Ticket #8641 (closed enhancement: fixed)

Opened 3 years ago

Last modified 3 years ago

Improvements to is_ssl()

Reported by: johnbillion Owned by: johnbillion
Priority: normal Milestone: 2.7.1
Component: Security Version: 2.7
Severity: normal Keywords: is_ssl, ssl, https, has-patch
Cc:

Description

It appears that some server setups (particularly those running suexec on Apache < 2 ) don't populate the $_SERVER['HTTPS'] environment variable, or populate it with '1' instead of 'on'. This means that a site can be running on SSL but is_ssl() returns false.

Patch coming up to add support for differing values of $_SERVER['HTTPS'].

Attachments

8641.diff Download (678 bytes) - added by johnbillion 3 years ago.
Improvements to is_ssl()

Change History

johnbillion3 years ago

Improvements to is_ssl()

comment:1   johnbillion3 years ago

  • Keywords https, has-patch added; https removed

Patch.

is_ssl() now returns true if $_SERVER['HTTPS'] == '1'.

If the $_SERVER['HTTPS'] environment variable is not set, it then checks the port. If $_SERVER['SERVER_PORT'] == '443' then the function returns true.

Several other CMS' detect SSL like this, including Trac and CubeCart.

Tested and confirmed as working on a server where the HTTPS environment variable was not set but the server was running on SSL (port 443).

Left the milestone as 2.8 but could we get this into 2.7.1?

comment:2   ryan3 years ago

  • Status changed from new to closed
  • Resolution set to fixed

(In [10217]) is_ssl() improvements. Props johnbillion. fixes #8641 for trunk

comment:3   ryan3 years ago

  • Milestone changed from 2.8 to 2.7.1

comment:4   ryan3 years ago

(In [10218]) is_ssl() improvements. Props johnbillion. fixes #8641 for 2.7

Note: See TracTickets for help on using tickets.