diff options
| author | Meik Sievertsen <acydburn@phpbb.com> | 2006-07-05 15:48:43 +0000 |
|---|---|---|
| committer | Meik Sievertsen <acydburn@phpbb.com> | 2006-07-05 15:48:43 +0000 |
| commit | 00508798251f0ebd897b94b360b7426846dab840 (patch) | |
| tree | 65ddfc9c2966ff5ddf8c4af409427d5a089a87d4 | |
| parent | bfb26c8a4afed016042e45ac909a8b5cc1f5a6fd (diff) | |
| download | forums-00508798251f0ebd897b94b360b7426846dab840.tar forums-00508798251f0ebd897b94b360b7426846dab840.tar.gz forums-00508798251f0ebd897b94b360b7426846dab840.tar.bz2 forums-00508798251f0ebd897b94b360b7426846dab840.tar.xz forums-00508798251f0ebd897b94b360b7426846dab840.zip | |
re-check cookie_secure value within generate_board_url() for those users having it enabled but not running on a SSL connection (which of course results in server errors). This should (hopefully) further minimize support requests. ;)
Thanks again to aninhill for giving me full access to his board to be able to spot this error.
git-svn-id: file:///svn/phpbb/trunk@6147 89ea8834-ac86-4346-8a33-228a782c2dd0
| -rw-r--r-- | phpBB/includes/functions.php | 8 | ||||
| -rw-r--r-- | phpBB/language/en/acp/board.php | 2 |
2 files changed, 7 insertions, 3 deletions
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 86f002d14e..4185837917 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -1165,8 +1165,6 @@ function generate_board_url($without_script_path = false) $server_name = (!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME'); $server_port = (!empty($_SERVER['SERVER_PORT'])) ? (int) $_SERVER['SERVER_PORT'] : (int) getenv('SERVER_PORT'); - $url = (($config['cookie_secure']) ? 'https://' : 'http://') . $server_name; - // Forcing server vars is the only way to specify/override the protocol if ($config['force_server_vars'] || !$server_name) { @@ -1176,6 +1174,12 @@ function generate_board_url($without_script_path = false) $url = $server_protocol . $server_name; } + else + { + // Do not rely on cookie_secure, users seem to think that it means a secured cookie instead of an encrypted connection + $cookie_secure = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? 1 : 0; + $url = (($cookie_secure) ? 'https://' : 'http://') . $server_name; + } if ($server_port && (($config['cookie_secure'] && $server_port <> 443) || (!$config['cookie_secure'] && $server_port <> 80))) { diff --git a/phpBB/language/en/acp/board.php b/phpBB/language/en/acp/board.php index bb467bad50..f3d0d94895 100644 --- a/phpBB/language/en/acp/board.php +++ b/phpBB/language/en/acp/board.php @@ -246,7 +246,7 @@ $lang = array_merge($lang, array( 'COOKIE_NAME' => 'Cookie name', 'COOKIE_PATH' => 'Cookie path', 'COOKIE_SECURE' => 'Cookie secure', - 'COOKIE_SECURE_EXPLAIN' => 'If your server is running via SSL set this to enabled else leave as disabled', + 'COOKIE_SECURE_EXPLAIN' => 'If your server is running via SSL set this to enabled else leave as disabled. Having this enabled and not running via SSL will result in server errors during redirects.', 'ONLINE_LENGTH' => 'View online time span', 'ONLINE_LENGTH_EXPLAIN' => 'Time in minutes after which inactive users will not appear in viewonline listings, lower equals less processing.', 'SESSION_LENGTH' => 'Session length', |