[MediaWiki-commits] [Gerrit] Do not redirect to HTTPS when it's not supported - change (mediawiki/core)

Tue, 31 May 2016 10:40:05 -0700 

jenkins-bot has submitted this change and it was merged.

Change subject: Do not redirect to HTTPS when it's not supported
......................................................................


Do not redirect to HTTPS when it's not supported

Most URL generation happens via wfExpandUrl, which honors $wgServer
(or whatever setting it is told to use): if it has an explicit
protcol, that is always used; if it is a protocol-relative URL,
the protocol is selected based on the parameters given to wfExpandUrl.

One exception is MediaWiki::main() which always uses HTTPS if the
relevant cookie or user option is set, even if the wiki does not
support it. That can lead to annoying problems on Vagrant where it
is not unusual to turn HTTPS support on and off: when that happens,
the user can get locked out of the account.

Change-Id: I06982a26cd808f2aaa26753cd3353ed82473d9e0
---
M includes/MediaWiki.php
1 file changed, 2 insertions(+), 0 deletions(-)

Approvals:
  Anomie: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/includes/MediaWiki.php b/includes/MediaWiki.php
index ff469e4..8f93778 100644
--- a/includes/MediaWiki.php
+++ b/includes/MediaWiki.php
@@ -680,6 +680,8 @@
                // isLoggedIn() will do all sorts of weird stuff.
                if (
                        $request->getProtocol() == 'http' &&
+                       // switch to HTTPS only when supported by the server
+                       preg_match( '#^https://#', wfExpandUrl( 
$request->getRequestURL(), PROTO_HTTPS ) ) &&
                        (
                                $request->getSession()->shouldForceHTTPS() ||
                                // Check the cookie manually, for paranoia

-- 
To view, visit https://gerrit.wikimedia.org/r/291002
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I06982a26cd808f2aaa26753cd3353ed82473d9e0
Gerrit-PatchSet: 3
Gerrit-Project: mediawiki/core
Gerrit-Branch: master
Gerrit-Owner: GergÅ‘ Tisza <[email protected]>
Gerrit-Reviewer: Anomie <[email protected]>
Gerrit-Reviewer: BryanDavis <[email protected]>
Gerrit-Reviewer: CSteipp <[email protected]>
Gerrit-Reviewer: GergÅ‘ Tisza <[email protected]>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to