Closed oschettler closed 8 years ago
Picos's plugin system is very powerful and allows various solutions for this problem. I think the one you have chosen (prefixing the request URL with HTTP_HOST) already is one of the best possible solutions, because it changes the way Pico handles requests least. Actually you just have to move your code from index.php
to the onRequestUrl
event:
class HostBasedContentsPlugin extends AbstractPicoPlugin
{
public function onRequestUrl(&$url)
{
// we don't have to validate this user input here,
// Pico already assumes $url to be possibly poisonous
$url = $_SERVER['HTTP_HOST'] . '/' . $url;
}
}
This allows you to use domain-based contents, if you rather want to use Pico as a "full" multi-domain installation with even different configs, plugins and themes, please refer to #254 and #301.
Cool trick, thank you. I will check out the plugin API more thoroughly.
Meanwhile, I have found another solution: I have prefixed the content_dir with HTTP_HOST in config/config.php like so:
$config['content_dir'] = 'content/' . $_SERVER['HTTP_HOST'] . '/';
Please don't forget that $_SERVER['HTTP_HOST']
is user input and needs validation! As long as your webserver configuration doesn't prevent this as a side-effect, users can exploit this by sending malicious contents (like ../../../../some/folder/you/dont/want/to/be/readable
) as Host
header.
My example avoids this by just modifying the request URL, what is user input as well and therefore gets validated by Pico.
Oha, thank you for pointing this out.
I would like to use PicoCMS to answer on multiple domains and yield separate content, depending on the domain.
For example,
Is there a way to implement this in a plugin? My approach currently is to prefix QUERY_STRING with the value of HTTP_HOST in index.php.