From accf8f8625ca1c730ee0bb09e1ecc44526c124d3 Mon Sep 17 00:00:00 2001
From: Marc Alexander <admin@m-a-styles.de>
Date: Mon, 15 Feb 2016 21:40:52 +0100
Subject: [ticket/14481] Respect HTTP_X_FORWARDED headers for implying https

PHPBB3-14481
---
 phpBB/common.php | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'phpBB/common.php')

diff --git a/phpBB/common.php b/phpBB/common.php
index 0782bd7321..71d501e926 100644
--- a/phpBB/common.php
+++ b/phpBB/common.php
@@ -38,7 +38,13 @@ if (!defined('PHPBB_INSTALLED'))
 	// available as used by the redirect function
 	$server_name = (!empty($_SERVER['HTTP_HOST'])) ? strtolower($_SERVER['HTTP_HOST']) : ((!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME'));
 	$server_port = (!empty($_SERVER['SERVER_PORT'])) ? (int) $_SERVER['SERVER_PORT'] : (int) getenv('SERVER_PORT');
-	$secure = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? 1 : 0;
+	$secure = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') ? 1 : 0;
+
+	if (!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https')
+	{
+		$secure = 1;
+		$server_port = 443;
+	}
 
 	$script_name = (!empty($_SERVER['PHP_SELF'])) ? $_SERVER['PHP_SELF'] : getenv('PHP_SELF');
 	if (!$script_name)
-- 
cgit v1.2.1