feat(agent,server): v0.2.7 - mu-plugin WordPress robuste, réparation wp-config, proxy cookies/headers

- Agent: mu-plugin embarqué amélioré (HTTPS forcé, filtres URL, localhost:port)
- Agent: suppression des WP_HOME/WP_SITEURL hardcodés au démarrage des instances
- Server/proxy: envoi X-Forwarded-Port, réécriture headers/body élargie
- Server/proxy: sanitization des Set-Cookie (Secure, SameSite, Domain)
- Dashboard: version agent 0.2.7, action Supprimer complète
- Cleanup: binaires agent 0.2.3-0.2.6 remplacés par 0.2.7
This commit is contained in:
EduBox Dev
2026-06-17 18:23:06 +00:00
parent 2feea2d063
commit b383b11ae2
21 changed files with 396 additions and 46 deletions
+117
View File
@@ -0,0 +1,117 @@
<?php
/**
* Plugin Name: EduBox Public URL
* Description: Adapts WordPress to the public URL used by the visitor, especially behind a reverse proxy.
* Version: 1.0.0
* Author: EduBox
*/
if (!defined('ABSPATH')) {
exit;
}
// Trust forwarded headers from the EduBox reverse proxy
if (isset($_SERVER['HTTP_X_FORWARDED_PROTO'])) {
if (strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) === 'https') {
$_SERVER['HTTPS'] = 'on';
if (!isset($_SERVER['SERVER_PORT']) || $_SERVER['SERVER_PORT'] == 80) {
$_SERVER['SERVER_PORT'] = 443;
}
} elseif (strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) === 'http') {
$_SERVER['HTTPS'] = 'off';
}
}
if (isset($_SERVER['HTTP_X_FORWARDED_HOST']) && !empty($_SERVER['HTTP_X_FORWARDED_HOST'])) {
$_SERVER['HTTP_HOST'] = $_SERVER['HTTP_X_FORWARDED_HOST'];
}
// Compute the public URL from the current request
$edubox_scheme = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') ? 'https' : 'http';
$edubox_host = $_SERVER['HTTP_HOST'] ?? 'localhost';
$edubox_public_url = $edubox_scheme . '://' . $edubox_host;
// Define WP_HOME/WP_SITEURL if not already hardcoded in wp-config.php
if (!defined('WP_HOME')) {
define('WP_HOME', $edubox_public_url);
}
if (!defined('WP_SITEURL')) {
define('WP_SITEURL', $edubox_public_url);
}
// Trust the forwarded port as well when present
if (isset($_SERVER['HTTP_X_FORWARDED_PORT']) && !empty($_SERVER['HTTP_X_FORWARDED_PORT'])) {
$_SERVER['SERVER_PORT'] = $_SERVER['HTTP_X_FORWARDED_PORT'];
}
// Fallback filters in case options are stored with a different URL
add_filter('option_home', 'edubox_filter_public_url');
add_filter('option_siteurl', 'edubox_filter_public_url');
add_filter('home_url', 'edubox_filter_public_url');
add_filter('site_url', 'edubox_filter_public_url');
add_filter('admin_url', 'edubox_filter_public_url');
add_filter('includes_url', 'edubox_filter_public_url');
add_filter('content_url', 'edubox_filter_public_url');
add_filter('plugins_url', 'edubox_filter_public_url');
add_filter('wp_login_url', 'edubox_filter_public_url');
add_filter('wp_logout_url', 'edubox_filter_public_url');
add_filter('wp_redirect', 'edubox_filter_public_url');
add_filter('wp_redirect_location', 'edubox_filter_public_url');
function edubox_filter_public_url($url) {
if (!is_string($url) || empty($url)) {
return $url;
}
$scheme = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') ? 'https' : 'http';
$host = $_SERVER['HTTP_HOST'] ?? 'localhost';
$public = $scheme . '://' . $host;
// Replace known internal bases with the public URL. Include localhost with
// any port, as well as plain http://localhost (which WordPress sometimes
// stores without port).
if (preg_match('#^(https?)://localhost(:\d+)#i', $url, $matches)) {
return $public . substr($url, strlen($matches[0]));
}
$internal_bases = [
'http://localhost',
'https://localhost',
];
foreach ($internal_bases as $base) {
if (strpos($url, $base) === 0) {
return $public . substr($url, strlen($base));
}
}
return $url;
}
// Ensure auth/secure cookies are marked Secure when served over HTTPS.
add_filter('cookie_secure', function ($secure) {
if (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') {
return true;
}
return $secure;
}, 999);
// Force logged-in cookies to be secure as well.
add_filter('secure_logged_in_cookie', function ($secure) {
if (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') {
return true;
}
return $secure;
}, 999);
add_filter('secure_auth_cookie', function ($secure) {
if (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') {
return true;
}
return $secure;
}, 999);
// Help WordPress believe the request method is the real one (Next.js proxy
// preserves this, but some edge cases may benefit).
if (isset($_SERVER['HTTP_X_FORWARDED_METHOD']) && !empty($_SERVER['HTTP_X_FORWARDED_METHOD'])) {
$_SERVER['REQUEST_METHOD'] = strtoupper($_SERVER['HTTP_X_FORWARDED_METHOD']);
}