Re: [Dave] Buggy redirects still here when using HTTPS :(
Hi Dave it looks like the bug has crept back :(
We hadn't upgraded since 1.28 (where we had patched it ourselves)... but after upgrading to v2.01 the redirects are still not working.
We are running the CMS using SSL on a non-standard port.
We noticed 3 places where the CMS checks if SSL is enabled by checking $_SERVER['https'], instead of checking $_SERVER['
HTTPS'] (lowercase vs uppercase). It must be changed to uppercase for it to mean anything (at least on my standard 5.3.0 PHP install) which the PHP documentation page confirms:
http://ca.php.net/manual/en/reserved.variables.server.phpin the file
lib/common.php on
line 391:
version 2.01:
$proto = (@$_SERVER["https"] == 'on' || @$_SERVER['SERVER_PORT'] == 443) ? "https://" : "http://";
bugfix:
$proto = (@$_SERVER["HTTPS"] == 'on' || @$_SERVER['SERVER_PORT'] == 443) ? "https://" : "http://";
in the file
lib/common.php on
line 623:
version 2.01:
$isHTTPS = @$_SERVER["https"] == 'on' || @$_SERVER['SERVER_PORT'] == 443;
bugfix:
$isHTTPS = @$_SERVER["HTTPS"] == 'on' || @$_SERVER['SERVER_PORT'] == 443;
in the file
lib/viewer_functions.php on
line 1061:
version 2.01:
$isHTTPS = @$_SERVER["https"] == 'on' || @$_SERVER['SERVER_PORT'] == 443;
bugfix:
$isHTTPS = @$_SERVER["HTTPS"] == 'on' || @$_SERVER['SERVER_PORT'] == 443;
The other bug is related (in the thisPageUrl function). It has to do with the fact we are using a non-standard port (eg. 84).
In the file
lib/common.php, the code on
line 392 extracts the current domain name from $_SERVER['HTTP_HOST'] if possible... the problem is that $_SERVER['HTTP_HOST']
sometimes (depending on the PHP install?) includes the port number if it is non-default...
So the next line 393 adds the port a 2nd time resulting in invalid urls like
https://www.example.com:84:84/admin.php instead of
https://www.example.com:84/admin.phpMy suggested fix would be to first check that the port name was not already included in $domain and only add the port if needed. In the file
lib/common.php on
line 393:
version 2.01:
$port = (@$_SERVER['SERVER_PORT'] && @$_SERVER['SERVER_PORT'] != 80) ? ":{$_SERVER['SERVER_PORT']}" : '';
bugfix:
if(preg_match('|:[0-9]+$|', $domain)) {
$port = '';
} else {
$port = (@$_SERVER['SERVER_PORT'] && @$_SERVER['SERVER_PORT'] != 80) ? ":{$_SERVER['SERVER_PORT']}" : '';
}
I'm sorry if this post is long winded, I just genuinely want to get this fixed. I have patched my installation and it is working great.
Thanks!