From af53ee69a1878f645e5d0b14ea4e4c963caa9ac6 Mon Sep 17 00:00:00 2001
From: Daniel Hensby <dhensby@silverstripe.com>
Date: Tue, 6 Sep 2016 18:11:38 +0100
Subject: [PATCH] FIX getSelfHost no longer returns a port number

---
 lib/Saml2/Utils.php                    | 60 ++++++++++++++++++--------
 tests/src/OneLogin/Saml2/UtilsTest.php | 29 ++++++++++++-
 2 files changed, 70 insertions(+), 19 deletions(-)

diff --git a/lib/Saml2/Utils.php b/lib/Saml2/Utils.php
index a450e3c5..7e9502b4 100644
--- a/lib/Saml2/Utils.php
+++ b/lib/Saml2/Utils.php
@@ -312,11 +312,7 @@ public static function getSelfURLhost()
             $protocol = 'http';
         }
 
-        if (self::getProxyVars() && isset($_SERVER["HTTP_X_FORWARDED_PORT"])) {
-            $portnumber = $_SERVER["HTTP_X_FORWARDED_PORT"];
-        } else if (isset($_SERVER["SERVER_PORT"])) {
-            $portnumber = $_SERVER["SERVER_PORT"];
-        }
+        $portnumber = self::getSelfPort();
 
         if (isset($portnumber) && ($portnumber != '80') && ($portnumber != '443')) {
             $port = ':' . $portnumber;
@@ -326,13 +322,10 @@ public static function getSelfURLhost()
     }
 
     /**
-     * Returns the current host.
-     *
-     * @return string $currentHost The current host
+     * @return string The raw host name
      */
-    public static function getSelfHost()
+    protected static function getRawHost()
     {
-
         if (array_key_exists('HTTP_HOST', $_SERVER)) {
             $currentHost = $_SERVER['HTTP_HOST'];
         } elseif (array_key_exists('SERVER_NAME', $_SERVER)) {
@@ -344,17 +337,50 @@ public static function getSelfHost()
                 $currentHost = php_uname("n");
             }
         }
+        return $currentHost;
+    }
 
-        if (strstr($currentHost, ":")) {
-            $currentHostData = explode(":", $currentHost);
-            $possiblePort = array_pop($currentHostData);
-            if (is_numeric($possiblePort)) {
-                $currentHost = implode(':', $currentHostData);
-            }
+    /**
+     * Returns the current host.
+     *
+     * @return string $currentHost The current host
+     */
+    public static function getSelfHost()
+    {
+        $currentHost = self::getRawHost();
+
+        // strip the port
+        if (false !== strpos($currentHost, ':')) {
+            list($currentHost, $port) = explode(':', $currentHost, 2);
         }
+
         return $currentHost;
     }
 
+    /**
+     * @return null|string The port number used for the request
+     */
+    public static function getSelfPort()
+    {
+        $portnumber = null;
+        if (self::getProxyVars() && isset($_SERVER["HTTP_X_FORWARDED_PORT"])) {
+            $portnumber = $_SERVER["HTTP_X_FORWARDED_PORT"];
+        } else if (isset($_SERVER["SERVER_PORT"])) {
+            $portnumber = $_SERVER["SERVER_PORT"];
+        } else {
+            $currentHost = self::getRawHost();
+
+            // strip the port
+            if (false !== strpos($currentHost, ':')) {
+                list($currentHost, $port) = explode(':', $currentHost, 2);
+                if (is_numeric($port)) {
+                    $portnumber = $port;
+                }
+            }
+        }
+        return $portnumber;
+    }
+
     /**
      * Checks if https or http.
      *
@@ -363,7 +389,7 @@ public static function getSelfHost()
     public static function isHTTPS()
     {
         $isHttps =  (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off')
-                    || (isset($_SERVER['SERVER_PORT']) && $_SERVER['SERVER_PORT'] == 443)
+                    || (self::getSelfPort() == 443)
                     || (self::getProxyVars() && isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https');
         return $isHttps;
     }
diff --git a/tests/src/OneLogin/Saml2/UtilsTest.php b/tests/src/OneLogin/Saml2/UtilsTest.php
index 875227bc..7748e26b 100644
--- a/tests/src/OneLogin/Saml2/UtilsTest.php
+++ b/tests/src/OneLogin/Saml2/UtilsTest.php
@@ -2,6 +2,8 @@
 
 /**
  * Unit tests for Utils class
+ *
+ * @backupStaticAttributes enabled
  */
 class OneLogin_Saml2_UtilsTest extends PHPUnit_Framework_TestCase
 {
@@ -14,7 +16,7 @@ class OneLogin_Saml2_UtilsTest extends PHPUnit_Framework_TestCase
 /*
     public function testT()
     {
-	setlocale(LC_MESSAGES, 'en_US');
+    setlocale(LC_MESSAGES, 'en_US');
 
         $msg = 'test';
         $translatedMsg = OneLogin_Saml2_Utils::t($msg);
@@ -300,7 +302,7 @@ public function testGetselfhost()
         $this->assertEquals('example.org', OneLogin_Saml2_Utils::getSelfHost());
 
         $_SERVER['HTTP_HOST'] = 'example.org:ok';
-        $this->assertEquals('example.org:ok', OneLogin_Saml2_Utils::getSelfHost());
+        $this->assertEquals('example.org', OneLogin_Saml2_Utils::getSelfHost());
     }
 
     /**
@@ -313,6 +315,29 @@ public function testisHTTPS()
         $this->assertFalse(OneLogin_Saml2_Utils::isHTTPS());
     }
 
+    /**
+     * @covers OneLogin_Saml2_Utils::getSelfPort()
+     */
+    public function testGetselfPort()
+    {
+        $this->assertNull(OneLogin_Saml2_Utils::getSelfPort());
+
+        $_SERVER['HTTP_HOST'] = 'example.org:ok';
+        $this->assertNull(OneLogin_Saml2_Utils::getSelfPort());
+
+        $_SERVER['HTTP_HOST'] = 'example.org:8080';
+        $this->assertEquals(8080, OneLogin_Saml2_Utils::getSelfPort());
+
+        $_SERVER["SERVER_PORT"] = 80;
+        $this->assertEquals(80, OneLogin_Saml2_Utils::getSelfPort());
+
+        $_SERVER["HTTP_X_FORWARDED_PORT"] = 443;
+        $this->assertEquals(80, OneLogin_Saml2_Utils::getSelfPort());
+
+        OneLogin_Saml2_Utils::setProxyVars(true);
+        $this->assertEquals(443, OneLogin_Saml2_Utils::getSelfPort());
+    }
+
 
     /**
     * Tests the getSelfURLhost method of the OneLogin_Saml2_Utils