refer

8254f279 · root · a9be0e3f · 8254f279 · 8254f279 · 8254f279
10 changed file
--- a/common.php
+++ b/common.php
@@ -36,6 +36,7 @@ $EnvConfigs = [
    'customTheme'       => 0b011,
    'theme'             => 0b010,
    'dontBasicAuth'     => 0b010,
+    'referrer'          => 0b011,

    'Driver'            => 0b100,
    'client_id'         => 0b100,
@@ -254,6 +255,8 @@ function main($path)
        }
    }

+    if (!isreferhost()) return message('Must visit from designated host', 'NOT_ALLOWED', 403);
+
    // Show disks in root
    if ($files['showname'] == 'root') return render_list($path, $files);

@@ -419,6 +422,19 @@ function extendShow_diskenv($drive)
    return $drive->ext_show_innerenv();
 }

+function isreferhost() {
+    $referer = $_SERVER['referhost'];
+    if ($referer=='') return true;
+    if ($referer==$_SERVER['HTTP_HOST']) return true;
+    $referrer = getConfig('referrer');
+    if ($referrer=='') return true;
+    $arr = explode('|', $referrer);
+    foreach ($arr as $host) {
+        if ($host == $referer) return true;
+    }
+    return false;
+}
+
 function pass2cookie($name, $pass)
 {
    return md5($name . ':' . md5($pass));
@@ -533,7 +549,7 @@ function getListpath($domain)
        }
    }
    if (isset($domain_path[$domain])) return spurlencode($domain_path[$domain],'/');
-    return spurlencode($public_path,'/');
+    return spurlencode($public_path, '/');
 }

 function path_format($path)
@@ -639,44 +655,6 @@ function curl($method, $url, $data = '', $headers = [], $returnheader = 0)
    return $response;
 }

-function curl_request($url, $data = false, $headers = [], $returnheader = 0)
-{
-    if (!isset($headers['Accept'])) $headers['Accept'] = '*/*';
-    //if (!isset($headers['Referer'])) $headers['Referer'] = $url;
-    //if (!isset($headers['Content-Type'])) $headers['Content-Type'] = 'application/x-www-form-urlencoded';
-    $sendHeaders = array();
-    foreach ($headers as $headerName => $headerVal) {
-        $sendHeaders[] = $headerName . ': ' . $headerVal;
-    }
-    $ch = curl_init();
-    curl_setopt($ch, CURLOPT_URL, $url);
-    if ($data !== false) {
-        curl_setopt($ch, CURLOPT_POST, 1);
-        curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
-    }
-    curl_setopt($ch, CURLOPT_TIMEOUT, 5);
-    curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);
-    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
-    curl_setopt($ch, CURLOPT_HEADER, $returnheader);
-    curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
-    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
-    curl_setopt($ch, CURLOPT_HTTPHEADER, $sendHeaders);
-    //$response['body'] = curl_exec($ch);
-    if ($returnheader) {
-        list($returnhead, $response['body']) = explode("\r\n\r\n", curl_exec($ch));
-        foreach (explode("\r\n", $returnhead) as $head) {
-            $tmp = explode(': ', $head);
-            $heads[$tmp[0]] = $tmp[1];
-        }
-        $response['returnhead'] = $heads;
-    } else {
-        $response['body'] = curl_exec($ch);
-    }
-    $response['stat'] = curl_getinfo($ch, CURLINFO_HTTP_CODE);
-    curl_close($ch);
-    return $response;
-}
-
 function clearbehindvalue($path,$page1,$maxpage,$pageinfocache)
 {
    for ($page=$page1+1;$page<$maxpage;$page++) {
@@ -776,6 +754,7 @@ function message($message, $title = 'Message', $statusCode = 200)
    <meta name=viewport content="width=device-width,initial-scale=1">
    <body>
        <h1>' . $title . '</h1>
+        <a href="' . $_SERVER['base_path'] . '">' . getconstStr('Back') . getconstStr('Home') . '</a>
        <p>

 ' . $message . '
@@ -814,8 +793,9 @@ function needUpdate()

 function output($body, $statusCode = 200, $headers = ['Content-Type' => 'text/html'], $isBase64Encoded = false)
 {
-    //$headers['Referrer-Policy'] = 'same-origin';
-    $headers['Referrer-Policy'] = 'no-referrer';
+    if (isset($_SERVER['Set-Cookie'])) $headers['Set-Cookie'] = $_SERVER['Set-Cookie'];
+    $headers['Referrer-Policy'] = 'no-referrer'; //$headers['Referrer-Policy'] = 'same-origin';
+    $headers['X-Frame-Options'] = 'sameorigin';
    return [
        'isBase64Encoded' => $isBase64Encoded,
        'statusCode' => $statusCode,
@@ -874,12 +854,8 @@ function adminform($name = '', $pass = '', $path = '')
        <body>' . getconstStr('LoginSuccess') . '</body></html>';
        $statusCode = 201;
        date_default_timezone_set('UTC');
-        $header = [
-            'Set-Cookie' => $name . '=' . $pass . '; path=/; expires=' . date(DATE_COOKIE, strtotime('+7day')),
-            //'Location' => $path,
-            'Content-Type' => 'text/html'
-        ];
-        return output($html, $statusCode, $header);
+        $_SERVER['Set-Cookie'] = $name . '=' . $pass . '; path=/; expires=' . date(DATE_COOKIE, strtotime('+7day'));
+        return output($html, $statusCode);
    }
    $statusCode = 401;
    $html .= '
@@ -1059,7 +1035,8 @@ function EnvOpt($needUpdate = 0)
    global $drive;
    ksort($EnvConfigs);
    $envs = '';
-    foreach ($EnvConfigs as $env => $v) if (isCommonEnv($env)) $envs .= '\'' . $env . '\', ';
+    //foreach ($EnvConfigs as $env => $v) if (isCommonEnv($env)) $envs .= '\'' . $env . '\', ';
+    $envs = substr(json_encode(array_keys ($EnvConfigs)), 1, -1);

    $html = '<title>OneManager '.getconstStr('Setup').'</title>';
    if (isset($_POST['updateProgram'])&&$_POST['updateProgram']==getconstStr('updateProgram')) {
@@ -1127,7 +1104,7 @@ function EnvOpt($needUpdate = 0)
        $preurl = path_format($_SERVER['PHP_SELF'] . '/');
    }
    $html .= '
-<a href="'.$preurl.'">'.getconstStr('Back').'</a>&nbsp;&nbsp;&nbsp;<a href="'.$_SERVER['base_path'].'">'.getconstStr('Back').getconstStr('Home').'</a><br>
+<a href="'.$preurl.'">'.getconstStr('Back').'</a><br>
 <a href="https://github.com/qkqpttgf/OneManager-php">Github</a><br>';

    $html .= '
@@ -1137,11 +1114,12 @@ function EnvOpt($needUpdate = 0)
            <td colspan="2">'.getconstStr('PlatformConfig').'</td>
        </tr>';
    foreach ($EnvConfigs as $key => $val) if (isCommonEnv($key) && isShowedEnv($key)) {
-        if ($key=='timezone') {
-            $html .= '
+        $html .= '
        <tr>
            <td><label>' . $key . '</label></td>
-            <td width=100%>
+            <td width=100%>';
+        if ($key=='timezone') {
+            $html .= '
                <select name="' . $key .'">';
            foreach (array_keys($timezones) as $zone) {
                $html .= '
@@ -1149,15 +1127,10 @@ function EnvOpt($needUpdate = 0)
            }
            $html .= '
                </select>
-                '.getconstStr('EnvironmentsDescription')[$key].'
-            </td>
-        </tr>';
+                ' . getconstStr('EnvironmentsDescription')[$key];
        } elseif ($key=='theme') {
            $theme_arr = scandir(__DIR__ . $slash . 'theme');
            $html .= '
-        <tr>
-            <td><label>' . $key . '</label></td>
-            <td width=100%>
                <select name="' . $key .'">
                    <option value=""></option>';
            foreach ($theme_arr as $v1) {
@@ -1166,9 +1139,7 @@ function EnvOpt($needUpdate = 0)
            }
            $html .= '
                </select>
-                '.getconstStr('EnvironmentsDescription')[$key].'
-            </td>
-        </tr>';
+                ' . getconstStr('EnvironmentsDescription')[$key];
        } /*elseif ($key=='domain_path') {
            $tmp = getConfig($key);
            $domain_path = '';
@@ -1182,13 +1153,13 @@ function EnvOpt($needUpdate = 0)
            <td width=100%><input type="text" name="' . $key .'" value="' . $domain_path . '" placeholder="' . getconstStr('EnvironmentsDescription')[$key] . '" style="width:100%"></td>
        </tr>';
        }*/ else $html .= '
-        <tr>
-            <td><label>' . $key . '</label></td>
-            <td width=100%><input type="text" name="' . $key .'" value="' . htmlspecialchars(getConfig($key)) . '" placeholder="' . getconstStr('EnvironmentsDescription')[$key] . '" style="width:100%"></td>
+                <input type="text" name="' . $key . '" value="' . htmlspecialchars(getConfig($key)) . '" placeholder="' . getconstStr('EnvironmentsDescription')[$key] . '" style="width:100%">';
+        $html .= '
+            </td>
        </tr>';
    }
    $html .= '
-        <tr><td><input type="submit" name="submit1" value="'.getconstStr('Setup').'"></td></tr>
+        <tr><td><input type="submit" name="submit1" value="' . getconstStr('Setup') . '"></td></tr>
    </form>
 </table><br>';
    $disktags = explode('|', getConfig('disktag'));
@@ -1249,7 +1220,7 @@ function EnvOpt($needUpdate = 0)
        }
        envs = [' . $envs . '];
        if (envs.indexOf(t.disktag_sort.value)>-1) {
-            alert("Do not input ' . $envs . '");
+            alert(\'Do not input ' . $envs . '\');
            return false;
        }
        return true;
@@ -1276,21 +1247,21 @@ function EnvOpt($needUpdate = 0)
    <tr>
        <td>
            <form action="" method="post" style="margin: 0" onsubmit="return deldiskconfirm(this);">
-                <input type="hidden" name="disktag_del" value="'.$disktag.'">
-                <input type="submit" name="submit1" value="'.getconstStr('DelDisk').'">
-            </form>
-        </td>
-        <td>
-            <form action="" method="post" style="margin: 0" onsubmit="return renametag(this);">
-                <input type="hidden" name="disktag_rename" value="'.$disktag.'">
-                <input type="text" name="disktag_newname" value="'.$disktag.'" placeholder="' . getconstStr('EnvironmentsDescription')['disktag'] . '">
-                <input type="submit" name="submit1" value="'.getconstStr('RenameDisk').'">
+                <input type="hidden" name="disktag_del" value="' . $disktag . '">
+                <input type="submit" name="submit1" value="' . getconstStr('DelDisk') . '">
            </form>
            <form action="" method="post" style="margin: 0">
                <input type="hidden" name="disktag_copy" value="' . $disktag . '">
                <input type="submit" name="submit1" value="' . getconstStr('CopyDisk') . '">
            </form>
        </td>
+        <td>
+            <form action="" method="post" style="margin: 0" onsubmit="return renametag(this);">
+                <input type="hidden" name="disktag_rename" value="' . $disktag . '">
+                <input type="text" name="disktag_newname" value="' . $disktag . '" placeholder="' . getconstStr('EnvironmentsDescription')['disktag'] . '">
+                <input type="submit" name="submit1" value="' . getconstStr('RenameDisk') . '">
+            </form>
+        </td>
    </tr>
    <tr>
        <td>Driver</td>
@@ -1306,13 +1277,13 @@ function EnvOpt($needUpdate = 0)

            if ($diskok) {
                $html .= '
-    <form name="'.$disktag.'" action="" method="post">
-        <input type="hidden" name="disk" value="'.$disktag.'">';
+    <form name="' . $disktag . '" action="" method="post">
+        <input type="hidden" name="disk" value="' . $disktag . '">';
                foreach ($EnvConfigs as $key => $val) if (isInnerEnv($key) && isShowedEnv($key)) {
                    $html .= '
        <tr>
            <td><label>' . $key . '</label></td>
-            <td width=100%><input type="text" name="' . $key .'" value="' . getConfig($key, $disktag) . '" placeholder="' . getconstStr('EnvironmentsDescription')[$key] . '" style="width:100%"></td>
+            <td width=100%><input type="text" name="' . $key . '" value="' . getConfig($key, $disktag) . '" placeholder="' . getconstStr('EnvironmentsDescription')[$key] . '" style="width:100%"></td>
        </tr>';
                }
                $html .= '
@@ -1321,7 +1292,7 @@ function EnvOpt($needUpdate = 0)
            } else {
                $html .= '
    <tr>
-        <td colspan="2">Please add this disk again.</td>
+        <td colspan="2">' . $disk_tmp->error['body'] . '</td>
    </tr>';
            }
            $html .= '
@@ -1369,17 +1340,17 @@ function EnvOpt($needUpdate = 0)
    }
    if (!$canOneKeyUpate) {
        $html .= '
-'.getconstStr('CannotOneKeyUpate').'<br>';
+' . getconstStr('CannotOneKeyUpate') . '<br>';
    } else {
        $html .= '
 <form name="updateform" action="" method="post">
    <input type="text" name="auth" size="6" placeholder="auth" value="qkqpttgf">
    <input type="text" name="project" size="12" placeholder="project" value="OneManager-php">
-    <button name="QueryBranchs" onclick="querybranchs();return false;">'.getconstStr('QueryBranchs').'</button>
+    <button name="QueryBranchs" onclick="querybranchs();return false;">' . getconstStr('QueryBranchs') . '</button>
    <select name="branch">
        <option value="master">master</option>
    </select>
-    <input type="submit" name="updateProgram" value="'.getconstStr('updateProgram').'">
+    <input type="submit" name="updateProgram" value="' . getconstStr('updateProgram') . '">
 </form>
 <script>
    function deldiskconfirm(t) {
@@ -1389,7 +1360,7 @@ function EnvOpt($needUpdate = 0)
    }
    function renametag(t) {
        if (t.disktag_newname.value==\'\') {
-            alert(\''.getconstStr('DiskTag').'\');
+            alert(\'' . getconstStr('DiskTag') . '\');
            return false;
        }
        if (t.disktag_newname.value==t.disktag_rename.value) {
@@ -1397,12 +1368,12 @@ function EnvOpt($needUpdate = 0)
        }
        envs = [' . $envs . '];
        if (envs.indexOf(t.disktag_newname.value)>-1) {
-            alert("Do not input ' . $envs . '");
+            alert(\'Do not input ' . $envs . '\');
            return false;
        }
        var reg = /^[a-zA-Z]([_a-zA-Z0-9]{1,20})$/;
        if (!reg.test(t.disktag_newname.value)) {
-            alert(\''.getconstStr('TagFormatAlert').'\');
+            alert(\'' . getconstStr('TagFormatAlert') . '\');
            return false;
        }
        return true;
@@ -1413,7 +1384,6 @@ function EnvOpt($needUpdate = 0)
        var xhr = new XMLHttpRequest();
        xhr.open("GET", "https://api.github.com/repos/"+document.updateform.auth.value+"/"+document.updateform.project.value+"/branches");
        //xhr.setRequestHeader("User-Agent","qkqpttgf/OneManager");
-        xhr.send(null);
        xhr.onload = function(e){
            console.log(xhr.responseText+","+xhr.status);
            if (xhr.status==200) {
@@ -1430,6 +1400,7 @@ function EnvOpt($needUpdate = 0)
        xhr.onerror = function(e){
            alert("Network Error "+xhr.status);
        }
+        xhr.send(null);
    }
 </script>
 ';
@@ -2426,6 +2397,6 @@ function render_list($path = '', $files = [])

    $tmp = splitfirst($html, '</title>');
    $html = $tmp[0] . '</title>' . $authinfo . $tmp[1];
-    if (isset($_SERVER['Set-Cookie'])) return output($html, $statusCode, [ 'Set-Cookie' => $_SERVER['Set-Cookie'], 'Content-Type' => 'text/html' ]);
+    //if (isset($_SERVER['Set-Cookie'])) return output($html, $statusCode, [ 'Set-Cookie' => $_SERVER['Set-Cookie'], 'Content-Type' => 'text/html' ]);
    return output($html, $statusCode);
 }
--- a/conststr.php
+++ b/conststr.php
@@ -93,6 +93,7 @@ $constStr = [
            'customScript' => '<script> in all pages, e.g. http turn to https',
            'customCss' => '<style> in <head>',
            'customTheme' => 'an url of html',
+            'referrer' => 'only these domains can refer resourse in this site, format is a1.com|b2.com',
            'domain_path' => 'more custom domain, format is a1.com:/dirto/path1|b2.com:/path2',
            'diskname' => 'The disk name you want show.',
            'disktag' => 'A tag used in store config and url.',
@@ -119,6 +120,7 @@ $constStr = [
            'customScript' => '<script>，在所有页都会存在,例如放一个http跳转https',
            'customCss' => '<style>，在<head>最后面',
            'customTheme' => 'html格式的主题的url',
+            'referrer' => '只有这些域名能引用本站资源。格式为a1.com|b1.com',
            'domain_path' => '使用多个自定义域名时，指定每个域名看到的目录。格式为a1.com:/dirto/path1|b1.com:/path2，比private_path优先。',
            'diskname' => '这个盘你想显示什么名称。',
            'disktag' => '一个标签，用于保存配置，多盘时会显示在url中。',
@@ -145,6 +147,7 @@ $constStr = [
            'customScript' => '<script>，在所有頁都會存在,例如放一個http跳轉https',
            'customCss' => '<style>，在<head>最後面',
            'customTheme' => 'html格式的主題的url',
+            'referrer' => '',
            'domain_path' => '使用多個自訂域名時，指定每個域名看到的目錄。格式為a1.com:/dirto/path1|b1.com:/path2，比private_path優先。',
            'diskname' => '這個盤你想顯示什麼名稱。',
            'disktag' => '一個標籤，用於儲存配置，多盤時會顯示在url中。',
@@ -170,6 +173,7 @@ $constStr = [
            'customScript' => '＜script＞は、すべてのページに存在します。例えば、httpを置いてhttpsをジャンプします。',
            'customCss' => '＜style＞は、＜head＞の一番後ろにあります。',
            'customTheme' => 'htmlフォーマットのテーマのurl',
+            'referrer' => '',
            'domain_path' => '複数のドメイン名を使用する場合、ドメイン名ごとに見られるディレクトリを指定します。フォーマットはa 1.com:/dirto/path 1.com:/path 2で、prvate_path優先。',
            'diskname' => 'このディスクの名前を表示したいですか？',
            'disktag' => '一つのラベルは保存配置に使い、複数のディスクはurlに表示されます。',
@@ -195,6 +199,7 @@ $constStr = [
            'customScript' => '< script > 은 모든 페이지 에 존재 합 니 다. 예 를 들 어 http 을 하나 넣 고 https 로 이동 합 니 다.',
            'customCss' => '< 스타일 >, < 헤드 > 맨 뒤에',
            'customTheme' => 'html 형식의 테마 url',
+            'referrer' => '',
            'domain_path' => '도 메 인 이름 을 여러 개 사용자 정의 할 때 도 메 인 이름 마다 보 이 는 디 렉 터 리 를 지정 합 니 다.형식 은 a1. com: / dirto / path 1 | b1. com: / path 2, privatepath 우선.',
            'diskname' => '이 접시 에 당신 은 어떤 명칭 을 표시 하고 싶 습 니까?',
            'disktag' => '디스크가 여러 개인 경우 구성을 저장하는 데 사용되는 레이블이 url에 표시됩니다.',
@@ -216,6 +221,7 @@ $constStr = [
        'fa' => [
            'admin' => 'رمز عبور ادمین، در صورت خالی بودن دکمه لاگین به نمایش در نمی‌آید',
            'adminloginpage' => 'در صورت تنظیم ، دکمه ورود نمایش داده نمی شود و صفحه ورود دیگر \?admin\ نیست بلکه \?{مقدار ورودی شما}\ است.',
+            'referrer' => '',
            'domain_path' => 'تنظیم دامنه سفارشی، به صورت a1.com:/dirto/path1|b2.com:/path2',
            'diskname' => 'نام دیسک که می‌خواهید نشان دهید.',
            'disktag' => 'تگی که در ذخیره پیکربندی و نشانی اینترنتی استفاده می‌شود.',
@@ -234,6 +240,7 @@ $constStr = [
            'customScript' => 'في جميع الصفحات ، على سبيل المثال ، وضع النص المتشعب القفز HTTPS',
            'customCss' => '<style>，في الجزء الخلفي من',
            'customTheme' => 'أتش تي أم أل شكل عنوان الموضوع',
+            'referrer' => '',
            'domain_path' => 'عند استخدام العديد من أسماء النطاقات المخصصة ، حدد الدليل الذي يرى كل اسم النطاق   هذا هو القانون ؛   بات اولا',
            'diskname' => 'ما اسم هذا القرص الذي تريد أن تظهر ؟',
            'disktag' => 'العلامة التي تستخدم لحفظ التكوين ، يتم عرضها في عناوين المواقع عند تعدد الأقراص',

--- a/platform/AliyunFC.php
+++ b/platform/AliyunFC.php
@@ -28,12 +28,6 @@ function GetGlobalVariable($event)
        $pos = strpos($cookievalues,"=");
        $_COOKIE[urldecode(substr($cookievalues,0,$pos))]=urldecode(substr($cookievalues,$pos+1));
    }
-    if (isset($event['headers']['Authorization'])) {
-        $basicAuth = splitfirst(base64_decode(splitfirst($event['headers']['Authorization'][0], 'Basic ')[1]), ':');
-        $_SERVER['PHP_AUTH_USER'] = $basicAuth[0];
-        $_SERVER['PHP_AUTH_PW'] = $basicAuth[1];
-    }
-    $_SERVER['FC_SERVER_PATH'] = '/var/fc/runtime/php7.2';
 }

 function GetPathSetting($event, $context)
@@ -57,6 +51,17 @@ function GetPathSetting($event, $context)
    $_SERVER['PHP_SELF'] = path_format($_SERVER['base_path'] . $path);
    $_SERVER['REMOTE_ADDR'] = $event['clientIP'];
    $_SERVER['HTTP_X_REQUESTED_WITH'] = $event['headers']['X-Requested-With'][0];
+    if (isset($event['headers']['Authorization'])) {
+        $basicAuth = splitfirst(base64_decode(splitfirst($event['headers']['Authorization'][0], 'Basic ')[1]), ':');
+        $_SERVER['PHP_AUTH_USER'] = $basicAuth[0];
+        $_SERVER['PHP_AUTH_PW'] = $basicAuth[1];
+    }
+    $_SERVER['HTTP_HOST'] = $event['headers']['Host'][0];
+    $_SERVER['REQUEST_SCHEME'] = $event['headers']['X-Forwarded-Proto'][0];
+    $_SERVER['host'] = $_SERVER['REQUEST_SCHEME'] . '://' . $_SERVER['HTTP_HOST'];
+    //if ($_SERVER['HTTP_REFERER']!='') 
+    $_SERVER['referhost'] = explode('/', $event['headers']['Referer'][0])[2];
+    $_SERVER['FC_SERVER_PATH'] = '/var/fc/runtime/php7.2';
    return $path;
 }


--- a/platform/BaiduCFC.php
+++ b/platform/BaiduCFC.php
@@ -26,14 +26,6 @@ function GetGlobalVariable($event)
        $pos = strpos($cookievalues,"=");
        $_COOKIE[urldecode(substr($cookievalues,0,$pos))]=urldecode(substr($cookievalues,$pos+1));
    }
-    $_SERVER['HTTP_USER_AGENT'] = $event['headers']['User-Agent'];
-    if (isset($event['headers']['authorization'])) {
-        $basicAuth = splitfirst(base64_decode(splitfirst($event['headers']['authorization'], 'Basic ')[1]), ':');
-        $_SERVER['PHP_AUTH_USER'] = $basicAuth[0];
-        $_SERVER['PHP_AUTH_PW'] = $basicAuth[1];
-    }
-    $_SERVER['HTTP_TRANSLATE'] = $event['headers']['translate'];//'f'
-    $_SERVER['BCE_CFC_RUNTIME_NAME'] = 'php7';
 }

 function GetPathSetting($event, $context)
@@ -47,6 +39,19 @@ function GetPathSetting($event, $context)
    $_SERVER['PHP_SELF'] = path_format($_SERVER['base_path'] . $path);
    $_SERVER['REMOTE_ADDR'] = $event['requestContext']['sourceIp'];
    $_SERVER['HTTP_X_REQUESTED_WITH'] = $event['headers']['X-Requested-With'];
+    $_SERVER['HTTP_USER_AGENT'] = $event['headers']['User-Agent'];
+    if (isset($event['headers']['authorization'])) {
+        $basicAuth = splitfirst(base64_decode(splitfirst($event['headers']['authorization'], 'Basic ')[1]), ':');
+        $_SERVER['PHP_AUTH_USER'] = $basicAuth[0];
+        $_SERVER['PHP_AUTH_PW'] = $basicAuth[1];
+    }
+    $_SERVER['HTTP_HOST'] = $event['headers']['Host'];
+    $_SERVER['REQUEST_SCHEME'] = $event['headers']['X-Forwarded-Proto'];
+    $_SERVER['host'] = $_SERVER['REQUEST_SCHEME'] . '://' . $_SERVER['HTTP_HOST'];
+    //if ($_SERVER['HTTP_REFERER']!='') 
+    $_SERVER['referhost'] = explode('/', $event['headers']['Referer'])[2];
+    $_SERVER['HTTP_TRANSLATE'] = $event['headers']['translate'];//'f'
+    $_SERVER['BCE_CFC_RUNTIME_NAME'] = 'php7';
    return $path;
 }


--- a/platform/Heroku.php
+++ b/platform/Heroku.php
@@ -4,6 +4,9 @@ function getpath()
 {
    $_SERVER['firstacceptlanguage'] = strtolower(splitfirst(splitfirst($_SERVER['HTTP_ACCEPT_LANGUAGE'],';')[0],',')[0]);
    $_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_X_FORWARDED_FOR'];
+    $_SERVER['REQUEST_SCHEME'] = $_SERVER['HTTP_X_FORWARDED_PROTO'];
+    $_SERVER['host'] = $_SERVER['REQUEST_SCHEME'] . '://' . $_SERVER['HTTP_HOST'];
+    $_SERVER['referhost'] = explode('/', $_SERVER['HTTP_REFERER'])[2];
    $_SERVER['base_path'] = path_format(substr($_SERVER['SCRIPT_NAME'], 0, -10) . '/');
    $p = strpos($_SERVER['REQUEST_URI'],'?');
    if ($p>0) $path = substr($_SERVER['REQUEST_URI'], 0, $p);

--- a/platform/HuaweiFG_env.php
+++ b/platform/HuaweiFG_env.php
@@ -39,14 +39,6 @@ function GetGlobalVariable($event)
        $pos = strpos($cookievalues,"=");
        $_COOKIE[urldecode(substr($cookievalues,0,$pos))]=urldecode(substr($cookievalues,$pos+1));
    }
-    $_SERVER['HTTP_USER_AGENT'] = $event['headers']['user-agent'];
-    if (isset($event['headers']['authorization'])) {
-        $basicAuth = splitfirst(base64_decode(splitfirst($event['headers']['authorization'], 'Basic ')[1]), ':');
-        $_SERVER['PHP_AUTH_USER'] = $basicAuth[0];
-        $_SERVER['PHP_AUTH_PW'] = $basicAuth[1];
-    }
-    $_SERVER['HTTP_TRANSLATE'] = $event['headers']['translate'];//'f'
-    $_SERVER['_APP_SHARE_DIR'] = '/var/share/CFF/processrouter';
 }

 function GetPathSetting($event, $context)
@@ -69,6 +61,18 @@ function GetPathSetting($event, $context)
    $_SERVER['PHP_SELF'] = path_format($_SERVER['base_path'] . $path);
    $_SERVER['REMOTE_ADDR'] = $event['headers']['x-real-ip'];
    $_SERVER['HTTP_X_REQUESTED_WITH'] = $event['headers']['x-requested-with'];
+    $_SERVER['HTTP_USER_AGENT'] = $event['headers']['user-agent'];
+    if (isset($event['headers']['authorization'])) {
+        $basicAuth = splitfirst(base64_decode(splitfirst($event['headers']['authorization'], 'Basic ')[1]), ':');
+        $_SERVER['PHP_AUTH_USER'] = $basicAuth[0];
+        $_SERVER['PHP_AUTH_PW'] = $basicAuth[1];
+    }
+    $_SERVER['REQUEST_SCHEME'] = $event['headers']['x-forwarded-proto'];
+    $_SERVER['host'] = $_SERVER['REQUEST_SCHEME'] . '://' . $_SERVER['HTTP_HOST'];
+    //if ($_SERVER['HTTP_REFERER']!='') 
+    $_SERVER['referhost'] = explode('/', $event['headers']['referer'])[2];
+    $_SERVER['HTTP_TRANSLATE'] = $event['headers']['translate'];//'f'
+    $_SERVER['_APP_SHARE_DIR'] = '/var/share/CFF/processrouter';
    return $path;
 }


--- a/platform/HuaweiFG_file.php
+++ b/platform/HuaweiFG_file.php
@@ -39,14 +39,6 @@ function GetGlobalVariable($event)
        $pos = strpos($cookievalues,"=");
        $_COOKIE[urldecode(substr($cookievalues,0,$pos))]=urldecode(substr($cookievalues,$pos+1));
    }
-    $_SERVER['HTTP_USER_AGENT'] = $event['headers']['user-agent'];
-    if (isset($event['headers']['authorization'])) {
-        $basicAuth = splitfirst(base64_decode(splitfirst($event['headers']['authorization'], 'Basic ')[1]), ':');
-        $_SERVER['PHP_AUTH_USER'] = $basicAuth[0];
-        $_SERVER['PHP_AUTH_PW'] = $basicAuth[1];
-    }
-    $_SERVER['HTTP_TRANSLATE'] = $event['headers']['translate'];//'f'
-    $_SERVER['_APP_SHARE_DIR'] = '/var/share/CFF/processrouter';
 }

 function GetPathSetting($event, $context)
@@ -69,6 +61,18 @@ function GetPathSetting($event, $context)
    $_SERVER['PHP_SELF'] = path_format($_SERVER['base_path'] . $path);
    $_SERVER['REMOTE_ADDR'] = $event['headers']['x-real-ip'];
    $_SERVER['HTTP_X_REQUESTED_WITH'] = $event['headers']['x-requested-with'];
+    $_SERVER['HTTP_USER_AGENT'] = $event['headers']['user-agent'];
+    if (isset($event['headers']['authorization'])) {
+        $basicAuth = splitfirst(base64_decode(splitfirst($event['headers']['authorization'], 'Basic ')[1]), ':');
+        $_SERVER['PHP_AUTH_USER'] = $basicAuth[0];
+        $_SERVER['PHP_AUTH_PW'] = $basicAuth[1];
+    }
+    $_SERVER['REQUEST_SCHEME'] = $event['headers']['x-forwarded-proto'];
+    $_SERVER['host'] = $_SERVER['REQUEST_SCHEME'] . '://' . $_SERVER['HTTP_HOST'];
+    //if ($_SERVER['HTTP_REFERER']!='') 
+    $_SERVER['referhost'] = explode('/', $event['headers']['referer'])[2];
+    $_SERVER['HTTP_TRANSLATE'] = $event['headers']['translate'];//'f'
+    $_SERVER['_APP_SHARE_DIR'] = '/var/share/CFF/processrouter';
    return $path;
 }


--- a/platform/Normal.php
+++ b/platform/Normal.php
@@ -4,6 +4,9 @@ function getpath()
 {
    $_SERVER['firstacceptlanguage'] = strtolower(splitfirst(splitfirst($_SERVER['HTTP_ACCEPT_LANGUAGE'],';')[0],',')[0]);
    if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) $_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_X_FORWARDED_FOR'];
+    $_SERVER['host'] = $_SERVER['REQUEST_SCHEME'] . '://' . $_SERVER['HTTP_HOST'];
+    //if ($_SERVER['HTTP_REFERER']!='') 
+    $_SERVER['referhost'] = explode('/', $_SERVER['HTTP_REFERER'])[2];
    if (isset($_SERVER['DOCUMENT_ROOT'])&&$_SERVER['DOCUMENT_ROOT']==='/app') $_SERVER['base_path'] = '/';
    else $_SERVER['base_path'] = path_format(substr($_SERVER['SCRIPT_NAME'], 0, -10) . '/');
    if (isset($_SERVER['UNENCODED_URL'])) $_SERVER['REQUEST_URI'] = $_SERVER['UNENCODED_URL'];

--- a/platform/TencentSCF_env.php
+++ b/platform/TencentSCF_env.php
@@ -23,14 +23,6 @@ function GetGlobalVariable($event)
        $pos = strpos($cookievalues,"=");
        $_COOKIE[urldecode(substr($cookievalues,0,$pos))]=urldecode(substr($cookievalues,$pos+1));
    }
-    $_SERVER['HTTP_USER_AGENT'] = $event['headers']['user-agent'];
-    if (isset($event['headers']['authorization'])) {
-        $basicAuth = splitfirst(base64_decode(splitfirst($event['headers']['authorization'], 'Basic ')[1]), ':');
-        $_SERVER['PHP_AUTH_USER'] = $basicAuth[0];
-        $_SERVER['PHP_AUTH_PW'] = $basicAuth[1];
-    }
-    $_SERVER['HTTP_TRANSLATE']==$event['headers']['translate'];//'f'
-    $_SERVER['USER'] = 'qcloud';
 }

 function GetPathSetting($event, $context)
@@ -54,6 +46,17 @@ function GetPathSetting($event, $context)
    $_SERVER['PHP_SELF'] = path_format($_SERVER['base_path'] . $path);
    $_SERVER['REMOTE_ADDR'] = $event['requestContext']['sourceIp'];
    $_SERVER['HTTP_X_REQUESTED_WITH'] = $event['headers']['x-requested-with'];
+    $_SERVER['HTTP_USER_AGENT'] = $event['headers']['user-agent'];
+    if (isset($event['headers']['authorization'])) {
+        $basicAuth = splitfirst(base64_decode(splitfirst($event['headers']['authorization'], 'Basic ')[1]), ':');
+        $_SERVER['PHP_AUTH_USER'] = $basicAuth[0];
+        $_SERVER['PHP_AUTH_PW'] = $basicAuth[1];
+    }
+    $_SERVER['REQUEST_SCHEME'] = $event['headers']['x-forwarded-proto'];
+    $_SERVER['host'] = $_SERVER['REQUEST_SCHEME'] . '://' . $_SERVER['HTTP_HOST'];
+    $_SERVER['referhost'] = explode('/', $event['headers']['referer'])[2];
+    $_SERVER['HTTP_TRANSLATE']==$event['headers']['translate'];//'f'
+    $_SERVER['USER'] = 'qcloud';
    return $path;
 }


--- a/platform/TencentSCF_file.php
+++ b/platform/TencentSCF_file.php
@@ -23,14 +23,6 @@ function GetGlobalVariable($event)
        $pos = strpos($cookievalues,"=");
        $_COOKIE[urldecode(substr($cookievalues,0,$pos))]=urldecode(substr($cookievalues,$pos+1));
    }
-    $_SERVER['HTTP_USER_AGENT'] = $event['headers']['user-agent'];
-    if (isset($event['headers']['authorization'])) {
-        $basicAuth = splitfirst(base64_decode(splitfirst($event['headers']['authorization'], 'Basic ')[1]), ':');
-        $_SERVER['PHP_AUTH_USER'] = $basicAuth[0];
-        $_SERVER['PHP_AUTH_PW'] = $basicAuth[1];
-    }
-    $_SERVER['HTTP_TRANSLATE']==$event['headers']['translate'];//'f'
-    $_SERVER['USER'] = 'qcloud';
 }

 function GetPathSetting($event, $context)
@@ -54,6 +46,17 @@ function GetPathSetting($event, $context)
    $_SERVER['PHP_SELF'] = path_format($_SERVER['base_path'] . $path);
    $_SERVER['REMOTE_ADDR'] = $event['requestContext']['sourceIp'];
    $_SERVER['HTTP_X_REQUESTED_WITH'] = $event['headers']['x-requested-with'];
+    $_SERVER['HTTP_USER_AGENT'] = $event['headers']['user-agent'];
+    if (isset($event['headers']['authorization'])) {
+        $basicAuth = splitfirst(base64_decode(splitfirst($event['headers']['authorization'], 'Basic ')[1]), ':');
+        $_SERVER['PHP_AUTH_USER'] = $basicAuth[0];
+        $_SERVER['PHP_AUTH_PW'] = $basicAuth[1];
+    }
+    $_SERVER['REQUEST_SCHEME'] = $event['headers']['x-forwarded-proto'];
+    $_SERVER['host'] = $_SERVER['REQUEST_SCHEME'] . '://' . $_SERVER['HTTP_HOST'];
+    $_SERVER['referhost'] = explode('/', $event['headers']['referer'])[2];
+    $_SERVER['HTTP_TRANSLATE']==$event['headers']['translate'];//'f'
+    $_SERVER['USER'] = 'qcloud';
    return $path;
 }