From e0c280945891242d6fa99f42561789051e8a75e2 Mon Sep 17 00:00:00 2001 From: Daniel Love Date: Tue, 29 Mar 2022 11:14:05 -0600 Subject: [PATCH 1/3] Fixing getSettings method to support domains & sites in the trusted_host_patterns array. Updating change log. --- CHANGELOG.md | 9 ++++++++- src/Dotenv.php | 9 +++++++++ 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index efa9c0a..c014d78 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,12 @@ Updates should follow the [Keep a CHANGELOG](https://keepachangelog.com/) princi ## [Unreleased][unreleased] +## [0.2.1] - 2022-03-30 + +### Fixed + +- Fixed construction of `trusted_host_patterns` array to support sites defined in the `SITES` constant. + ## [0.2.0] - 2022-03-14 ### Changed @@ -135,7 +141,8 @@ Updates should follow the [Keep a CHANGELOG](https://keepachangelog.com/) princi **Initial release!** -[unreleased]: https://github.com/unleashedtech/dotenv-drupal/compare/0.2.0...main +[unreleased]: https://github.com/unleashedtech/dotenv-drupal/compare/0.2.1...main +[0.2.1]: https://github.com/unleashedtech/dotenv-drupal/compare/0.2.0...0.2.1 [0.2.0]: https://github.com/unleashedtech/dotenv-drupal/compare/0.1.17...0.2.0 [0.1.17]: https://github.com/unleashedtech/dotenv-drupal/compare/0.1.16...0.1.17 [0.1.16]: https://github.com/unleashedtech/dotenv-drupal/compare/0.1.15...0.1.16 diff --git a/src/Dotenv.php b/src/Dotenv.php index 042f8f4..c365cf5 100644 --- a/src/Dotenv.php +++ b/src/Dotenv.php @@ -287,6 +287,9 @@ public function getSettings(): array if (isset($_SERVER['HASH_SALT'])) { $settings['hash_salt'] = $_SERVER['HASH_SALT']; } + + // Configure trusted host patterns. + $settings['trusted_host_patterns'] = []; if (isset($_SERVER['TRUSTED_HOST_PATTERNS'])) { foreach (explode(',', $_SERVER['TRUSTED_HOST_PATTERNS']) as $pattern) { $settings['trusted_host_patterns'][] = '^' . $pattern . '$'; @@ -295,6 +298,12 @@ public function getSettings(): array else { foreach ($this->getDomains() as $domain) { $settings['trusted_host_patterns'][] = '^' . str_replace('.', '\.', $domain) . '$'; + foreach ($this->getSites() as $site) { + $settings['trusted_host_patterns'][] = \vsprintf('^%s\.%s$', [ + $site === 'default' ? 'www' : $site, + str_replace('.', '\.', $domain), + ]); + } } } From 7438cb16dddd4f389263f0740bd0984dc70340bb Mon Sep 17 00:00:00 2001 From: Daniel Love Date: Tue, 29 Mar 2022 14:27:18 -0600 Subject: [PATCH 2/3] Updated `trusted_host_patterns` default functionality & related documentation. --- README.md | 25 ++++++++++++++++++++++--- src/Dotenv.php | 13 ++++++++++++- 2 files changed, 34 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 33a7ed8..9d7d435 100644 --- a/README.md +++ b/README.md @@ -244,12 +244,31 @@ so the shorter DSN can be used. Streamlined environment-dependent configuration of _one_ Solr core is supported at this time. #### TRUSTED_HOST_PATTERNS -Optional. A CSV list of patterns specifying [trusted hosts](https://www.drupal.org/docs/installing-drupal/trusted-host-settings#s-protecting-in-drupal-8). If this -variable is not set, this package will populate Drupal's `trusted_host_patterns` array -based on the value of [DOMAINS](#domains). +Optional. A CSV list of patterns specifying [trusted hosts](https://www.drupal.org/docs/installing-drupal/trusted-host-settings#s-protecting-in-drupal-8). Start (`^`) & end (`$`) characters are added to every pattern, by default. +##### Fallback Functionality +If the `TRUSTED_HOST_PATTERNS` variable is _not_ set, this package will populate +Drupal's `trusted_host_patterns` array based on the values of [DOMAINS](#domains) +& [SITES](#sites) variables. + +###### Examples +If you have `DOMAINS` set to `foo.example,bar.example`, the Drupal `trusted_host_patterns` +settings array would have the following values: + +* `^foo\.example$` +* `^www\.foo\.example$` +* `^bar\.example$` +* `^www\.bar\.example$` + +If you have `DOMAINS` set to `foo.example` & `SITES` set to `bar,baz,qux`, the +Drupal `trusted_host_patterns` setting array would have the following values: + +* `^bar\.foo\.example$` +* `^baz\.foo\.example$` +* `^qux\.foo\.example$` + #### Configuration Conclusion With these few Environment Variables, you will be able to configure Drupal in a streamlined fashion similar to the way Symfony is configured. Support for many more common Drupal features diff --git a/src/Dotenv.php b/src/Dotenv.php index c365cf5..2c1aab3 100644 --- a/src/Dotenv.php +++ b/src/Dotenv.php @@ -259,6 +259,11 @@ public function setDatabaseName(string $database): void $this->databaseName = $database; } + public function isMultiSite(): bool + { + return count($this->getSites()) > 1; + } + public function isMultiSiteDefaultSiteAllowed(): bool { return $this->isMultiSiteDefaultSiteAllowed; @@ -289,6 +294,7 @@ public function getSettings(): array } // Configure trusted host patterns. + // @see https://github.com/unleashedtech/dotenv-drupal/blob/main/README.md#trusted_host_patterns $settings['trusted_host_patterns'] = []; if (isset($_SERVER['TRUSTED_HOST_PATTERNS'])) { foreach (explode(',', $_SERVER['TRUSTED_HOST_PATTERNS']) as $pattern) { @@ -297,8 +303,13 @@ public function getSettings(): array } else { foreach ($this->getDomains() as $domain) { - $settings['trusted_host_patterns'][] = '^' . str_replace('.', '\.', $domain) . '$'; + if (!$this->isMultiSite() || $this->isMultiSiteDefaultSiteAllowed()) { + $settings['trusted_host_patterns'][] = '^' . str_replace('.', '\.', $domain) . '$'; + } foreach ($this->getSites() as $site) { + if ($site === 'default' && !$this->isMultiSiteDefaultSiteAllowed()) { + continue; + } $settings['trusted_host_patterns'][] = \vsprintf('^%s\.%s$', [ $site === 'default' ? 'www' : $site, str_replace('.', '\.', $domain), From 5ea19da4a301e495b313f3025fd25c5b81e0806e Mon Sep 17 00:00:00 2001 From: Daniel Love Date: Wed, 30 Mar 2022 09:13:52 -0600 Subject: [PATCH 3/3] Updating getSettings method to properly construct trusted host patterns for default site. --- src/Dotenv.php | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/src/Dotenv.php b/src/Dotenv.php index 2c1aab3..70b667a 100644 --- a/src/Dotenv.php +++ b/src/Dotenv.php @@ -303,16 +303,19 @@ public function getSettings(): array } else { foreach ($this->getDomains() as $domain) { - if (!$this->isMultiSite() || $this->isMultiSiteDefaultSiteAllowed()) { - $settings['trusted_host_patterns'][] = '^' . str_replace('.', '\.', $domain) . '$'; + if (! $this->isMultiSite() || $this->isMultiSiteDefaultSiteAllowed()) { + $settings['trusted_host_patterns'][] = '^' . \str_replace('.', '\.', $domain) . '$'; + $settings['trusted_host_patterns'][] = '^www\.' . \str_replace('.', '\.', $domain) . '$'; } + foreach ($this->getSites() as $site) { - if ($site === 'default' && !$this->isMultiSiteDefaultSiteAllowed()) { + if ($site === 'default') { continue; } + $settings['trusted_host_patterns'][] = \vsprintf('^%s\.%s$', [ - $site === 'default' ? 'www' : $site, - str_replace('.', '\.', $domain), + $site, + \str_replace('.', '\.', $domain), ]); } }