[Bug 46511] HTTPS detection is not reliable

[bugzilla-daemon]

https://bugzilla.wikimedia.org/show_bug.cgi?id=46511

--- Comment #16 from Gerrit Notification Bot  ---
Change 132435 had a related patch set uploaded by Reedy:
Fix HTTPS protocol detection

https://gerrit.wikimedia.org/r/132435

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

[Bug 46511] HTTPS detection is not reliable

[bugzilla-daemon]

https://bugzilla.wikimedia.org/show_bug.cgi?id=46511

--- Comment #17 from Gerrit Notification Bot  ---
Change 132435 abandoned by Reedy:
Fix HTTPS protocol detection

https://gerrit.wikimedia.org/r/132435

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

[Bug 46511] HTTPS detection is not reliable

[bugzilla-daemon]

https://bugzilla.wikimedia.org/show_bug.cgi?id=46511

Nemo  changed:

   What|Removed |Added

   Keywords|patch, patch-reviewed   |
 CC||federicol...@tiscali.it
   Assignee|wikibugs-l@lists.wikimedia. |jskar...@redhat.com
   |org |

--- Comment #15 from Nemo  ---
(In reply to Gerrit Notification Bot from comment #13)
> Change 116943 had a related patch set uploaded by Yarda:
> Fix HTTPS protocol detection
> 
> https://gerrit.wikimedia.org/r/116943

Awesome, welcome in gerrit and thanks for your first patch; hopefully the first
of a long series.

(In reply to Jaroslav Škarvada from comment #14)
> I have no idea who to assign the review, the list
> http://www.mediawiki.org/wiki/Developers/Maintainers wasn't helpful, so
> keeping it as unassigned.

Usually we just assign to whoever submits the patch, but then it's a
collaborative effort. I see you already received a review, if after several
days everything is still silent please add more reviewers active on those files
and related and/or poke someone on IRC.

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
___
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

[Bug 46511] HTTPS detection is not reliable

[bugzilla-daemon]

https://bugzilla.wikimedia.org/show_bug.cgi?id=46511

--- Comment #14 from Jaroslav Škarvada  ---
I have no idea who to assign the review, the list
http://www.mediawiki.org/wiki/Developers/Maintainers wasn't helpful, so keeping
it as unassigned.

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
___
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

[Bug 46511] HTTPS detection is not reliable

[bugzilla-daemon]

https://bugzilla.wikimedia.org/show_bug.cgi?id=46511

--- Comment #13 from Gerrit Notification Bot  ---
Change 116943 had a related patch set uploaded by Yarda:
Fix HTTPS protocol detection

https://gerrit.wikimedia.org/r/116943

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
___
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

[Bug 46511] HTTPS detection is not reliable

[bugzilla-daemon]

https://bugzilla.wikimedia.org/show_bug.cgi?id=46511

Gerrit Notification Bot  changed:

   What|Removed |Added

 Status|UNCONFIRMED |PATCH_TO_REVIEW
 Ever confirmed|0   |1

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
___
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

[Bug 46511] HTTPS detection is not reliable

[bugzilla-daemon]

https://bugzilla.wikimedia.org/show_bug.cgi?id=46511

--- Comment #12 from Jaroslav Škarvada  ---
It seems the problem with the Amazon WS load balancer was already resolved in
the GIT, but the issue with the $_SERVER['HTTPS'] seems still to be unresolved.

The problem is that $_SERVER['HTTPS'] == 'on' is used in the MediaWiki for
detections of the HTTPS protocol which is not correct according to PHP
documentation [1], citing:

---
'HTTPS'
Set to a non-empty value if the script was queried through the HTTPS
protocol.

Note: Note that when using ISAPI with IIS, the value will be off if the
request was not made through the HTTPS protocol. 
---

I also saw implementation where it was set to '1' instead of 'on'. So to be in
sync with the PHP documentation I think it should use:
$_SERVER['HTTPS'] != '' && $_SERVER['HTTPS'] != 'off'
instead of:
$_SERVER['HTTPS'] == 'on'

I will post the patch through Gerrit.

[1] http://www.php.net/manual/en/reserved.variables.server.php

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
___
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

[Bug 46511] HTTPS detection is not reliable

[bugzilla-daemon]

https://bugzilla.wikimedia.org/show_bug.cgi?id=46511

--- Comment #11 from Jaroslav Škarvada  ---
(In reply to Andre Klapper from comment #10)
> (In reply to Jaroslav Škarvada from comment #8)
> > Created attachment 11984 [details]
> > Proposed fix for mediawiki-1.20.3
> 
> Hmm, https://git.wikimedia.org/tree/mediawiki%2Fcore.git does not list any
> "php" subfolder in the top level, neither does the 1.19.12 tarball, so it
> cannot be applied and I am not sure which base this patch is against. Can
> you clarify?
> 
I will check the current status and in case the problem is still there I will
refresh the patch.

> (Also, this needs to go into Gerrit nowadays: See
> https://www.mediawiki.org/wiki/Developer_access and
> https://www.mediawiki.org/wiki/Git/Tutorial )
>
OK, thanks for info, I will sign-up for the Gerrit account.

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
___
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

[Bug 46511] HTTPS detection is not reliable

[bugzilla-daemon]

https://bugzilla.wikimedia.org/show_bug.cgi?id=46511

Andre Klapper  changed:

   What|Removed |Added

   Keywords|patch-need-review   |patch-reviewed

--- Comment #10 from Andre Klapper  ---
(In reply to Jaroslav Škarvada from comment #8)
> Created attachment 11984 [details]
> Proposed fix for mediawiki-1.20.3

Hmm, https://git.wikimedia.org/tree/mediawiki%2Fcore.git does not list any
"php" subfolder in the top level, neither does the 1.19.12 tarball, so it
cannot be applied and I am not sure which base this patch is against. Can you
clarify?

(Also, this needs to go into Gerrit nowadays: See
https://www.mediawiki.org/wiki/Developer_access and
https://www.mediawiki.org/wiki/Git/Tutorial )

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
___
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

[Bug 46511] HTTPS detection is not reliable

[bugzilla-daemon]

https://bugzilla.wikimedia.org/show_bug.cgi?id=46511

Andre Klapper  changed:

   What|Removed |Added

   Priority|Unprioritized   |Normal
 CC||platoni...@gmail.com
Version|unspecified |1.21-git

--- Comment #9 from Andre Klapper  ---
Platonides: Wondering if you'd be interested in this / could comment, as per
bug 28798 comment 10 but maybe I'm wrong.

Anybody could put the patch into Gerrit so we can get it in. See
  https://www.mediawiki.org/wiki/Developer_accessand
  https://www.mediawiki.org/wiki/Git/Tutorial

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
___
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

[Bug 46511] HTTPS detection is not reliable

[bugzilla-daemon]

https://bugzilla.wikimedia.org/show_bug.cgi?id=46511

--- Comment #8 from Jaroslav Škarvada  ---
Created attachment 11984
  --> https://bugzilla.wikimedia.org/attachment.cgi?id=11984&action=edit
Proposed fix for mediawiki-1.20.3

This resolves the problem for me.

- Fixed HTTPS check to be according to PHP docs.
- Added port 80 as another default port for HTTPS (TLS)

Reproducer:
- hosted mediawiki-1.20.3 on Openshift
- accessed the user preferences through TLS, changed anything and clicked save

Result without patch:
Warning, that the data will be sent unencrypted, if HTTPS is enforced through
the Apache rewrite rule, nothing get saved

Result with patch:
No warning, data get saved

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
___
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

[Bug 46511] HTTPS detection is not reliable

[bugzilla-daemon]

https://bugzilla.wikimedia.org/show_bug.cgi?id=46511

--- Comment #7 from Jaroslav Škarvada  ---
(In reply to comment #6)
> starting from line 1560,
Actually line 156.

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
___
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

[Bug 46511] HTTPS detection is not reliable

[bugzilla-daemon]

https://bugzilla.wikimedia.org/show_bug.cgi?id=46511

Jaroslav Škarvada  changed:

   What|Removed |Added

Version|1.16.x  |unspecified

--- Comment #6 from Jaroslav Škarvada  ---
(In reply to comment #5)
> Hi Jaroslav! Thanks for your patch, but unfortunately 1.16 is not maintained
> anymore. Could you provide a hint (line number) where to see the same problem
> in 1.20.3, if possible?

It seems to be in the includes/WebRequest.php (starting from line 1560,
functions detectServer() and detectProtocolAndStdPort(). I will try to provide
the patch (I need to get it into cloud first to check whether the fix really
works there).

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
___
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

[Bug 46511] HTTPS detection is not reliable

[bugzilla-daemon]

https://bugzilla.wikimedia.org/show_bug.cgi?id=46511

Andre Klapper  changed:

   What|Removed |Added

   Keywords||patch, patch-need-review
 CC||aklap...@wikimedia.org
Version|unspecified |1.16.x

--- Comment #5 from Andre Klapper  ---
Hi Jaroslav! Thanks for your patch, but unfortunately 1.16 is not maintained
anymore. Could you provide a hint (line number) where to see the same problem
in 1.20.3, if possible?

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
___
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

[Bug 46511] HTTPS detection is not reliable

[bugzilla-daemon]

https://bugzilla.wikimedia.org/show_bug.cgi?id=46511

--- Comment #4 from Jaroslav Škarvada  ---
Maybe the relative URLs could be used.

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
___
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

[Bug 46511] HTTPS detection is not reliable

[bugzilla-daemon]

https://bugzilla.wikimedia.org/show_bug.cgi?id=46511

--- Comment #3 from Jaroslav Škarvada  ---
(In reply to comment #2)
> (In reply to comment #1)
> > Created attachment 11983 [details]
> > Proposed fix for mediawiki-1.16
> > 
> Maybe the check should be against '' and not 'off' to be according to the PHP
> docs.

ISAPI with IIS uses 'off', so probably the following could be OK:

$wgProto = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != '' &&
$_SERVER['HTTPS'] != 'off') ? 'https' : 'http';

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
___
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

[Bug 46511] HTTPS detection is not reliable

[bugzilla-daemon]

https://bugzilla.wikimedia.org/show_bug.cgi?id=46511

--- Comment #2 from Jaroslav Škarvada  ---
(In reply to comment #1)
> Created attachment 11983 [details]
> Proposed fix for mediawiki-1.16
> 
Maybe the check should be against '' and not 'off' to be according to the PHP
docs.

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
___
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

[Bug 46511] HTTPS detection is not reliable

[bugzilla-daemon]

https://bugzilla.wikimedia.org/show_bug.cgi?id=46511

--- Comment #1 from Jaroslav Škarvada  ---
Created attachment 11983
  --> https://bugzilla.wikimedia.org/attachment.cgi?id=11983&action=edit
Proposed fix for mediawiki-1.16

The latest trunk has the code refactored into functions, but the principle
should be the same.

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
___
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l