thanks for the UPDATE !!
Reply

#2
(11-02-2015, 04:21 PM)pabloveliz Wrote: Nice work on security... but my base_url gets detected as http://::1/webapp which doesn't work in my Win7/x64 using Chrome 46 when trying to access http://localhost/webapp

But, if I access as http://127.0.0.1/webapp the base_url gets detected as http://127.0.0.1/webapp  as it should, even if I try with the IP of the net (192.168.80.24) it gets resolved, and works!!

Is this a windows issue? or a CI one?

Anyway... thanks for the UPDATE !!

Is not for windows, is for a change in a new release for a security improvement. https://www.codeigniter.com/user_guide/i...e_303.html
Greetings.
Reply

#3
(11-02-2015, 04:21 PM)pabloveliz Wrote: Nice work on security... but my base_url gets detected as http://::1/webapp which doesn't work in my Win7/x64 using Chrome 46 when trying to access http://localhost/webapp

But, if I access as http://127.0.0.1/webapp the base_url gets detected as http://127.0.0.1/webapp  as it should, even if I try with the IP of the net (192.168.80.24) it gets resolved, and works!!

Is this a windows issue? or a CI one?

Anyway... thanks for the UPDATE !!

I'm working on Windows and following this helped

Upgrading from 3.0.2 to 3.0.3
http://www.codeigniter.com/user_guide/in...-not-empty

PHP Code:
// Set the protocol
$protocol 'http://';
if ( isset( 
$_SERVER["HTTPS"] ) && strtolower$_SERVER["HTTPS"] ) == "on" ) {
 
   $protocol 'https://';
} else {
 
   $_SERVER['HTTPS'] = 'off';
}
// Set the base_url
$config['base_url'] = $protocol.$_SERVER['HTTP_HOST']; 
Reply

#4
@Martin7483
Do you know your code could allow Host header injection?

@pabloveliz
If you want to use http://localhost/, create config/development/config.php, and set the $config['base_url'].
Do you want to write tests for your apps? Our book, CodeIgniter Testing Guide would help you.
Reply

#5
(11-03-2015, 02:46 AM)kenjis Wrote: @Martin7483
Do you know your code could allow Host header injection?

Ah, yes.

But I have this in my index.php
PHP Code:
/*
 *---------------------------------------------------------------
 * SANITIZE $_SERVER HTTP HOST
 *---------------------------------------------------------------
 *
 * Set a whitelist of allowed domains
 */
$default_domain 'mydomain.com';
$allowed_domains = array('mydomain.com');
if( ! 
in_array($_SERVER['HTTP_HOST'], $allowed_domains) ) {
 
   $_SERVER['HTTP_HOST'] = $default_domain;

Reply


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.