From 0344bc5218a6057c15c93530de5a645f1756c147 Mon Sep 17 00:00:00 2001
From: Rajko Albrecht <ral@alwins-world.de>
Date: Fri, 8 Feb 2019 12:47:12 +0100
Subject: [PATCH] Ticket #5236

Start checks against local sites list for allowed reverse proxy forwards
---
 interface/lib/app.inc.php | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/interface/lib/app.inc.php b/interface/lib/app.inc.php
index e546521224..dddbb20613 100755
--- a/interface/lib/app.inc.php
+++ b/interface/lib/app.inc.php
@@ -335,6 +335,9 @@ class app {
 	
 	private function get_cookie_domain() {
 		$proxy_panel_allowed = $this->getconf->get_security_config('permissions')['reverse_proxy_panel_allowed'];
+		if ($proxy_panel_allowed == 'all') {
+			return '';
+		}
 		$cookie_domain = (isset($_SERVER['SERVER_NAME']) ? $_SERVER['SERVER_NAME'] : $_SERVER['HTTP_HOST']);
 		// Workaround for Nginx servers
 		if($cookie_domain == '_') {
@@ -342,10 +345,18 @@ class app {
 			$cookie_domain = $tmp[0];
 			unset($tmp);
 		}
-		$this->log("Server: ".print_r($_SERVER,true));
-		if ($proxy_panel_allowed == 'all') {
-			return '';
+		if($proxy_panel_allowed == 'sites') {
+			$forwarded_host = (isset($_SERVER['HTTP_X_FORWARDED_HOST']) ? $_SERVER['HTTP_X_FORWARDED_HOST'] : null );
+			if($forwarded_host !== null && $forwarded_host !== $cookie_domain) {
+				$sql = "SELECT domain_id from web_domain where domain = '$forwarded_host'";
+				$recs = $this->db->queryOneRecord($sql);
+				if($recs !== null) {
+					$cookie_domain = $forwarded_host;
+				}
+				unset($forwarded_host);
+			}
 		}
+		
 		return $cookie_domain;
 	}
 
-- 
GitLab