[BUG]: Wrong redirect when running behind nginx

[tosiara]

Version Information

0.14.2

Hashcat

No response

Description

I have exposed hashtopolis to outside network through an nginx:

location /newhashtopolis
        {
        rewrite /newhashtopolis/(.*) /$1  break;
        proxy_redirect     off;
        proxy_set_header   Host $host;
                proxy_pass http://192.168.0.13:8080;
        }

In the settings I specified that prefix:

I'm able to login and navigate to Tasks. But when I try to enable/disable an agent, the redirect is done to /agent.php:

Server: nginx/1.25.4
Date: Mon, 25 Mar 2024 16:17:44 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
X-Powered-By: PHP/8.3.4
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: session=xxx; expires=Mon, 25 Mar 2024 17:17:44 GMT; Max-Age=3600; HttpOnly
Location: /agents.php

Which results in 404 error.

No matter what I put into "base path", it always redirects to /agents.php

[tosiara]

This function may be the root cause, it performs redirect without taking into account the base: https://github.com/hashtopolis/server/blob/master/src/inc/Util.class.php#L701

[tosiara]

This fixed my issue:

diff --git a/src/inc/Util.class.php b/src/inc/Util.class.php
index e64073a9..66a4fa4e 100755
--- a/src/inc/Util.class.php
+++ b/src/inc/Util.class.php
@@ -701,7 +701,7 @@ class Util {
   public static function refresh() {
     global $_SERVER;

-    $url = $_SERVER['PHP_SELF'];
+    $url = SConfig::getInstance()->getVal(DConfig::BASE_URL) . $_SERVER['PHP_SELF'];
     if (strlen($_SERVER['QUERY_STRING']) > 0) {
       $url .= "?" . $_SERVER['QUERY_STRING'];
     }

[tosiara]

Found more places where redirect does not honor the base prefix: https://github.com/search?q=repo%3Ahashtopolis%2Fserver%20%26fw%3D&type=code

[zyronix]

Thanks for your bug reports and this detailed one!