Opened 4 years ago

Closed 4 years ago

Last modified 4 years ago

#8641 closed enhancement (fixed)

Improvements to is_ssl()

Reported by: johnbillion Owned by: johnbillion
Priority: normal Milestone: 2.7.1
Component: Security Version: 2.7
Severity: normal Keywords: is_ssl, ssl, https, has-patch
Cc:

Description

It appears that some server setups (particularly those running suexec on Apache < 2 ) don't populate the $_SERVER['HTTPS'] environment variable, or populate it with '1' instead of 'on'. This means that a site can be running on SSL but is_ssl() returns false.

Patch coming up to add support for differing values of $_SERVER['HTTPS'].

Attachments (1)

8641.diff (678 bytes) - added by johnbillion 4 years ago.
Improvements to is_ssl()

Download all attachments as: .zip

Change History (5)

johnbillion4 years ago

Improvements to is_ssl()

comment:1   johnbillion4 years ago

  • Keywords has-patch added

Patch.

is_ssl() now returns true if $_SERVER['HTTPS'] == '1'.

If the $_SERVER['HTTPS'] environment variable is not set, it then checks the port. If $_SERVER['SERVER_PORT'] == '443' then the function returns true.

Several other CMS' detect SSL like this, including Trac and CubeCart.

Tested and confirmed as working on a server where the HTTPS environment variable was not set but the server was running on SSL (port 443).

Left the milestone as 2.8 but could we get this into 2.7.1?

comment:2   ryan4 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [10217]) is_ssl() improvements. Props johnbillion. fixes #8641 for trunk

comment:3   ryan4 years ago

  • Milestone changed from 2.8 to 2.7.1

comment:4   ryan4 years ago

(In [10218]) is_ssl() improvements. Props johnbillion. fixes #8641 for 2.7

Note: See TracTickets for help on using tickets.