diff options
| author | Marc Alexander <admin@m-a-styles.de> | 2016-02-15 21:40:52 +0100 |
|---|---|---|
| committer | Marc Alexander <admin@m-a-styles.de> | 2016-02-15 22:06:25 +0100 |
| commit | accf8f8625ca1c730ee0bb09e1ecc44526c124d3 (patch) | |
| tree | d99ca148a268002187c1637e8762fcdef9e45c21 /phpBB/phpbb | |
| parent | 17e21d5140ccb99363a32bd64c32af6012c1ce97 (diff) | |
| download | forums-accf8f8625ca1c730ee0bb09e1ecc44526c124d3.tar forums-accf8f8625ca1c730ee0bb09e1ecc44526c124d3.tar.gz forums-accf8f8625ca1c730ee0bb09e1ecc44526c124d3.tar.bz2 forums-accf8f8625ca1c730ee0bb09e1ecc44526c124d3.tar.xz forums-accf8f8625ca1c730ee0bb09e1ecc44526c124d3.zip | |
[ticket/14481] Respect HTTP_X_FORWARDED headers for implying https
PHPBB3-14481
Diffstat (limited to 'phpBB/phpbb')
| -rw-r--r-- | phpBB/phpbb/auth/provider/oauth/oauth.php | 8 | ||||
| -rw-r--r-- | phpBB/phpbb/request/request.php | 4 |
2 files changed, 10 insertions, 2 deletions
diff --git a/phpBB/phpbb/auth/provider/oauth/oauth.php b/phpBB/phpbb/auth/provider/oauth/oauth.php index be0fbf5831..9f6345fbba 100644 --- a/phpBB/phpbb/auth/provider/oauth/oauth.php +++ b/phpBB/phpbb/auth/provider/oauth/oauth.php @@ -271,7 +271,13 @@ class oauth extends \phpbb\auth\provider\base } $uri_factory = new \OAuth\Common\Http\Uri\UriFactory(); - $current_uri = $uri_factory->createFromSuperGlobalArray($this->request->get_super_global(\phpbb\request\request_interface::SERVER)); + $super_globals = $this->request->get_super_global(\phpbb\request\request_interface::SERVER); + if (!empty($super_globals['HTTP_X_FORWARDED_PROTO']) && $super_globals['HTTP_X_FORWARDED_PROTO'] === 'https') + { + $super_globals['HTTPS'] = 'on'; + $super_globals['SERVER_PORT'] = 443; + } + $current_uri = $uri_factory->createFromSuperGlobalArray($super_globals); $current_uri->setQuery($query); $this->current_uri = $current_uri; diff --git a/phpBB/phpbb/request/request.php b/phpBB/phpbb/request/request.php index 56ce3999ed..4cac6fbaea 100644 --- a/phpBB/phpbb/request/request.php +++ b/phpBB/phpbb/request/request.php @@ -325,7 +325,9 @@ class request implements \phpbb\request\request_interface */ public function is_secure() { - return $this->server('HTTPS') == 'on'; + $https = $this->server('HTTPS'); + $https = $this->server('HTTP_X_FORWARDED_PROTO') === 'https' ? 'on' : $https; + return !empty($https) && $https !== 'off'; } /** |