Commit 14447663 authored by Hugh Davenport's avatar Hugh Davenport Committed by Gerrit Code Review
Browse files

Merge changes I03d99dbc,Ic4cfe048

* changes:
  Change the https checks to use is_https() (bug #829674)
  Add configuration and init checks for SSL proxies (bug #829674)
parents 2a707107 b8ff08c6
......@@ -742,7 +742,7 @@ class PluginBlocktypeGallery extends PluginBlocktype {
private static function get_supported_external_galleries() {
$smarty = smarty_core();
$smarty->assign('wwwroot', get_config('wwwroot'));
if (stripos(get_config('wwwroot'), 'https') === 0) {
if (is_https() === true) {
$smarty->assign('protocol', 'https');
}
else {
......
......@@ -231,7 +231,7 @@ class PluginBlocktypeGoogleApps extends SystemBlocktype {
private static function get_html_of_supported_googleapps() {
$smarty = smarty_core();
$smarty->assign('lang', substr(get_config('lang'), 0, 2));
if (stripos(get_config('wwwroot'), 'https') === 0) {
if (is_https() === true) {
$smarty->assign('protocol', 'https');
}
else {
......
......@@ -61,6 +61,11 @@ $cfg->dbprefix = '';
// $cfg->wwwroot to use HTTPS.
//$cfg->wwwroot = 'https://myhost.com/mahara/';
// If you are using a proxy to force HTTPS connections, you will need to
// enable the next line. If you have set this to true, ensure your wwwroot
// is a HTTPS address.
//$cfg->sslproxy = true;
// dataroot - uploaded files are stored here
// This is a ABSOLUTE FILESYSTEM PATH. This is NOT a URL.
// For example, valid paths are:
......
......@@ -160,7 +160,7 @@ catch (SQLException $e) {
// Make sure wwwroot is set and available, either in the database or in the
// config file. Cron requires it when sending out forums emails.
if (!isset($CFG->wwwroot) && isset($_SERVER['HTTP_HOST'])) {
$proto = (isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) != 'off') ? 'https://' : 'http://';
$proto = is_https() === true ? 'https://' : 'http://';
$host = (isset($_SERVER['HTTP_X_FORWARDED_HOST'])) ? $_SERVER['HTTP_X_FORWARDED_HOST'] : $_SERVER['HTTP_HOST'];
if (false !== strpos($host, ',')) {
list($host) = explode(',', $host);
......@@ -210,9 +210,14 @@ if (isset($CFG->wwwroot)) {
$CFG->wwwroot .= '/';
}
}
// If we're forcing an ssl proxy, make sure the wwwroot is correct
if ($CFG->sslproxy === true && is_https() === false) {
throw new ConfigSanityException(get_string('wwwrootnothttps', 'error', get_config('wwwroot')));
}
// Make sure that we are using ssl if wwwroot expects us to do so
if (isset($_SERVER['REMOTE_ADDR']) && (!isset($_SERVER['HTTPS']) || strtolower($_SERVER['HTTPS']) == 'off') &&
parse_url($CFG->wwwroot, PHP_URL_SCHEME) === 'https'){
if ($CFG->sslproxy === false && isset($_SERVER['REMOTE_ADDR']) && is_https() === true){
redirect(get_relative_script_path());
}
if (!isset($CFG->noreplyaddress) && isset($_SERVER['HTTP_HOST'])) {
......
......@@ -56,6 +56,9 @@ $string['apcstatoff'] = 'Your server appears to be running APC with apc.stat=0.
If you are on shared hosting, it is likely that there is little you can do to get apc.stat turned on, other than ask your hosting provider. Perhaps you could consider moving to a different host.';
$string['datarootinsidedocroot'] = 'You have set up your data root to be inside your document root. This is a large security problem, as then anyone can directly request session data (in order to hijack other peoples\' sessions), or files that they are not allowed to access that other people have uploaded. Please configure the data root to be outside of the document root.';
$string['datarootnotwritable'] = 'Your defined data root directory, %s, is not writable. This means that neither session data, user files nor anything else that needs to be uploaded can be saved on your server. Please make the directory if it does not exist, or give ownership of the directory to the web server user if it does.';
$string['wwwrootnothttps'] = 'Your defined wwwroot, %s, is not HTTPS. However other settings (such as sslproxy) for your installation require that your wwwroot is a HTTPS address.
Please update your wwwroot setting to be a HTTPS address, or fix the incorrect setting.';
$string['couldnotmakedatadirectories'] = 'For some reason some of the core data directories could not be created. This should not happen, as Mahara previously detected that the dataroot directory was writable. Please check the permissions on the dataroot directory.';
$string['dbconnfailed'] = 'Mahara could not connect to the application database.
......
......@@ -149,7 +149,7 @@ function serve_file($path, $filename, $mimetype, $options=array()) {
}
}
else { // Do not cache files in proxies and browsers
if (strpos(get_config('wwwroot'), 'https://') === 0) { //https sites - watch out for IE! KB812935 and KB316431
if (is_https() === true) { //https sites - watch out for IE! KB812935 and KB316431
header('Cache-Control: max-age=10');
header('Expires: '. gmdate('D, d M Y H:i:s', 0) .' GMT');
header('Pragma: ');
......
......@@ -2232,7 +2232,7 @@ function remote_avatar($email, $size, $notfound) {
}
$baseurl = 'http://www.gravatar.com/avatar/';
if (stripos(get_config('wwwroot'), 'https://') === 0) {
if (is_https() === true) {
$baseurl = 'https://secure.gravatar.com/avatar/';
}
if (get_config('remoteavatarbaseurl')) {
......
......@@ -2543,10 +2543,8 @@ function get_full_script_path() {
}
}
if (isset($_SERVER['HTTPS'])) {
$protocol = ($_SERVER['HTTPS'] == 'on') ? 'https://' : 'http://';
} else if (isset($_SERVER['SERVER_PORT'])) { # Apache2 does not export $_SERVER['HTTPS']
$protocol = ($_SERVER['SERVER_PORT'] == '443') ? 'https://' : 'http://';
if (is_https() === true || (isset($_SERVER['SERVER_PORT']) && $_SERVER['SERVER_PORT'] == '443' )) {
$protocol = 'https://';
} else {
$protocol = 'http://';
}
......@@ -3303,4 +3301,4 @@ function language_select_form() {
));
}
return $languageform;
}
\ No newline at end of file
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment