From: Craig Andrews Date: Thu, 21 Oct 2010 00:22:34 +0000 (-0400) Subject: Redirect to https when making an http request for a sensitive action X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=90c87553ee7566593529199374215ae80bb3e209;p=quix0rs-gnu-social.git Redirect to https when making an http request for a sensitive action --- diff --git a/actions/login.php b/actions/login.php index 07c601a4db..103df7ee5a 100644 --- a/actions/login.php +++ b/actions/login.php @@ -62,28 +62,6 @@ class LoginAction extends Action return false; } - /** - * Prepare page to run - * - * - * @param $args - * @return string title - */ - - function prepare($args) - { - parent::prepare($args); - - // @todo this check should really be in index.php for all sensitive actions - $ssl = common_config('site', 'ssl'); - if (empty($_SERVER['HTTPS']) && ($ssl == 'always' || $ssl == 'sometimes')) { - common_redirect(common_local_url('login')); - // exit - } - - return true; - } - /** * Handle input, produce output * diff --git a/actions/register.php b/actions/register.php index 7307bc689b..9b8161e082 100644 --- a/actions/register.php +++ b/actions/register.php @@ -74,13 +74,6 @@ class RegisterAction extends Action parent::prepare($args); $this->code = $this->trimmed('code'); - // @todo this check should really be in index.php for all sensitive actions - $ssl = common_config('site', 'ssl'); - if (empty($_SERVER['HTTPS']) && ($ssl == 'always' || $ssl == 'sometimes')) { - common_redirect(common_local_url('register')); - // exit - } - if (empty($this->code)) { common_ensure_session(); if (array_key_exists('invitecode', $_SESSION)) { diff --git a/index.php b/index.php index 21e222e3b8..5a08aa0782 100644 --- a/index.php +++ b/index.php @@ -283,6 +283,14 @@ function main() return; } + $site_ssl = common_config('site', 'ssl'); + + // If the request is HTTP and it should be HTTPS... + if ($site_ssl != 'never' && !StatusNet::isHTTPS() && common_is_sensitive($args['action'])) { + common_redirect(common_local_url($args['action'], $args)); + return; + } + $args = array_merge($args, $_REQUEST); Event::handle('ArgsInitialize', array(&$args));