From fc33876bc07c24ed4a743ee1a58225ef5cf27d61 Mon Sep 17 00:00:00 2001 From: Michiel Dethmers Date: Sat, 10 Jul 2021 16:45:36 +0100 Subject: [PATCH 01/18] move IP detection function to more global location --- public_html/lists/admin/inc/netlib.php | 49 ------------------------- public_html/lists/admin/lib.php | 50 ++++++++++++++++++++++++++ 2 files changed, 50 insertions(+), 49 deletions(-) diff --git a/public_html/lists/admin/inc/netlib.php b/public_html/lists/admin/inc/netlib.php index 512e1b381..d6b514427 100644 --- a/public_html/lists/admin/inc/netlib.php +++ b/public_html/lists/admin/inc/netlib.php @@ -2,52 +2,3 @@ require_once dirname(__FILE__).'/accesscheck.php'; -//bth rainhail.com 7.1.2015 added to support proxys passing along the client IP -//https://www.chriswiegman.com/2014/05/getting-correct-ip-address-php/ -function getClientIP() -{ - if (function_exists('apache_request_headers')) { - $headers = apache_request_headers(); - //logEvent("apache_request_headers"); - } else { - $headers = $_SERVER; - //logEvent("_SERVER"); - } - - if (array_key_exists('X-Forwarded-For', $headers)) { - //logEvent("server1=".$headers['X-Forwarded-For']); - } - - if (array_key_exists('HTTP_X_FORWARDED_FOR', $headers)) { - //logEvent("server2=".$headers['HTTP_X_FORWARDED_FOR']); - } - - if (array_key_exists('X-Forwarded-For', $headers)) { - $forwarded_for = $headers['X-Forwarded-For']; - $forwarded_list = explode(',', $forwarded_for); - $forwarded_list = array_map('trim', $forwarded_list); - $the_ip = array_shift($forwarded_list); - - if (filter_var($the_ip, FILTER_VALIDATE_IP)) { - //logEvent("X-Forwarded-For ip=".$the_ip); - return $the_ip; - } - } - - if (array_key_exists('HTTP_X_FORWARDED_FOR', $headers)) { - $forwarded_for = $headers['HTTP_X_FORWARDED_FOR']; - $forwarded_list = explode(',', $forwarded_for); - $forwarded_list = array_map('trim', $forwarded_list); - $the_ip = array_shift($forwarded_list); - - if (filter_var($the_ip, FILTER_VALIDATE_IP)) { - //logEvent("HTTP_X_FORWARDED_FOR ip=".$the_ip); - return $the_ip; - } - } - - $the_ip = filter_var($_SERVER['REMOTE_ADDR'], FILTER_VALIDATE_IP); - //logEvent("REMOTE_ADDR ip=".$the_ip); - - return $the_ip; -} diff --git a/public_html/lists/admin/lib.php b/public_html/lists/admin/lib.php index f3791bce0..6e40d33da 100644 --- a/public_html/lists/admin/lib.php +++ b/public_html/lists/admin/lib.php @@ -2396,3 +2396,53 @@ function sanitiseId($value) { return preg_replace('/[^0-9A-Za-z\-_:.]/', '', $value); } + +//bth rainhail.com 7.1.2015 added to support proxys passing along the client IP +//https://www.chriswiegman.com/2014/05/getting-correct-ip-address-php/ +function getClientIP() +{ + if (function_exists('apache_request_headers')) { + $headers = apache_request_headers(); + //logEvent("apache_request_headers"); + } else { + $headers = $_SERVER; + //logEvent("_SERVER"); + } + + if (array_key_exists('X-Forwarded-For', $headers)) { + //logEvent("server1=".$headers['X-Forwarded-For']); + } + + if (array_key_exists('HTTP_X_FORWARDED_FOR', $headers)) { + //logEvent("server2=".$headers['HTTP_X_FORWARDED_FOR']); + } + + if (array_key_exists('X-Forwarded-For', $headers)) { + $forwarded_for = $headers['X-Forwarded-For']; + $forwarded_list = explode(',', $forwarded_for); + $forwarded_list = array_map('trim', $forwarded_list); + $the_ip = array_shift($forwarded_list); + + if (filter_var($the_ip, FILTER_VALIDATE_IP)) { + //logEvent("X-Forwarded-For ip=".$the_ip); + return $the_ip; + } + } + + if (array_key_exists('HTTP_X_FORWARDED_FOR', $headers)) { + $forwarded_for = $headers['HTTP_X_FORWARDED_FOR']; + $forwarded_list = explode(',', $forwarded_for); + $forwarded_list = array_map('trim', $forwarded_list); + $the_ip = array_shift($forwarded_list); + + if (filter_var($the_ip, FILTER_VALIDATE_IP)) { + //logEvent("HTTP_X_FORWARDED_FOR ip=".$the_ip); + return $the_ip; + } + } + + $the_ip = filter_var($_SERVER['REMOTE_ADDR'], FILTER_VALIDATE_IP); + //logEvent("REMOTE_ADDR ip=".$the_ip); + + return $the_ip; +} From 98ad57ffad9c034b408740d20f5257ccada242b0 Mon Sep 17 00:00:00 2001 From: Michiel Dethmers Date: Sat, 10 Jul 2021 17:01:45 +0100 Subject: [PATCH 02/18] replace (almost) all REMOTE_ADDR with getClientIP(), so that it continues to work behind a proxy --- public_html/lists/admin/actions/processqueue.php | 2 +- public_html/lists/admin/class.phplistmailer.php | 4 ++-- public_html/lists/admin/inc/userlib.php | 11 +++-------- public_html/lists/admin/lib.php | 2 +- public_html/lists/admin/processbounces.php | 2 +- public_html/lists/admin/readtestmail.php | 2 +- public_html/lists/index.php | 4 ++-- public_html/lists/lt.php | 2 +- public_html/lists/ut.php | 2 +- 9 files changed, 13 insertions(+), 18 deletions(-) diff --git a/public_html/lists/admin/actions/processqueue.php b/public_html/lists/admin/actions/processqueue.php index 280742f0d..f738d0cc5 100644 --- a/public_html/lists/admin/actions/processqueue.php +++ b/public_html/lists/admin/actions/processqueue.php @@ -427,7 +427,7 @@ function processQueueOutput($message, $logit = 1, $target = 'summary') return; } else { - $infostring = '['.date('D j M Y H:i', time()).'] ['.$_SERVER['REMOTE_ADDR'].']'; + $infostring = '['.date('D j M Y H:i', time()).'] ['.getClientIP().']'; //print "$infostring $message
\n"; $lines = explode("\n", $message); foreach ($lines as $line) { diff --git a/public_html/lists/admin/class.phplistmailer.php b/public_html/lists/admin/class.phplistmailer.php index cffa35ecb..69898eae7 100644 --- a/public_html/lists/admin/class.phplistmailer.php +++ b/public_html/lists/admin/class.phplistmailer.php @@ -170,7 +170,7 @@ public function __construct($messageid, $email, $inBlast = true, $exceptions = f // $this->addCustomHeader("Return-Receipt-To: ".$GLOBALS["message_envelope"]); } //# when the email is generated from a webpage (quite possible :-) add a "received line" to identify the origin - if (!empty($_SERVER['REMOTE_ADDR'])) { + if (!empty(getClientIP())) { $this->add_timestamp(); } $this->messageid = $messageid; @@ -192,7 +192,7 @@ public function add_timestamp() //0013076: // Add a line like Received: from [10.1.2.3] by website.example.com with HTTP; 01 Jan 2003 12:34:56 -0000 // more info: http://www.spamcop.net/fom-serve/cache/369.html - $ip_address = $_SERVER['REMOTE_ADDR']; + $ip_address = getClientIP(); if (!empty($_SERVER['REMOTE_HOST'])) { $ip_domain = $_SERVER['REMOTE_HOST']; } else { diff --git a/public_html/lists/admin/inc/userlib.php b/public_html/lists/admin/inc/userlib.php index d534372f6..5323f0052 100644 --- a/public_html/lists/admin/inc/userlib.php +++ b/public_html/lists/admin/inc/userlib.php @@ -588,7 +588,7 @@ function addEmailToBlackList($email, $reason = '', $date = '') Sql_Query(sprintf('insert ignore into %s (email,name,data) values("%s","%s","%s")', $GLOBALS['tables']['user_blacklist_data'], sql_escape($email), 'reason', addslashes($reason))); - foreach (array('REMOTE_ADDR') as $item) { // @@@do we want to know more? + foreach (array('REMOTE_ADDR','HTTP_X_FORWARDED_FOR') as $item) { // @@@do we want to know more? if (isset($_SERVER[$item])) { Sql_Query(sprintf('insert ignore into %s (email,name,data) values("%s","%s","%s")', $GLOBALS['tables']['user_blacklist_data'], addslashes($email), @@ -829,7 +829,7 @@ function addUserHistory($email, $msg, $detail) } } } else { - $default = array('HTTP_USER_AGENT', 'HTTP_REFERER', 'REMOTE_ADDR', 'REQUEST_URI'); + $default = array('HTTP_USER_AGENT', 'HTTP_REFERER', 'REMOTE_ADDR', 'REQUEST_URI','HTTP_X_FORWARDED_FOR'); foreach ($sysarrays as $key => $val) { if (in_array($key, $default)) { $sysinfo .= "\n".strip_tags($key).' = '.htmlspecialchars($val); @@ -839,13 +839,8 @@ function addUserHistory($email, $msg, $detail) $userid = Sql_Fetch_Row_Query("select id from $user_table where email = \"$email\""); if ($userid[0]) { - if (isset($_SERVER['REMOTE_ADDR'])) { - $ip = $_SERVER['REMOTE_ADDR']; - } else { - $ip = ''; - } Sql_Query(sprintf('insert into %s (ip,userid,date,summary,detail,systeminfo) - values("%s",%d,now(),"%s","%s","%s")', $user_his_table, $ip, $userid[0], sql_escape($msg), + values("%s",%d,now(),"%s","%s","%s")', $user_his_table, getClientIP(), $userid[0], sql_escape($msg), sql_escape(htmlspecialchars($detail)), sql_escape($sysinfo))); } } diff --git a/public_html/lists/admin/lib.php b/public_html/lists/admin/lib.php index 6e40d33da..8c9e88dba 100644 --- a/public_html/lists/admin/lib.php +++ b/public_html/lists/admin/lib.php @@ -979,7 +979,7 @@ function getPageLock($force = 0) if (!empty($GLOBALS['commandline'])) { $processIdentifier = SENDPROCESS_SERVERNAME.':'.getmypid(); } else { - $processIdentifier = $_SERVER['REMOTE_ADDR']; + $processIdentifier = getClientIP(); } $res = Sql_query('insert into '.$tables['sendprocess'].' (started,page,alive,ipaddress) values(now(),"'.$thispage.'",1,"'.$processIdentifier.'")'); $send_process_id = Sql_Insert_Id(); diff --git a/public_html/lists/admin/processbounces.php b/public_html/lists/admin/processbounces.php index b7397ef04..a4d7e6a92 100644 --- a/public_html/lists/admin/processbounces.php +++ b/public_html/lists/admin/processbounces.php @@ -64,7 +64,7 @@ function processbounces_shutdown() function outputProcessBounce($message, $reset = 0) { $infostring = '['.date('D j M Y H:i', - time()).'] ['.getenv('REMOTE_HOST').'] ['.getenv('REMOTE_ADDR').']'; + time()).'] ['.getenv('REMOTE_HOST').'] ['.getClientIP().']'; //print "$infostring $message
\n"; $message = preg_replace("/\n/", '', $message); //# contribution from http://forums.phplist.com/viewtopic.php?p=14648 diff --git a/public_html/lists/admin/readtestmail.php b/public_html/lists/admin/readtestmail.php index 2ff35eec3..a0ca03ed3 100644 --- a/public_html/lists/admin/readtestmail.php +++ b/public_html/lists/admin/readtestmail.php @@ -85,7 +85,7 @@ function processTestEmails_shutdown() function output($message, $reset = 0) { $infostring = '['.date('D j M Y H:i', - time()).'] ['.getenv('REMOTE_HOST').'] ['.getenv('REMOTE_ADDR').']'; + time()).'] ['.getenv('REMOTE_HOST').'] ['.getClientIP().']'; //print "$infostring $message
\n"; $message = preg_replace("/\n/", '', $message); //# contribution from http://forums.phplist.com/viewtopic.php?p=14648 diff --git a/public_html/lists/index.php b/public_html/lists/index.php index cf39c2fd5..855f4981a 100644 --- a/public_html/lists/index.php +++ b/public_html/lists/index.php @@ -157,7 +157,7 @@ } else { session_regenerate_id(); loadUser($emailcheck); - $_SESSION['userloggedin'] = $_SERVER['REMOTE_ADDR']; + $_SESSION['userloggedin'] = getClientIP(); } } elseif (!empty($_POST['forgotpassword'])) { // forgot password button pushed @@ -1045,7 +1045,7 @@ function forwardPage($id) $GLOBALS['tables']['usermessage'], $userdata['id'], $mid)); if (empty($userdata['id']) || $allowed[0] != $userdata['id']) { //# when sending a test email as an admin, the entry isn't there yet - if (empty($_SESSION['adminloggedin']) || $_SESSION['adminloggedin'] != $_SERVER['REMOTE_ADDR']) { + if (empty($_SESSION['adminloggedin']) || $_SESSION['adminloggedin'] != getClientIP()) { FileNotFound('
'.$GLOBALS['I18N']->get('When testing the phpList forward functionality, you need to be logged in as an administrator.').'
'); } } diff --git a/public_html/lists/lt.php b/public_html/lists/lt.php index 0b3cce341..65256bd0f 100644 --- a/public_html/lists/lt.php +++ b/public_html/lists/lt.php @@ -200,7 +200,7 @@ } Sql_Query(sprintf('insert into %s (messageid,userid,viewed,ip,data) values(%d,%d,now(),"%s","%s")', - $GLOBALS['tables']['user_message_view'], $messageid, $userid, $_SERVER['REMOTE_ADDR'], sql_escape(serialize($metaData)))); + $GLOBALS['tables']['user_message_view'], $messageid, $userid, getClientIP(), sql_escape(serialize($metaData)))); } $uml = Sql_Fetch_Array_Query(sprintf('select * from %s where messageid = %d and forwardid = %d and userid = %d', diff --git a/public_html/lists/ut.php b/public_html/lists/ut.php index c89664285..287d39a73 100644 --- a/public_html/lists/ut.php +++ b/public_html/lists/ut.php @@ -58,7 +58,7 @@ } Sql_Query(sprintf('insert into %s (messageid,userid,viewed,ip,data) values(%d,%d,now(),"%s","%s")', - $GLOBALS['tables']['user_message_view'], $_GET['m'], $userid[0],$_SERVER['REMOTE_ADDR'], sql_escape(serialize($metaData)))); + $GLOBALS['tables']['user_message_view'], $_GET['m'], $userid[0],getClientIP(), sql_escape(serialize($metaData)))); } } From 8676f7763cab3766503667135967ffa3d6b46f15 Mon Sep 17 00:00:00 2001 From: Michiel Dethmers Date: Wed, 20 Oct 2021 20:52:43 +0100 Subject: [PATCH 03/18] cache the ip address found --- public_html/lists/admin/inc/netlib.php | 52 ++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) diff --git a/public_html/lists/admin/inc/netlib.php b/public_html/lists/admin/inc/netlib.php index d6b514427..6d2915754 100644 --- a/public_html/lists/admin/inc/netlib.php +++ b/public_html/lists/admin/inc/netlib.php @@ -2,3 +2,55 @@ require_once dirname(__FILE__).'/accesscheck.php'; +function getClientIP() +{ + static $the_ip = null; + + if ($the_ip !== null) { + return $the_ip; + } + if (function_exists('apache_request_headers')) { + $headers = apache_request_headers(); + //logEvent("apache_request_headers"); + } else { + $headers = $_SERVER; + //logEvent("_SERVER"); + } + + if (array_key_exists('X-Forwarded-For', $headers)) { + //logEvent("server1=".$headers['X-Forwarded-For']); + } + + if (array_key_exists('HTTP_X_FORWARDED_FOR', $headers)) { + //logEvent("server2=".$headers['HTTP_X_FORWARDED_FOR']); + } + + if (array_key_exists('X-Forwarded-For', $headers)) { + $forwarded_for = $headers['X-Forwarded-For']; + $forwarded_list = explode(',', $forwarded_for); + $forwarded_list = array_map('trim', $forwarded_list); + $the_ip = array_shift($forwarded_list); + + if (filter_var($the_ip, FILTER_VALIDATE_IP)) { + //logEvent("X-Forwarded-For ip=".$the_ip); + return $the_ip; + } + } + + if (array_key_exists('HTTP_X_FORWARDED_FOR', $headers)) { + $forwarded_for = $headers['HTTP_X_FORWARDED_FOR']; + $forwarded_list = explode(',', $forwarded_for); + $forwarded_list = array_map('trim', $forwarded_list); + $the_ip = array_shift($forwarded_list); + + if (filter_var($the_ip, FILTER_VALIDATE_IP)) { + //logEvent("HTTP_X_FORWARDED_FOR ip=".$the_ip); + return $the_ip; + } + } + + $the_ip = filter_var($_SERVER['REMOTE_ADDR'], FILTER_VALIDATE_IP); + //logEvent("REMOTE_ADDR ip=".$the_ip); + + return $the_ip; +} From 02faef6f9482c13eab4a47235039cc0756dc9273 Mon Sep 17 00:00:00 2001 From: Michiel Dethmers Date: Wed, 20 Oct 2021 21:01:27 +0100 Subject: [PATCH 04/18] tidy up --- public_html/lists/admin/inc/netlib.php | 56 -------------------------- public_html/lists/admin/index.php | 1 - public_html/lists/admin/lib.php | 7 +++- 3 files changed, 5 insertions(+), 59 deletions(-) delete mode 100644 public_html/lists/admin/inc/netlib.php diff --git a/public_html/lists/admin/inc/netlib.php b/public_html/lists/admin/inc/netlib.php deleted file mode 100644 index 6d2915754..000000000 --- a/public_html/lists/admin/inc/netlib.php +++ /dev/null @@ -1,56 +0,0 @@ - Date: Tue, 13 Dec 2022 20:55:17 +0000 Subject: [PATCH 05/18] detect proxy in hostname --- public_html/lists/admin/connect.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/public_html/lists/admin/connect.php b/public_html/lists/admin/connect.php index 151338ce5..89c26b880 100644 --- a/public_html/lists/admin/connect.php +++ b/public_html/lists/admin/connect.php @@ -1492,6 +1492,8 @@ function hostName() { if (HTTP_HOST) { return HTTP_HOST; + } elseif (!empty($_SERVER['X_FORWARDED_FOR'])) { + return $_SERVER['X_FORWARDED_FOR']; } elseif (!empty($_SERVER['HTTP_HOST'])) { return $_SERVER['HTTP_HOST']; } else { From 27c00fb343a90296164faaef3acea2ee3bd8fde7 Mon Sep 17 00:00:00 2001 From: Michiel Dethmers Date: Thu, 27 Jul 2023 09:47:52 +0100 Subject: [PATCH 06/18] Allow config to set ADMIN_WWWROOT and USER_WWWROOT to bypass the URL detection and hard code the admin and frontend locations. --- VERSION | 2 +- public_html/lists/admin/actions/import2.php | 6 +++- .../lists/admin/actions/processqueue.php | 22 +++++++++----- public_html/lists/admin/connect.php | 6 +++- public_html/lists/admin/defaultconfig.php | 30 +++++++++++-------- public_html/lists/admin/index.php | 10 +------ public_html/lists/admin/init.php | 17 +++++++---- public_html/lists/admin/lib.php | 6 +++- public_html/lists/admin/processbounces.php | 13 ++++++-- public_html/lists/admin/sendemaillib.php | 24 +++++++-------- public_html/lists/admin/subscribelib2.php | 16 ++++++---- public_html/lists/index.php | 6 +++- 12 files changed, 98 insertions(+), 60 deletions(-) diff --git a/VERSION b/VERSION index 67e90bec5..64c61e86e 100755 --- a/VERSION +++ b/VERSION @@ -1,4 +1,4 @@ # file that keeps track of the latest tag in cvs and the corresponding version # this automates publishing a new version, when it's tagged # if you don't understand this, don't worry. You don't need this file -VERSION=3.6.6-RC2 +VERSION=3.6.14-dev diff --git a/public_html/lists/admin/actions/import2.php b/public_html/lists/admin/actions/import2.php index aa8ea0704..403eaf78a 100644 --- a/public_html/lists/admin/actions/import2.php +++ b/public_html/lists/admin/actions/import2.php @@ -278,7 +278,11 @@ $some = 1; } - $history_entry = $GLOBALS['admin_scheme'].'://'.getConfig('website').$GLOBALS['adminpages'].'/?page=user&id='.$userid."\n\n"; + if (defined('ADMIN_WWWROOT')) { + $history_entry = ADMIN_WWWROOT.'/?page=user&id='.$userid."\n\n"; + } else { + $history_entry = $GLOBALS['admin_scheme'].'://'.getConfig('website').$GLOBALS['adminpages'].'/?page=user&id='.$userid."\n\n"; + } reset($_SESSION['import_attribute']); // var_dump($_SESSION);exit; if ($new || (!$new && $_SESSION['overwrite'] == 'yes')) { diff --git a/public_html/lists/admin/actions/processqueue.php b/public_html/lists/admin/actions/processqueue.php index c63d689b0..20658bcb9 100644 --- a/public_html/lists/admin/actions/processqueue.php +++ b/public_html/lists/admin/actions/processqueue.php @@ -382,8 +382,8 @@ function finish($flag, $message, $script_stage) // If plugins have not sent the report, send it the default way if (!$reportSent) { - $messageWithIntro = s('The following events occured while processing the message queue:')."\n".$message; - $messageWithIntroAndFooter = $messageWithIntro."\n\n".s('To stop receiving these reports read:').' https://resources.phplist.com/system/config/send_queue_processing_report'."\n\n"; + $messageWithIntro = '
'.s('The following events occured while processing the message queue:')."
\n".$message; + $messageWithIntroAndFooter = $messageWithIntro."
\n
\n".s('To stop receiving these reports read:').' https://resources.phplist.com/system/config/send_queue_processing_report'."\n\n"; sendReport($subject, $messageWithIntroAndFooter); } } @@ -458,7 +458,7 @@ function processQueueOutput($message, $logit = 1, $target = 'summary') flush(); } - $report .= "\n$infostring $message"; + $report .= "
\n$infostring $message"; if ($logit) { logEvent($message); } @@ -715,10 +715,14 @@ function sendEmailTest($messageid, $email) if (!empty($msgdata['notify_start']) && !isset($msgdata['start_notified'])) { $notifications = explode(',', $msgdata['notify_start']); foreach ($notifications as $notification) { + if (defined('ADMIN_WWWROOT')) { + $progressUrl = ADMIN_WWWROOT.'/?page=messages&tab=active'; + } else { + $progressUrl = $GLOBALS['admin_scheme'].'://'.hostName().$GLOBALS['adminpages'].'/?page=messages&tab=active'; + } sendMail($notification, s('Campaign started'), s('phplist has started sending the campaign with subject %s', $msgdata['subject'])."\n\n". - s('to view the progress of this campaign, go to %s://%s', $GLOBALS['admin_scheme'], - hostName().$GLOBALS['adminpages'].'/?page=messages&tab=active')); + s('to view the progress of this campaign, go to %s',$progressUrl)); } Sql_Query(sprintf('insert ignore into %s (name,id,data) values("start_notified",%d,now())', $GLOBALS['tables']['messagedata'], $messageid)); @@ -1369,10 +1373,14 @@ function sendEmailTest($messageid, $email) if (!empty($msgdata['notify_end']) && !isset($msgdata['end_notified'])) { $notifications = explode(',', $msgdata['notify_end']); foreach ($notifications as $notification) { + if (defined('ADMIN_WWWROOT')) { + $resultsUrl = ADMIN_WWWROOT.'/?page=statsoverview&id='.$messageid; + } else { + $resultsUrl = $GLOBALS['admin_scheme'].'://'.hostName().$GLOBALS['adminpages'].'/?page=statsoverview&id='.$messageid; + } sendMail($notification, $GLOBALS['I18N']->get('Message campaign finished'), s('phpList has finished sending the campaign with subject %s', $msgdata['subject'])."\n\n". - s('to view the statistics of this campaign, go to %s://%s', $GLOBALS['admin_scheme'], - getConfig('website').$GLOBALS['adminpages'].'/?page=statsoverview&id='.$messageid) + s('to view the statistics of this campaign, go to %s',$resultsUrl ) ); } Sql_Query(sprintf('insert ignore into %s (name,id,data) values("end_notified",%d,now())', diff --git a/public_html/lists/admin/connect.php b/public_html/lists/admin/connect.php index 7262b9186..d695d901c 100644 --- a/public_html/lists/admin/connect.php +++ b/public_html/lists/admin/connect.php @@ -1509,7 +1509,11 @@ function hostName() function Redirect($page) { $website = hostName(); - header('Location: '.$GLOBALS['admin_scheme'].'://'.$website.$GLOBALS['adminpages']."/?page=$page"); + if (defined('ADMIN_WWWROOT')) { + header('Location: '.ADMIN_WWWROOT."/?page=$page"); + } else { + header('Location: '.$GLOBALS['admin_scheme'].'://'.$website.$GLOBALS['adminpages']."/?page=$page"); + } exit; } diff --git a/public_html/lists/admin/defaultconfig.php b/public_html/lists/admin/defaultconfig.php index 548cedbe5..3fce8a688 100644 --- a/public_html/lists/admin/defaultconfig.php +++ b/public_html/lists/admin/defaultconfig.php @@ -23,7 +23,13 @@ $envHost = getEnv('HOSTNAME'); $envPort = getEnv('PORT'); -if (isset($_SERVER['HTTP_HOST'])) { +if (defined('USER_WWWROOT')) { + $domainParts = parse_url(USER_WWWROOT); + $D_website = $domainParts['host']; + if ($domainParts['port'] != 80 && $domainParts['port'] != 443) { + $D_website .= ":".$domainParts['port']; + } +} elseif (isset($_SERVER['HTTP_HOST'])) { $D_website = $_SERVER['HTTP_HOST']; } elseif (isset($_SERVER['SERVER_NAME'])) { $D_website = $_SERVER['SERVER_NAME']; @@ -41,7 +47,9 @@ if (preg_match("#^www\.(.*)#i", $D_domain, $regs)) { $D_domain = $regs[1]; } - +if (preg_match("#(.*):(\d+)#i", $D_domain, $regs)) { + $D_domain = $regs[1]; +} // for starters, you want to leave this line as it is. $default_config = array( @@ -299,7 +307,7 @@ // the location of your subscribe script 'subscribeurl' => array( - 'value' => $GLOBALS['public_scheme']."://[WEBSITE]$pageroot/?p=subscribe", + 'value' => $publicBaseUrl."/?p=subscribe", 'description' => s('URL where subscribers can sign up'), 'type' => 'url', 'allowempty' => 0, @@ -308,7 +316,7 @@ // the location of your unsubscribe script: 'unsubscribeurl' => array( - 'value' => $GLOBALS['public_scheme']."://[WEBSITE]$pageroot/?p=unsubscribe", + 'value' => $publicBaseUrl."/?p=unsubscribe", 'description' => s('URL where subscribers can unsubscribe'), 'type' => 'url', 'allowempty' => 0, @@ -318,7 +326,7 @@ //0013076: Blacklisting posibility for unknown users // the location of your blacklist script: 'blacklisturl' => array( - 'value' => $GLOBALS['public_scheme']."://[WEBSITE]$pageroot/?p=donotsend", + 'value' => $publicBaseUrl."/?p=donotsend", 'description' => s('URL where unknown users can unsubscribe (do-not-send-list)'), 'type' => 'url', 'allowempty' => 0, @@ -327,7 +335,7 @@ // the location of your confirm script: 'confirmationurl' => array( - 'value' => $GLOBALS['public_scheme']."://[WEBSITE]$pageroot/?p=confirm", + 'value' => $publicBaseUrl."/?p=confirm", 'description' => s('URL where subscribers have to confirm their subscription'), 'type' => 'text', 'allowempty' => 0, @@ -336,7 +344,7 @@ // url to change their preferences 'preferencesurl' => array( - 'value' => $GLOBALS['public_scheme']."://[WEBSITE]$pageroot/?p=preferences", + 'value' => $publicBaseUrl."/?p=preferences", 'description' => s('URL where subscribers can update their details'), 'type' => 'text', 'allowempty' => 0, @@ -345,7 +353,7 @@ // url to change their preferences 'forwardurl' => array( - 'value' => $GLOBALS['public_scheme']."://[WEBSITE]$pageroot/?p=forward", + 'value' => $publicBaseUrl."/?p=forward", 'description' => s('URL for forwarding messages'), 'type' => 'text', 'allowempty' => 0, @@ -354,7 +362,7 @@ // url to download vcf card 'vcardurl' => array( - 'value' => $GLOBALS['public_scheme']."://[WEBSITE]$pageroot/?p=vcard", + 'value' => $publicBaseUrl."/?p=vcard", 'description' => s('URL for downloading vcf card'), 'type' => 'text', 'allowempty' => 0, @@ -369,10 +377,6 @@ 'category' => 'subscription', ), - // the location of your subscribe script - //"subscribe_baseurl" => array("http://[WEBSITE]$pageroot/", - // "Base URL for public pages","text"), - // the subject of the message 'subscribesubject' => array( 'value' => s('Request for confirmation'), diff --git a/public_html/lists/admin/index.php b/public_html/lists/admin/index.php index 581f98719..3a48b9abc 100644 --- a/public_html/lists/admin/index.php +++ b/public_html/lists/admin/index.php @@ -601,14 +601,6 @@ function mb_strtolower($string) } } -/* -if (USEFCK) { - $imgdir = getenv("DOCUMENT_ROOT").$GLOBALS["pageroot"].'/'.FCKIMAGES_DIR.'/'; - if (!is_dir($imgdir) || !is_writeable ($imgdir)) { - Warn("The FCK image directory does not exist, or is not writable"); - } -} -*/ /* * @@ -707,7 +699,7 @@ function mb_strtolower($string) } if (WARN_ABOUT_PHP_SETTINGS && !$GLOBALS['commandline']) { - if (strpos(getenv('REQUEST_URI'), $pageroot.'/admin') !== 0) { + if (!defined('USER_WWWROOT') && strpos(getenv('REQUEST_URI'), $pageroot.'/admin') !== 0) { Warn(s( 'The pageroot in your config "%s" does not match the current location "%s". Check your config file.', $pageroot, diff --git a/public_html/lists/admin/init.php b/public_html/lists/admin/init.php index a09eacad2..eed1b5fd8 100644 --- a/public_html/lists/admin/init.php +++ b/public_html/lists/admin/init.php @@ -516,7 +516,7 @@ define('NOTIFY_SPAM', 1); } if (!defined('CLICKTRACK_LINKMAP')) { - define('CLICKTRACK_LINKMAP', 0); + define('CLICKTRACK_LINKMAP', false); } if (!defined('SIGN_WITH_HMAC')) { define('SIGN_WITH_HMAC', false); @@ -714,13 +714,20 @@ $attachment_repository = $tmpdir; } -if (isset($pageroot)) { - if ($pageroot == '/') { - $pageroot = ''; - } +if (defined('USER_WWWROOT')) { + $pageroot = USER_WWWROOT; + $publicBaseUrl = USER_WWWROOT; } else { + if (isset($pageroot)) { + if ($pageroot == '/') { + $pageroot = ''; + } + } else { $pageroot = '/lists'; + } + $publicBaseUrl = $GLOBALS['public_scheme']."://".hostName()."/$pageroot"; } + // as the "admin" in adminpages is hardcoded, don't put it in the config file $adminpages = $GLOBALS['pageroot'].'/admin'; diff --git a/public_html/lists/admin/lib.php b/public_html/lists/admin/lib.php index 910bb5ce8..47b998fd9 100644 --- a/public_html/lists/admin/lib.php +++ b/public_html/lists/admin/lib.php @@ -403,7 +403,11 @@ function sendAdminPasswordToken($adminId) $emailBody = $GLOBALS['I18N']->get('Hello').' '.$adminName."\n\n"; $emailBody .= $GLOBALS['I18N']->get('You have requested a new password for phpList.')."\n\n"; $emailBody .= $GLOBALS['I18N']->get('To enter a new one, please visit the following link:')."\n\n"; - $emailBody .= sprintf('%s://%s/?page=login&token=%s', $GLOBALS['admin_scheme'], $urlroot, $key)."\n\n"; + if (defined('ADMIN_WWWROOT')) { + $emailBody .= sprintf('%s://%s/?page=login&token=%s', $GLOBALS['admin_scheme'], $urlroot, $key)."\n\n"; + } else { + $emailBody .= sprintf('%s/?page=login&token=%s',ADMIN_WWWROOT, $key)."\n\n"; + } $emailBody .= $GLOBALS['I18N']->get('You have 24 hours left to change your password. After that, your token won\'t be valid.'); if (sendMail($email, $GLOBALS['I18N']->get('New password'), "\n\n".$emailBody, '', '', true)) { diff --git a/public_html/lists/admin/processbounces.php b/public_html/lists/admin/processbounces.php index 5f8ad06b0..898bdc583 100644 --- a/public_html/lists/admin/processbounces.php +++ b/public_html/lists/admin/processbounces.php @@ -580,7 +580,11 @@ function processMessages($link, $max = 3000) if ($row['user']) { $userdata = Sql_Fetch_Array_Query("select * from {$tables['user']} where id = ".$row['user']); } - $report_linkroot = $GLOBALS['admin_scheme'].'://'.$GLOBALS['website'].$GLOBALS['adminpages']; + if (defined('ADMIN_WWWROOT')) { + $report_linkroot = $GLOBALS['admin_scheme'].'://'.$GLOBALS['website'].$GLOBALS['adminpages']; + } else { + $report_linkroot = ADMIN_WWWROOT; + } Sql_Query(sprintf('update %s set count = count + 1 where id = %d', $GLOBALS['tables']['bounceregex'], $rule['id'])); @@ -797,7 +801,12 @@ function processMessages($link, $max = 3000) Sql_Query(sprintf('update %s set confirmed = 0 where id = %d', $tables['user'], $user[0])); $email_req = Sql_Fetch_Row_Query(sprintf('select email from %s where id = %d', $tables['user'], $user[0])); - $unsubscribed_users .= $email_req[0]."\t\t($cnt)\t\t".$GLOBALS['scheme'].'://'.getConfig('website').$GLOBALS['adminpages'].'/?page=user&id='.$user[0].PHP_EOL; + $unsubscribed_users .= $email_req[0]."\t\t($cnt)\t\t"; + if (defined('ADMIN_WWWROOT')) { + $unsubscribed_users .= ADMIN_WWWROOT.'/?page=user&id='.$user[0].PHP_EOL; + } else { + $unsubscribed_users .= $GLOBALS['scheme'].'://'.getConfig('website').$GLOBALS['adminpages'].'/?page=user&id='.$user[0].PHP_EOL; + } $unsubscribed = 1; } if (BLACKLIST_EMAIL_ON_BOUNCE && $cnt >= BLACKLIST_EMAIL_ON_BOUNCE) { diff --git a/public_html/lists/admin/sendemaillib.php b/public_html/lists/admin/sendemaillib.php index 1540921f1..f6593ad22 100644 --- a/public_html/lists/admin/sendemaillib.php +++ b/public_html/lists/admin/sendemaillib.php @@ -259,7 +259,7 @@ function sendEmail($messageid, $email, $hash, $htmlpref = 0, $rssitems = array() You can configure how the credits are added to your pages and emails in your config file. - Michiel Dethmers, phpList Ltd 2003 - 2013 + Michiel Dethmers, phpList Ltd 2003 - 2023 */ if (!EMAILTEXTCREDITS) { $html['signature'] = $PoweredByImage; //'
Powered by PHPlist
'; @@ -423,15 +423,15 @@ function sendEmail($messageid, $email, $hash, $htmlpref = 0, $rssitems = array() if (ALWAYS_ADD_USERTRACK) { if (stripos($htmlmessage, '')) { $htmlmessage = str_replace('', - '', + '', $htmlmessage); } else { - $htmlmessage .= ''; + $htmlmessage .= ''; } } else { //# can't use str_replace or str_ireplace, because those replace all, and we only want to replace one $htmlmessage = preg_replace('/\[USERTRACK\]/i', - '', + '', $htmlmessage, 1); } // make sure to only include usertrack once, otherwise the stats would go silly @@ -540,16 +540,16 @@ function sendEmail($messageid, $email, $hash, $htmlpref = 0, $rssitems = array() $masked = preg_replace('/=$/', '', $masked); $masked = urlencode($masked); if (SIGN_WITH_HMAC) { - $masked .= '&hm='.hash_hmac(HASH_ALGO, sprintf('%s://%s/lt.php?tid=%s', $GLOBALS['public_scheme'], $website.$GLOBALS['pageroot'], $masked), HMACKEY); + $masked .= '&hm='.hash_hmac(HASH_ALGO, sprintf('%s/lt.php?tid=%s', $GLOBALS['publicBaseUrl'], $masked), HMACKEY); } + ## this may need removing, CLICKTRACK_LINKMAP is badly documented, so slightly unclear how this works if (!CLICKTRACK_LINKMAP) { - $newlink = sprintf('%s', $links[1][$i], - $GLOBALS['public_scheme'], $website.$GLOBALS['pageroot'], $masked, $links[4][$i], + $newlink = sprintf('%s', $links[1][$i], + $GLOBALS['publicBaseUrl'], $masked, $links[4][$i], $links[5][$i]); } else { - $newlink = sprintf('%s', $links[1][$i], $GLOBALS['public_scheme'], - $website.CLICKTRACK_LINKMAP, $masked, $links[4][$i], $links[5][$i]); + $newlink = sprintf('%s', $links[1][$i], $GLOBALS['publicBaseUrl'].CLICKTRACK_LINKMAP, $masked, $links[4][$i], $links[5][$i]); } $htmlmessage = str_replace($links[0][$i], $newlink, $htmlmessage); } @@ -584,13 +584,11 @@ function sendEmail($messageid, $email, $hash, $htmlpref = 0, $rssitems = array() } if (!CLICKTRACK_LINKMAP) { - $newlinks[$linkUUID] = sprintf('%s://%s/lt.php?tid=%s', $GLOBALS['public_scheme'], - $website.$GLOBALS['pageroot'], $masked); + $newlinks[$linkUUID] = sprintf('%s/lt.php?tid=%s', $GLOBALS['publicBaseUrl'], $masked); } else { - $newlinks[$linkUUID] = sprintf('%s://%s%s', $GLOBALS['public_scheme'], $website.CLICKTRACK_LINKMAP, + $newlinks[$linkUUID] = sprintf('%s%s', $GLOBALS['publicBaseUrl'].CLICKTRACK_LINKMAP, $masked); } - $textmessage = str_replace($links[1][$i], '[%%%'.$linkUUID.'%%%]', $textmessage); } } diff --git a/public_html/lists/admin/subscribelib2.php b/public_html/lists/admin/subscribelib2.php index cc01f1dfb..c7946bcd3 100644 --- a/public_html/lists/admin/subscribelib2.php +++ b/public_html/lists/admin/subscribelib2.php @@ -218,7 +218,7 @@ $userid = $old_data['id']; $old_data = array_merge($old_data, getUserAttributeValues('', $userid)); - $history_entry = ''; //http://'.getConfig("website").$GLOBALS["adminpages"].'/?page=user&id='.$userid."\n\n"; + $history_entry = ''; $query = sprintf('update %s set email = "%s",htmlemail = %d,subscribepage = %d where id = %d', $GLOBALS['tables']['user'], addslashes($email), $htmlemail, $id, $userid); @@ -327,16 +327,20 @@ echo $subscribepagedata['header']; if (isset($_SESSION['adminloggedin']) && $_SESSION['adminloggedin'] && !(isset($_GET['p']) && $_GET['p'] == 'asubscribe')) { - echo '

You are logged in as '.$_SESSION['logindetails']['adminname'].'

'; - echo '

Back to the main admin page

'; + echo '

'.s('You are logged in as %s',$_SESSION['logindetails']['adminname']).'

'; + if (defined('ADMIN_WWWROOT')) { + echo '

'.s('Back to the main admin page').'

'; + } else { + echo '

'.s('Back to the main admin page').'

'; + } if ($_POST['makeconfirmed'] && !$blacklisted) { $sendrequest = 0; Sql_Query(sprintf('update %s set confirmed = 1 where email = "%s"', $GLOBALS['tables']['user'], $email)); addUserHistory($email, $history_subject.' by '.$_SESSION['logindetails']['adminname'], $history_entry); } elseif ($_POST['makeconfirmed']) { - echo '

'.$GLOBALS['I18N']->get('Email is blacklisted, so request for confirmation has been sent.').'
'; - echo $GLOBALS['I18N']->get('If user confirms subscription, they will be removed from the blacklist.').'

'; + echo '

'.s('Email is blacklisted, so request for confirmation has been sent.').'
'; + echo s('If user confirms subscription, they will be removed from the blacklist.').'

'; $sendrequest = 1; } else { @@ -475,7 +479,7 @@ // read the current values to compare changes $old_data = Sql_Fetch_Array_Query(sprintf('select * from %s where id = %d', $GLOBALS['tables']['user'], $userid)); $old_data = array_merge($old_data, getUserAttributeValues('', $userid)); - $history_entry = ''; //'http://'.getConfig("website").$GLOBALS["adminpages"].'/?page=user&id='.$userid."\n\n"; + $history_entry = ''; if (ASKFORPASSWORD && $_POST['password']) { if (ENCRYPTPASSWORD) { diff --git a/public_html/lists/index.php b/public_html/lists/index.php index 10b00fd05..f6fd9fa64 100644 --- a/public_html/lists/index.php +++ b/public_html/lists/index.php @@ -665,7 +665,11 @@ function checkGroup(name,value) $html .= '

'.s('You are logged in as administrator (%s) of this phpList system', $_SESSION['logindetails']['adminname']).'

'; $html .= '

'.s('You are therefore offered the following choice, which your subscribers will not see when they load this page.').'

'; - $html .= '

'.s('Go back to admin area').'

'; + if (defined('ADMIN_WWWROOT')) { + $html .= '

'.s('Go back to admin area').'

'; + } else { + $html .= '

'.s('Go back to admin area').'

'; + } $html .= '

'.s('Please choose').':
'.s('Make this subscriber confirmed immediately').'
' .s('Send this subscriber a request for confirmation email').'

'; } From a26eccf7c6f891571516fde1c89c35d0529b32ac Mon Sep 17 00:00:00 2001 From: Michiel Dethmers Date: Thu, 27 Jul 2023 10:43:48 +0100 Subject: [PATCH 07/18] add section to config_extended about the new values --- public_html/lists/config/config_extended.php | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/public_html/lists/config/config_extended.php b/public_html/lists/config/config_extended.php index 5274deea1..47fd5b4f1 100644 --- a/public_html/lists/config/config_extended.php +++ b/public_html/lists/config/config_extended.php @@ -70,6 +70,14 @@ // ex 80. Usually 80,8080 or 3128 #1define('HTTP_PROXY_PORT', '80'); +// phpList tries to detect the URL and host it is running on. However, in "proxy" environments, this may +// not work as desired. Instead you can use these two configuration variables to force phpList to +// operate with some fixed URLs. You can split out the admin and the frontend URLs, which is also +// better for security, as you can IP restrict the admin part by using a different domain +// do not end the value with / + +#define('ADMIN_WWWROOT','https://admin.mydomain.com:8080/newsletter/admin'); +#define('USER_WWWROOT','https://mydomain.com/newsletter'); /* From 0b472cd1b421fd6c3312e18f288a0347e28019f3 Mon Sep 17 00:00:00 2001 From: Michiel Dethmers Date: Sun, 30 Jul 2023 12:11:22 +0100 Subject: [PATCH 08/18] fix publicBaseUrl initialisation, as functions and vars are not available yet --- public_html/lists/admin/init.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/public_html/lists/admin/init.php b/public_html/lists/admin/init.php index 32681dd33..f4edafa26 100644 --- a/public_html/lists/admin/init.php +++ b/public_html/lists/admin/init.php @@ -724,7 +724,7 @@ } else { $pageroot = '/lists'; } - $publicBaseUrl = $GLOBALS['public_scheme']."://".hostName()."/$pageroot"; + $publicBaseUrl = "https://[WEBSITE]/$pageroot"; } // as the "admin" in adminpages is hardcoded, don't put it in the config file From e5a17ad17c0ad15fa8bc6652f2994f10d210940a Mon Sep 17 00:00:00 2001 From: Michiel Dethmers Date: Sun, 30 Jul 2023 12:48:59 +0100 Subject: [PATCH 09/18] default to http:// to make CI pass --- public_html/lists/admin/init.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/public_html/lists/admin/init.php b/public_html/lists/admin/init.php index f4edafa26..fb63f2bc9 100644 --- a/public_html/lists/admin/init.php +++ b/public_html/lists/admin/init.php @@ -724,7 +724,7 @@ } else { $pageroot = '/lists'; } - $publicBaseUrl = "https://[WEBSITE]/$pageroot"; + $publicBaseUrl = "http://[WEBSITE]$pageroot"; } // as the "admin" in adminpages is hardcoded, don't put it in the config file From b7e3265a891cb09e0706a5e1fea39f81b404ecc5 Mon Sep 17 00:00:00 2001 From: Michiel Dethmers Date: Mon, 28 Aug 2023 21:06:50 +0100 Subject: [PATCH 10/18] define new global vars for user and admin base urls --- public_html/lists/admin/connect.php | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/public_html/lists/admin/connect.php b/public_html/lists/admin/connect.php index d86da61ed..eac4c935a 100644 --- a/public_html/lists/admin/connect.php +++ b/public_html/lists/admin/connect.php @@ -23,6 +23,19 @@ if (empty($organisation_name)) { $organisation_name = $_SERVER['SERVER_NAME']; } +if (defined('USER_WWWROOT')) { + $publicBaseUrl = USER_WWWROOT; + $domainParts = parse_url($publicBaseUrl); + $GLOBALS['public_scheme'] = $domainParts['scheme']; + $GLOBALS['website'] = $domainParts['host']; +} else { + $publicBaseUrl = $GLOBALS['public_scheme'].'://'.$website.$GLOBALS['pageroot']; +} +if (defined('ADMIN_WWWROOT')) { + $adminBaseUrl = ADMIN_WWWROOT; +} else { + $adminBaseUrl = $GLOBALS['admin_scheme'].'://'.$website.$GLOBALS['pageroot'].'/admin'; +} $xormask = getConfig('xormask'); if (empty($xormask)) { @@ -1508,12 +1521,7 @@ function hostName() function Redirect($page) { - $website = hostName(); - if (defined('ADMIN_WWWROOT')) { - header('Location: '.ADMIN_WWWROOT."/?page=$page"); - } else { - header('Location: '.$GLOBALS['admin_scheme'].'://'.$website.$GLOBALS['adminpages']."/?page=$page"); - } + header('Location: '.$GLOBALS['adminBaseUrl']."/?page=$page"); exit; } From d8535401bf7adc033005b3ddb0c79a0ab122e57b Mon Sep 17 00:00:00 2001 From: Michiel Dethmers Date: Mon, 28 Aug 2023 21:25:52 +0100 Subject: [PATCH 11/18] keep the URL config method as before, but override the config when fetched for application URLs --- public_html/lists/admin/defaultconfig.php | 34 +++++++++++++---------- 1 file changed, 20 insertions(+), 14 deletions(-) diff --git a/public_html/lists/admin/defaultconfig.php b/public_html/lists/admin/defaultconfig.php index 3fce8a688..b77b94280 100644 --- a/public_html/lists/admin/defaultconfig.php +++ b/public_html/lists/admin/defaultconfig.php @@ -23,13 +23,7 @@ $envHost = getEnv('HOSTNAME'); $envPort = getEnv('PORT'); -if (defined('USER_WWWROOT')) { - $domainParts = parse_url(USER_WWWROOT); - $D_website = $domainParts['host']; - if ($domainParts['port'] != 80 && $domainParts['port'] != 443) { - $D_website .= ":".$domainParts['port']; - } -} elseif (isset($_SERVER['HTTP_HOST'])) { +if (isset($_SERVER['HTTP_HOST'])) { $D_website = $_SERVER['HTTP_HOST']; } elseif (isset($_SERVER['SERVER_NAME'])) { $D_website = $_SERVER['SERVER_NAME']; @@ -307,7 +301,7 @@ // the location of your subscribe script 'subscribeurl' => array( - 'value' => $publicBaseUrl."/?p=subscribe", + 'value' => $publicConfigBaseUrl."/?p=subscribe", 'description' => s('URL where subscribers can sign up'), 'type' => 'url', 'allowempty' => 0, @@ -316,7 +310,7 @@ // the location of your unsubscribe script: 'unsubscribeurl' => array( - 'value' => $publicBaseUrl."/?p=unsubscribe", + 'value' => $publicConfigBaseUrl."/?p=unsubscribe", 'description' => s('URL where subscribers can unsubscribe'), 'type' => 'url', 'allowempty' => 0, @@ -326,7 +320,7 @@ //0013076: Blacklisting posibility for unknown users // the location of your blacklist script: 'blacklisturl' => array( - 'value' => $publicBaseUrl."/?p=donotsend", + 'value' => $publicConfigBaseUrl."/?p=donotsend", 'description' => s('URL where unknown users can unsubscribe (do-not-send-list)'), 'type' => 'url', 'allowempty' => 0, @@ -335,7 +329,7 @@ // the location of your confirm script: 'confirmationurl' => array( - 'value' => $publicBaseUrl."/?p=confirm", + 'value' => $publicConfigBaseUrl."/?p=confirm", 'description' => s('URL where subscribers have to confirm their subscription'), 'type' => 'text', 'allowempty' => 0, @@ -344,7 +338,7 @@ // url to change their preferences 'preferencesurl' => array( - 'value' => $publicBaseUrl."/?p=preferences", + 'value' => $publicConfigBaseUrl."/?p=preferences", 'description' => s('URL where subscribers can update their details'), 'type' => 'text', 'allowempty' => 0, @@ -353,7 +347,7 @@ // url to change their preferences 'forwardurl' => array( - 'value' => $publicBaseUrl."/?p=forward", + 'value' => $publicConfigBaseUrl."/?p=forward", 'description' => s('URL for forwarding messages'), 'type' => 'text', 'allowempty' => 0, @@ -362,7 +356,7 @@ // url to download vcf card 'vcardurl' => array( - 'value' => $publicBaseUrl."/?p=vcard", + 'value' => $publicConfigBaseUrl."/?p=vcard", 'description' => s('URL for downloading vcf card'), 'type' => 'text', 'allowempty' => 0, @@ -744,6 +738,18 @@ function getConfig($item) $hasconf = $_SESSION['hasconf']; } + if (defined('USER_WWWROOT')) { + switch ($item) { + case 'subscribeurl': return USER_WWWROOT.'/?p=subscribe'; + case 'unsubscribeurl': return USER_WWWROOT.'/?p=unsubscribe'; + case 'blacklisturl': return USER_WWWROOT.'/?p=donotsend'; + case 'confirmationurl': return USER_WWWROOT.'/?p=confirm'; + case 'preferencesurl': return USER_WWWROOT.'/?p=preferences'; + case 'forwardurl': return USER_WWWROOT.'/?p=forward'; + case 'vcardurl': return USER_WWWROOT.'/?p=vcard'; + } + } + $value = ''; if (!empty($hasconf)) { $req = Sql_Query(sprintf('select value,editable from %s where item = "%s"', $tables['config'], From da74e1a574149d68cc157baa70d3894cfe234e40 Mon Sep 17 00:00:00 2001 From: Michiel Dethmers Date: Mon, 28 Aug 2023 21:26:18 +0100 Subject: [PATCH 12/18] use new global adminBaseUrl --- public_html/lists/admin/actions/import2.php | 6 +----- public_html/lists/admin/actions/processqueue.php | 12 ++---------- public_html/lists/admin/lib.php | 6 +----- public_html/lists/admin/processbounces.php | 12 ++---------- public_html/lists/admin/subscribelib2.php | 7 +------ 5 files changed, 7 insertions(+), 36 deletions(-) diff --git a/public_html/lists/admin/actions/import2.php b/public_html/lists/admin/actions/import2.php index 403eaf78a..812b8bdd6 100644 --- a/public_html/lists/admin/actions/import2.php +++ b/public_html/lists/admin/actions/import2.php @@ -278,11 +278,7 @@ $some = 1; } - if (defined('ADMIN_WWWROOT')) { - $history_entry = ADMIN_WWWROOT.'/?page=user&id='.$userid."\n\n"; - } else { - $history_entry = $GLOBALS['admin_scheme'].'://'.getConfig('website').$GLOBALS['adminpages'].'/?page=user&id='.$userid."\n\n"; - } + $history_entry = $GLOBALS['adminBaseUrl'].'/?page=user&id='.$userid."\n\n"; reset($_SESSION['import_attribute']); // var_dump($_SESSION);exit; if ($new || (!$new && $_SESSION['overwrite'] == 'yes')) { diff --git a/public_html/lists/admin/actions/processqueue.php b/public_html/lists/admin/actions/processqueue.php index c4f43f14f..ead63abdf 100644 --- a/public_html/lists/admin/actions/processqueue.php +++ b/public_html/lists/admin/actions/processqueue.php @@ -715,11 +715,7 @@ function sendEmailTest($messageid, $email) if (!empty($msgdata['notify_start']) && !isset($msgdata['start_notified'])) { $notifications = explode(',', $msgdata['notify_start']); foreach ($notifications as $notification) { - if (defined('ADMIN_WWWROOT')) { - $progressUrl = ADMIN_WWWROOT.'/?page=messages&tab=active'; - } else { - $progressUrl = $GLOBALS['admin_scheme'].'://'.hostName().$GLOBALS['adminpages'].'/?page=messages&tab=active'; - } + $progressUrl = $GLOBALS['adminBaseUrl'].'/?page=messages&tab=active'; sendMail($notification, s('Campaign started'), s('phplist has started sending the campaign with subject %s', $msgdata['subject'])."\n\n". s('to view the progress of this campaign, go to %s',$progressUrl)); @@ -1373,11 +1369,7 @@ function sendEmailTest($messageid, $email) if (!empty($msgdata['notify_end']) && !isset($msgdata['end_notified'])) { $notifications = explode(',', $msgdata['notify_end']); foreach ($notifications as $notification) { - if (defined('ADMIN_WWWROOT')) { - $resultsUrl = ADMIN_WWWROOT.'/?page=statsoverview&id='.$messageid; - } else { - $resultsUrl = $GLOBALS['admin_scheme'].'://'.hostName().$GLOBALS['adminpages'].'/?page=statsoverview&id='.$messageid; - } + $resultsUrl = $GLOBALS['adminBaseUrl'].'/?page=statsoverview&id='.$messageid; sendMail($notification, s('Message campaign finished'), s('phpList has finished sending the campaign with subject %s', $msgdata['subject'])."\n\n". diff --git a/public_html/lists/admin/lib.php b/public_html/lists/admin/lib.php index c672241d2..7b2b5543f 100644 --- a/public_html/lists/admin/lib.php +++ b/public_html/lists/admin/lib.php @@ -403,11 +403,7 @@ function sendAdminPasswordToken($adminId) $emailBody = $GLOBALS['I18N']->get('Hello').' '.$adminName."\n\n"; $emailBody .= $GLOBALS['I18N']->get('You have requested a new password for phpList.')."\n\n"; $emailBody .= $GLOBALS['I18N']->get('To enter a new one, please visit the following link:')."\n\n"; - if (defined('ADMIN_WWWROOT')) { - $emailBody .= sprintf('%s://%s/?page=login&token=%s', $GLOBALS['admin_scheme'], $urlroot, $key)."\n\n"; - } else { - $emailBody .= sprintf('%s/?page=login&token=%s',ADMIN_WWWROOT, $key)."\n\n"; - } + $emailBody .= sprintf('%s/?page=login&token=%s',$GLOBALS['adminBaseUrl'], $key)."\n\n"; $emailBody .= $GLOBALS['I18N']->get('You have 24 hours left to change your password. After that, your token won\'t be valid.'); if (sendMail($email, $GLOBALS['I18N']->get('New password'), "\n\n".$emailBody, '', '', true)) { diff --git a/public_html/lists/admin/processbounces.php b/public_html/lists/admin/processbounces.php index 898bdc583..04bba1a9b 100644 --- a/public_html/lists/admin/processbounces.php +++ b/public_html/lists/admin/processbounces.php @@ -580,11 +580,7 @@ function processMessages($link, $max = 3000) if ($row['user']) { $userdata = Sql_Fetch_Array_Query("select * from {$tables['user']} where id = ".$row['user']); } - if (defined('ADMIN_WWWROOT')) { - $report_linkroot = $GLOBALS['admin_scheme'].'://'.$GLOBALS['website'].$GLOBALS['adminpages']; - } else { - $report_linkroot = ADMIN_WWWROOT; - } + $report_linkroot = $GLOBALS['adminBaseUrl']; Sql_Query(sprintf('update %s set count = count + 1 where id = %d', $GLOBALS['tables']['bounceregex'], $rule['id'])); @@ -802,11 +798,7 @@ function processMessages($link, $max = 3000) $email_req = Sql_Fetch_Row_Query(sprintf('select email from %s where id = %d', $tables['user'], $user[0])); $unsubscribed_users .= $email_req[0]."\t\t($cnt)\t\t"; - if (defined('ADMIN_WWWROOT')) { - $unsubscribed_users .= ADMIN_WWWROOT.'/?page=user&id='.$user[0].PHP_EOL; - } else { - $unsubscribed_users .= $GLOBALS['scheme'].'://'.getConfig('website').$GLOBALS['adminpages'].'/?page=user&id='.$user[0].PHP_EOL; - } + $unsubscribed_users .= $GLOBALS['adminBaseUrl'].'/?page=user&id='.$user[0].PHP_EOL; $unsubscribed = 1; } if (BLACKLIST_EMAIL_ON_BOUNCE && $cnt >= BLACKLIST_EMAIL_ON_BOUNCE) { diff --git a/public_html/lists/admin/subscribelib2.php b/public_html/lists/admin/subscribelib2.php index c7946bcd3..a76bcecfe 100644 --- a/public_html/lists/admin/subscribelib2.php +++ b/public_html/lists/admin/subscribelib2.php @@ -328,12 +328,7 @@ if (isset($_SESSION['adminloggedin']) && $_SESSION['adminloggedin'] && !(isset($_GET['p']) && $_GET['p'] == 'asubscribe')) { echo '

'.s('You are logged in as %s',$_SESSION['logindetails']['adminname']).'

'; - if (defined('ADMIN_WWWROOT')) { - echo '

'.s('Back to the main admin page').'

'; - } else { - echo '

'.s('Back to the main admin page').'

'; - } - + echo '

'.s('Back to the main admin page').'

'; if ($_POST['makeconfirmed'] && !$blacklisted) { $sendrequest = 0; Sql_Query(sprintf('update %s set confirmed = 1 where email = "%s"', $GLOBALS['tables']['user'], $email)); From 66a1a7833ed7478cdb382669ed0da8f442318f2b Mon Sep 17 00:00:00 2001 From: Michiel Dethmers Date: Mon, 28 Aug 2023 21:28:00 +0100 Subject: [PATCH 13/18] use intermediate config var for initialisation of the config URLs --- public_html/lists/admin/init.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/public_html/lists/admin/init.php b/public_html/lists/admin/init.php index fb63f2bc9..f965b6488 100644 --- a/public_html/lists/admin/init.php +++ b/public_html/lists/admin/init.php @@ -715,7 +715,7 @@ if (defined('USER_WWWROOT')) { $pageroot = USER_WWWROOT; - $publicBaseUrl = USER_WWWROOT; + $publicConfigBaseUrl = USER_WWWROOT; } else { if (isset($pageroot)) { if ($pageroot == '/') { @@ -724,7 +724,7 @@ } else { $pageroot = '/lists'; } - $publicBaseUrl = "http://[WEBSITE]$pageroot"; + $publicConfigBaseUrl = "http://[WEBSITE]$pageroot"; } // as the "admin" in adminpages is hardcoded, don't put it in the config file From 7a362075c1b89a65175eebf2c8352d43bd874bb9 Mon Sep 17 00:00:00 2001 From: Michiel Dethmers Date: Mon, 28 Aug 2023 21:28:25 +0100 Subject: [PATCH 14/18] use new global adminBaseUrl --- public_html/lists/index.php | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/public_html/lists/index.php b/public_html/lists/index.php index f6fd9fa64..b1b6f3bb3 100644 --- a/public_html/lists/index.php +++ b/public_html/lists/index.php @@ -665,11 +665,7 @@ function checkGroup(name,value) $html .= '

'.s('You are logged in as administrator (%s) of this phpList system', $_SESSION['logindetails']['adminname']).'

'; $html .= '

'.s('You are therefore offered the following choice, which your subscribers will not see when they load this page.').'

'; - if (defined('ADMIN_WWWROOT')) { - $html .= '

'.s('Go back to admin area').'

'; - } else { - $html .= '

'.s('Go back to admin area').'

'; - } + $html .= '

'.s('Go back to admin area').'

'; $html .= '

'.s('Please choose').':
'.s('Make this subscriber confirmed immediately').'
' .s('Send this subscriber a request for confirmation email').'

'; } From 6cbfdecc8c81bb7326320385a994cfd12df2f559 Mon Sep 17 00:00:00 2001 From: Michiel Dethmers Date: Mon, 4 Sep 2023 20:13:13 +0100 Subject: [PATCH 15/18] update pageroot only when not set, and add explanation in config_extended --- public_html/lists/admin/init.php | 22 +++++++++++--------- public_html/lists/config/config_extended.php | 3 +++ 2 files changed, 15 insertions(+), 10 deletions(-) diff --git a/public_html/lists/admin/init.php b/public_html/lists/admin/init.php index f965b6488..d4620a786 100644 --- a/public_html/lists/admin/init.php +++ b/public_html/lists/admin/init.php @@ -714,17 +714,19 @@ } if (defined('USER_WWWROOT')) { - $pageroot = USER_WWWROOT; - $publicConfigBaseUrl = USER_WWWROOT; + if (!isset($pageroot)) { + $pageroot = parse_url(USER_WWWROOT, PHP_URL_PATH); + } + $publicConfigBaseUrl = USER_WWWROOT; } else { - if (isset($pageroot)) { - if ($pageroot == '/') { - $pageroot = ''; - } - } else { - $pageroot = '/lists'; - } - $publicConfigBaseUrl = "http://[WEBSITE]$pageroot"; + if (isset($pageroot)) { + if ($pageroot == '/') { + $pageroot = ''; + } + } else { + $pageroot = '/lists'; + } + $publicConfigBaseUrl = "http://[WEBSITE]$pageroot"; } // as the "admin" in adminpages is hardcoded, don't put it in the config file diff --git a/public_html/lists/config/config_extended.php b/public_html/lists/config/config_extended.php index 47fd5b4f1..63b9bea5e 100644 --- a/public_html/lists/config/config_extended.php +++ b/public_html/lists/config/config_extended.php @@ -75,6 +75,9 @@ // operate with some fixed URLs. You can split out the admin and the frontend URLs, which is also // better for security, as you can IP restrict the admin part by using a different domain // do not end the value with / +// if you use this, the $pageroot value above, needs to be the path after the domain +// on the final application system where phpList resides, not the one that is defined +// on the frontend Proxy. #define('ADMIN_WWWROOT','https://admin.mydomain.com:8080/newsletter/admin'); #define('USER_WWWROOT','https://mydomain.com/newsletter'); From a1e9bc3cf746bf1ef7710cf027b7f52651068c90 Mon Sep 17 00:00:00 2001 From: Michiel Dethmers Date: Mon, 4 Sep 2023 20:16:59 +0100 Subject: [PATCH 16/18] fix some more links with the new global var --- public_html/lists/admin/sendemaillib.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/public_html/lists/admin/sendemaillib.php b/public_html/lists/admin/sendemaillib.php index 09d65950d..b7f974e7c 100644 --- a/public_html/lists/admin/sendemaillib.php +++ b/public_html/lists/admin/sendemaillib.php @@ -512,7 +512,7 @@ function sendEmail($messageid, $email, $hash, $htmlpref = 0, $rssitems = array() if (CLICKTRACK && $hash != 'forwarded' && !empty($userdata['id'])) { // convert html message preg_match_all('/]*)>(.*)<\/a>/Umis', $htmlmessage, $links); - $clicktrack_root = sprintf('%s://%s/lt.php', $GLOBALS['public_scheme'], $website.$GLOBALS['pageroot']); + $clicktrack_root = sprintf('%s/lt.php', $GLOBALS['publicBaseUrl']); for ($i = 0; $i < count($links[3]); ++$i) { $link = cleanUrl(trim($links[3][$i])); @@ -584,7 +584,7 @@ function sendEmail($messageid, $email, $hash, $htmlpref = 0, $rssitems = array() $masked = str_replace('=', '', base64_encode(hex2bin(str_replace('-', '', $masked)))); if (SIGN_WITH_HMAC) { - $masked .= '&hm='.hash_hmac(HASH_ALGO, sprintf('%s://%s/lt.php?tid=%s', $GLOBALS['public_scheme'], $website.$GLOBALS['pageroot'], $masked), HMACKEY); + $masked .= '&hm='.hash_hmac(HASH_ALGO, sprintf('/lt.php?tid=%s', $GLOBALS['publicBaseUrl'], $masked), HMACKEY); } if (!CLICKTRACK_LINKMAP) { @@ -1062,7 +1062,7 @@ function addAttachments($msgid, &$mail, $type,$hash = '') break; case 'text': - $viewurl = $GLOBALS['public_scheme'].'://'.$website.$GLOBALS['pageroot'].'/dl.php?id='.$att['id']; + $viewurl = $GLOBALS['publicBaseUrl'].'/dl.php?id='.$att['id']; if (!empty($hash)) { $viewurl .= '&uid='.$hash; } From 0b36b40e8ecb74af59ad9b98ba9b13c4713688b4 Mon Sep 17 00:00:00 2001 From: Michiel Dethmers Date: Mon, 4 Sep 2023 20:22:48 +0100 Subject: [PATCH 17/18] remove obsolete line --- public_html/lists/admin/lib.php | 1 - 1 file changed, 1 deletion(-) diff --git a/public_html/lists/admin/lib.php b/public_html/lists/admin/lib.php index 7b2b5543f..be281df6e 100644 --- a/public_html/lists/admin/lib.php +++ b/public_html/lists/admin/lib.php @@ -398,7 +398,6 @@ function sendAdminPasswordToken($adminId) $adminName = $row[0]; $email = $row[1]; - $urlroot = getConfig('website').$GLOBALS['adminpages']; //Build the email body to be sent, and finally send it. $emailBody = $GLOBALS['I18N']->get('Hello').' '.$adminName."\n\n"; $emailBody .= $GLOBALS['I18N']->get('You have requested a new password for phpList.')."\n\n"; From 0dadc396fab294d650670b32cf423e0e9795e89a Mon Sep 17 00:00:00 2001 From: Michiel Dethmers Date: Mon, 4 Sep 2023 20:23:30 +0100 Subject: [PATCH 18/18] fix typo --- public_html/lists/index.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/public_html/lists/index.php b/public_html/lists/index.php index b1b6f3bb3..b5a4649da 100644 --- a/public_html/lists/index.php +++ b/public_html/lists/index.php @@ -665,7 +665,7 @@ function checkGroup(name,value) $html .= '

'.s('You are logged in as administrator (%s) of this phpList system', $_SESSION['logindetails']['adminname']).'

'; $html .= '

'.s('You are therefore offered the following choice, which your subscribers will not see when they load this page.').'

'; - $html .= '

'.s('Go back to admin area').'

'; + $html .= '

'.s('Go back to admin area').'

'; $html .= '

'.s('Please choose').':
'.s('Make this subscriber confirmed immediately').'
' .s('Send this subscriber a request for confirmation email').'

'; }