From: Bill Erickson <berickxx@gmail.com>
Date: Mon, 17 Apr 2017 18:09:10 +0000 (-0400)
Subject: LP#1648234 IP Redirect honors client port
X-Git-Url: https://old-git.evergreen-ils.org/?a=commitdiff_plain;h=29a955c8fbf73d1c89f0b074636a22ad708784cd;p=evergreen%2Fpines.git

LP#1648234 IP Redirect honors client port

IP-based redirection now redirects the client to the same port number
originally requsted by the client, instead of using the port that the
Apache server is listening on.  This prevents internal Apache from
leaking to the caller when a proxy is used.

Signed-off-by: Bill Erickson <berickxx@gmail.com>
Signed-off-by: Ben Shum <ben@evergreener.net>
Signed-off-by: Galen Charlton <gmc@equinoxinitiative.org>
---

diff --git a/Open-ILS/src/perlmods/lib/OpenILS/WWW/Redirect.pm b/Open-ILS/src/perlmods/lib/OpenILS/WWW/Redirect.pm
index d55c01f122..c0533dbff5 100644
--- a/Open-ILS/src/perlmods/lib/OpenILS/WWW/Redirect.pm
+++ b/Open-ILS/src/perlmods/lib/OpenILS/WWW/Redirect.pm
@@ -56,11 +56,17 @@ sub handler {
     my $apache = shift;
 
     my $cgi = CGI->new( $apache );
-    my $port = $cgi->server_port();
     my $hostname = $cgi->server_name();
     my $proto = ($cgi->https) ? 'https' : 'http';
     my $user_ip = $ENV{REMOTE_ADDR};
 
+    # Extract the port number from the user requested URL.
+    my $port = '';
+    my $cgiurl = $cgi->url;
+    if ($cgiurl =~ m|https?://[^:]+:\d+/|) {
+        ($port = $cgiurl) =~ s|https?://[^:]+:(\d+).*|$1|;
+    }
+
     # Apache config values
     my $skin = $apache->dir_config('OILSRedirectSkin') || 'default';
     my $depth = $apache->dir_config('OILSRedirectDepth');
@@ -93,7 +99,8 @@ sub handler {
         }
     }
 
-    my $url = "$proto://$hostname:$port";
+    # only encode the port if a nonstandard port was requested.
+    my $url = $port ? "$proto://$hostname:$port" : "$proto://$hostname";
 
     if($use_tt) {