[Pmwiki-users] Easily Hackable?
H. Fox
haganfox
Mon Apr 12 15:32:47 CDT 2004
>>> # Force to SSL mode
>>> $ScriptUrl = str_replace('http:','https:',$ScriptUrl,1);
>>> $PubDirUrl = str_replace('http:','https:',$PubDirUrl,1);
>>> if (!@$_SERVER['HTTPS']) { header("Location: $ScriptUrl"); exit(); }
>>
>>That does look better. How about using
>>
>>if (!@$_SERVER['HTTPS']) { header("Location: $ScriptUrl.'/'.$pagename");
>>exit(); }
This should have been:
if (!@$_SERVER['HTTPS']) { header("Location: $ScriptUrl/$pagename");
exit(); }
> You can also do
>
> if (!@$_SERVER['HTTPS']) Redirect($pagename);
>
> which takes advantage of PmWiki's Redirect-to-page function, and provides
> redirects-via-HTML for servers that don't properly process the Location:
> header.
That works, too. Maybe this is the best option then, unless there's a
drawback to using redirects-via-HTML. IIRC HTML redirects can be
disabled in some browser. Would some page contents come through if so?
I tried
if (!@$_SERVER['HTTPS']) { Redirect($pagename); exit(); }
and it works, but maybe the exit(); is redundant.
Hagan
More information about the pmwiki-users
mailing list