From: Tim Starling <tstarling@users.mediawiki.org>
Date: Tue, 7 Jun 2011 03:31:09 +0000 (+0000)
Subject: When detecting $wgServer, do not fall back to $_SERVER['HTTP_HOST']. It's unlikely... 
X-Git-Tag: 1.31.0-rc.0~29645
X-Git-Url: http://git.cyclocoop.org/%7B%24www_url%7Dadmin/compta/operations/recherche.php?a=commitdiff_plain;h=04030f324c41bcc6d938fa3cad42b10261ca17dd;p=lhc%2Fweb%2Fwiklou.git

When detecting $wgServer, do not fall back to $_SERVER['HTTP_HOST']. It's unlikely that this is used by anything, since SERVER_NAME takes precedence, and SERVER_NAME is required by CGI 1.1 and appears to always be set by the major web servers. If it were ever used, it would open up a cache-poisoning vulnerability. Partially reverts r8010.
---

diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index f56f233d80..f3b5a1f96a 100644
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -63,8 +63,6 @@ if( isset( $_SERVER['SERVER_NAME'] )
 	$serverName = $_SERVER['SERVER_NAME'];
 } elseif( isset( $_SERVER['HOSTNAME'] ) ) {
 	$serverName = $_SERVER['HOSTNAME'];
-} elseif( isset( $_SERVER['HTTP_HOST'] ) ) {
-	$serverName = $_SERVER['HTTP_HOST'];
 } elseif( isset( $_SERVER['SERVER_ADDR'] ) ) {
 	$serverName = $_SERVER['SERVER_ADDR'];
 } else {