diff options
| author | Tristan Darricau <tristan.darricau@sensiolabs.com> | 2016-03-27 12:56:03 +0200 |
|---|---|---|
| committer | Tristan Darricau <tristan.darricau@sensiolabs.com> | 2016-03-27 12:56:03 +0200 |
| commit | 5442a2596718ea2ce81dfa31c44549f62311cd47 (patch) | |
| tree | 43d3ba6aba4298e155b2926d5133fb213d3ef846 /phpBB/common.php | |
| parent | 50737da051bc949b71aa7516dda8bebbfe61c73c (diff) | |
| parent | f22bd4e511697bedb76c1909148753b3581adb1f (diff) | |
| download | forums-5442a2596718ea2ce81dfa31c44549f62311cd47.tar forums-5442a2596718ea2ce81dfa31c44549f62311cd47.tar.gz forums-5442a2596718ea2ce81dfa31c44549f62311cd47.tar.bz2 forums-5442a2596718ea2ce81dfa31c44549f62311cd47.tar.xz forums-5442a2596718ea2ce81dfa31c44549f62311cd47.zip | |
Merge pull request #4182 from marc1706/ticket/14481
[ticket/14481] Respect HTTP_X_FORWARDED headers for implying https
* marc1706/ticket/14481:
[ticket/14481] Add tests for x_forwarded_proto header
[ticket/14481] Use port 443 if https is specified in x-forwarded-proto
[ticket/14481] Respect HTTP_X_FORWARDED headers for implying https
Diffstat (limited to 'phpBB/common.php')
| -rw-r--r-- | phpBB/common.php | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/phpBB/common.php b/phpBB/common.php index 0782bd7321..71d501e926 100644 --- a/phpBB/common.php +++ b/phpBB/common.php @@ -38,7 +38,13 @@ if (!defined('PHPBB_INSTALLED')) // available as used by the redirect function $server_name = (!empty($_SERVER['HTTP_HOST'])) ? strtolower($_SERVER['HTTP_HOST']) : ((!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME')); $server_port = (!empty($_SERVER['SERVER_PORT'])) ? (int) $_SERVER['SERVER_PORT'] : (int) getenv('SERVER_PORT'); - $secure = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? 1 : 0; + $secure = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') ? 1 : 0; + + if (!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') + { + $secure = 1; + $server_port = 443; + } $script_name = (!empty($_SERVER['PHP_SELF'])) ? $_SERVER['PHP_SELF'] : getenv('PHP_SELF'); if (!$script_name) |