#8641 closed enhancement (fixed)
Improvements to is_ssl()
Reported by: | johnbillion | Owned by: | johnbillion |
---|---|---|---|
Milestone: | 2.7.1 | Priority: | normal |
Severity: | normal | Version: | 2.7 |
Component: | Security | Keywords: | is_ssl, ssl, https, has-patch |
Focuses: | Cc: |
Description
It appears that some server setups (particularly those running suexec on Apache < 2 ) don't populate the $_SERVER['HTTPS']
environment variable, or populate it with '1' instead of 'on'. This means that a site can be running on SSL but is_ssl()
returns false.
Patch coming up to add support for differing values of $_SERVER['HTTPS']
.
Attachments (1)
Change History (5)
#1
@
16 years ago
- Keywords has-patch added
Patch.
is_ssl()
now returns true if $_SERVER['HTTPS'] == '1'
.
If the $_SERVER['HTTPS']
environment variable is not set, it then checks the port. If $_SERVER['SERVER_PORT'] == '443'
then the function returns true.
Several other CMS' detect SSL like this, including Trac and CubeCart.
Tested and confirmed as working on a server where the HTTPS environment variable was not set but the server was running on SSL (port 443).
Left the milestone as 2.8 but could we get this into 2.7.1?
Improvements to is_ssl()