From 66bb22a8a818bcea0be7db55e518a39301bd8b5b Mon Sep 17 00:00:00 2001
From: Frank Schreiner <schreiner@suse.de>
Date: Wed, 18 Oct 2023 11:45:14 +0200
Subject: [PATCH] prefer BASEURL in getApiUrl

This patch should fix the problem that "Add mobile app" is showing the
"calculated" URL using '$_SERVER' variables but ignoring 'BASEURL' from
the config.php.

Without this patch, systems behind a reverse proxy are exposing their
internal settings and do not generate a URL containing the "official"
domain/url
---
 incl/processing.inc.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/incl/processing.inc.php b/incl/processing.inc.php
index 0b47493..c5c8bd7 100755
--- a/incl/processing.inc.php
+++ b/incl/processing.inc.php
@@ -729,6 +729,10 @@ function generateRandomString(int $length = 30): string {
 }
 
 function getApiUrl(string $removeAfter): string {
+    $baseurl = BBConfig::getInstance()["BASEURL"];
+    if ($baseurl && preg_match('/^https?:\/\//',$baseurl)) {
+        return preg_replace("/\/+$/", '', $baseurl) . "/api/";
+    }
     $protocol = ((!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off') || $_SERVER['SERVER_PORT'] == 443) ? "https://" : "http://";
 
     $url = $protocol . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];