Redirect to https when making an http request for a sensitive action

This commit is contained in:
Craig Andrews 2010-10-20 20:22:34 -04:00
parent 3593f3f132
commit 90c87553ee
3 changed files with 8 additions and 29 deletions

View File

@ -62,28 +62,6 @@ class LoginAction extends Action
return false; return false;
} }
/**
* Prepare page to run
*
*
* @param $args
* @return string title
*/
function prepare($args)
{
parent::prepare($args);
// @todo this check should really be in index.php for all sensitive actions
$ssl = common_config('site', 'ssl');
if (empty($_SERVER['HTTPS']) && ($ssl == 'always' || $ssl == 'sometimes')) {
common_redirect(common_local_url('login'));
// exit
}
return true;
}
/** /**
* Handle input, produce output * Handle input, produce output
* *

View File

@ -74,13 +74,6 @@ class RegisterAction extends Action
parent::prepare($args); parent::prepare($args);
$this->code = $this->trimmed('code'); $this->code = $this->trimmed('code');
// @todo this check should really be in index.php for all sensitive actions
$ssl = common_config('site', 'ssl');
if (empty($_SERVER['HTTPS']) && ($ssl == 'always' || $ssl == 'sometimes')) {
common_redirect(common_local_url('register'));
// exit
}
if (empty($this->code)) { if (empty($this->code)) {
common_ensure_session(); common_ensure_session();
if (array_key_exists('invitecode', $_SESSION)) { if (array_key_exists('invitecode', $_SESSION)) {

View File

@ -283,6 +283,14 @@ function main()
return; return;
} }
$site_ssl = common_config('site', 'ssl');
// If the request is HTTP and it should be HTTPS...
if ($site_ssl != 'never' && !StatusNet::isHTTPS() && common_is_sensitive($args['action'])) {
common_redirect(common_local_url($args['action'], $args));
return;
}
$args = array_merge($args, $_REQUEST); $args = array_merge($args, $_REQUEST);
Event::handle('ArgsInitialize', array(&$args)); Event::handle('ArgsInitialize', array(&$args));