implement SSL redirection policy (none, full, selfsign)

diff --git a/boot.php b/boot.php
index 223c9416d1c62d4e07dd78ee8d245efbd08d2dc7..83ceaac280c319c026025fda9634170322929778 100644 (file)
--- a/boot.php
+++ b/boot.php
@@ -10,6 +10,16 @@ define ( 'EOL',                    "<br />\r\n"     );
 define ( 'ATOM_TIME',              'Y-m-d\TH:i:s\Z' );
 define ( 'DOWN_ARROW',             '&#x21e9;'       );
          
+
+/**
+ * SSL redirection policies
+ */
+
+define ( 'SSL_POLICY_NONE',         0 );
+define ( 'SSL_POLICY_FULL',         1 );
+define ( 'SSL_POLICY_SELFSIGN'      2 );
+
+
 /**
  * log levels
  */
@@ -273,7 +283,14 @@ class App {
                if(strlen($this->baseurl))
                        return $this->baseurl;
 
-               $this->baseurl = (($ssl) ? 'https' : $this->scheme) . "://" . $this->hostname . ((isset($this->path) && strlen($this->path)) ? '/' . $this->path : '' );
+               $scheme = $this->scheme;
+
+               if(($ssl) || ($a->config['ssl_policy'] == SSL_POLICY_FULL)) 
+                       $scheme = 'https';
+               if(($a->config['ssl_policy'] == SSL_POLICY_SELFSIGN) && (local_user() || x($_POST,'auth-params')))
+                       $scheme = 'https';
+
+               $this->baseurl = ( $scheme . "://" . $this->hostname . ((isset($this->path) && strlen($this->path)) ? '/' . $this->path : '' );
                return $this->baseurl;
        }