It should be used whenever sending a URL to a third-party. Also document SecureConnection() and MakeSecureURL().
Signed-off-by: Francois Gouget fgouget@codeweavers.com --- testbot/lib/WineTestBot/Utils.pm | 38 +++++++++++++++++++++++++++++--- testbot/web/Register.pl | 5 ++--- 2 files changed, 37 insertions(+), 6 deletions(-)
diff --git a/testbot/lib/WineTestBot/Utils.pm b/testbot/lib/WineTestBot/Utils.pm index 13529c323..bc501ff32 100644 --- a/testbot/lib/WineTestBot/Utils.pm +++ b/testbot/lib/WineTestBot/Utils.pm @@ -27,7 +27,8 @@ WineTestBot::Utils - Utility functions =cut
use Exporter 'import'; -our @EXPORT = qw(SecureConnection MakeSecureURL GetTaskURL GenerateRandomString +our @EXPORT = qw(SecureConnection MakeSecureURL MakeOfficialURL GetTaskURL + GenerateRandomString OpenNewFile CreateNewFile CreateNewLink CreateNewDir GetMTime DurationToString BuildEMailRecipient IsValidFileName BuildTag SanitizeTag LocaleName NotifyAdministrator @@ -50,7 +51,8 @@ use WineTestBot::Config;
Returns true if the user accessed the website over a secure connection.
-This relies on the web server setting the $HTTPS environment variable. +This relies on the web server setting the $HTTPS environment variable for CGI +scripts.
=back =cut @@ -69,12 +71,16 @@ Builds a URL that accesses this website using https if possible. The parameter should be an absolute path that includes neither the protocol nor the hostname.
-Note that this method uses $HTTP_HOST which may not match the official website +This relies on the web server setting the $HTTP_HOST environment variable for +CGI scripts. However $HTTP_HOST which may not match the official website hostname. As such this should only be used for providing URLs back to the user accessing the website, not for URLs sent to third-parties.
+See also MakeOfficialURL(). + =back =cut + sub MakeSecureURL($) { my ($URL) = @_; @@ -83,6 +89,32 @@ sub MakeSecureURL($) return $Protocol . ($ENV{"HTTP_HOST"} || $WebHostName) . $URL; }
+=pod +=over 12 + +=item C<MakeOfficialURL()> + +Creates a URL pointing to the official website. +The parameter should be an absolute path that includes neither the protocol +nor the hostname. + +This is the method to use in non-CGI scripts and to build URLs sent to any +third-party (e.g. via email); where a third party is any user other than the +one currently browsing the website. + +See also MakeSecureURL(). + +=back +=cut + +sub MakeOfficialURL($) +{ + my ($URL) = @_; + + my $Protocol = $UseSSL ? "https://" : "http://"; + return "$Protocol$WebHostName$URL"; +} + sub GetTaskURL($$$;$$) { my ($JobId, $StepNo, $TaskNo, $ShowScreenshot, $LogName) = @_; diff --git a/testbot/web/Register.pl b/testbot/web/Register.pl index bbea0eb12..b10be75e7 100644 --- a/testbot/web/Register.pl +++ b/testbot/web/Register.pl @@ -139,9 +139,8 @@ sub OnSendRequest($) { $Msg .= "Remarks:\n" . $self->GetParam("Remarks") . "\n"; } - my $URL = ($UseSSL ? "https://" : "http://") . $WebHostName . - "/admin/UserDetails.pl?Key=" . uri_escape($self->GetParam("Name")); - $Msg .= "\nTo approve or deny the request, please go to " . $URL; + my $URL = MakeOfficialURL("/admin/UserDetails.pl?Key=". uri_escape($self->GetParam("Name"))); + $Msg .= "\nTo approve or deny the request, please go to $URL"; NotifyAdministrator("winetestbot account request", $Msg);
return 1;