AS1024/Kanboard-Prod
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix bug HTTPS detection (issue with IIS)

Browse Source
This commit is contained in:
Frédéric Guillot
2014-09-08 16:49:54 +02:00
parent 532ea3b868
commit bc0fa40b24
5 changed files with 29 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
app/Auth/RememberMe.php
View File

@@ -3,6 +3,7 @@
namespace Auth; namespace Auth;
use Core\Security; use Core\Security;
use Core\Tool;
/** /**
* RememberMe model * RememberMe model
@@ -309,7 +310,7 @@ class RememberMe extends Base
$expiration, $expiration,
BASE_URL_DIRECTORY, BASE_URL_DIRECTORY,
null, null,
! empty($_SERVER['HTTPS']), Tool::isHTTPS(),
true true
); );
} }
@@ -342,7 +343,7 @@ class RememberMe extends Base
time() - 3600, time() - 3600,
BASE_URL_DIRECTORY, BASE_URL_DIRECTORY,
null, null,
! empty($_SERVER['HTTPS']), Tool::isHTTPS(),
true true
); );
} }

2
app/Core/Response.php
View File

@@ -246,7 +246,7 @@ class Response
*/ */
public function hsts() public function hsts()
{ {
if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off') { if (Tool::isHTTPS()) {
header('Strict-Transport-Security: max-age=31536000'); header('Strict-Transport-Security: max-age=31536000');
} }
} }

2
app/Core/Session.php
View File

@@ -35,7 +35,7 @@ class Session
self::SESSION_LIFETIME, self::SESSION_LIFETIME,
$base_path ?: '/', $base_path ?: '/',
null, null,
! empty($_SERVER['HTTPS']), Tool::isHTTPS(),
true true
); );

23
app/Core/Tool.php
View File

@@ -32,6 +32,15 @@ class Tool
} }
} }
/**
* Load and register a model
*
* @static
* @access public
* @param Core\Registry $registry DPI container
* @param string $name Model name
* @return mixed
*/
public static function loadModel(Registry $registry, $name) public static function loadModel(Registry $registry, $name)
{ {
if (! isset($registry->$name)) { if (! isset($registry->$name)) {
@@ -41,4 +50,18 @@ class Tool
return $registry->shared($name); return $registry->shared($name);
} }
/**
* Check if the page is requested through HTTPS
*
* Note: IIS return the value 'off' and other web servers an empty value when it's not HTTPS
*
* @static
* @access public
* @return boolean
*/
public static function isHTTPS()
{
return isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== '' && $_SERVER['HTTPS'] !== 'off';
}
} }

2
app/helpers.php
View File

@@ -65,7 +65,7 @@ function markdown($text)
function get_current_base_url() function get_current_base_url()
{ {
$url = isset($_SERVER['HTTPS']) ? 'https://' : 'http://'; $url = \Core\Tool::isHTTPS() ? 'https://' : 'http://';
$url .= $_SERVER['SERVER_NAME']; $url .= $_SERVER['SERVER_NAME'];
$url .= $_SERVER['SERVER_PORT'] == 80 || $_SERVER['SERVER_PORT'] == 443 ? '' : ':'.$_SERVER['SERVER_PORT']; $url .= $_SERVER['SERVER_PORT'] == 80 || $_SERVER['SERVER_PORT'] == 443 ? '' : ':'.$_SERVER['SERVER_PORT'];
$url .= dirname($_SERVER['PHP_SELF']) !== '/' ? dirname($_SERVER['PHP_SELF']).'/' : '/'; $url .= dirname($_SERVER['PHP_SELF']) !== '/' ? dirname($_SERVER['PHP_SELF']).'/' : '/';