[Pmwiki-users] Easily Hackable?

H. Fox haganfox
Mon Apr 12 15:32:47 CDT 2004


>>>   # Force to SSL mode
>>>   $ScriptUrl = str_replace('http:','https:',$ScriptUrl,1);
>>>   $PubDirUrl = str_replace('http:','https:',$PubDirUrl,1);
>>>   if (!@$_SERVER['HTTPS']) { header("Location: $ScriptUrl"); exit(); }
>>
>>That does look better.  How about using
>>
>>if (!@$_SERVER['HTTPS']) { header("Location: $ScriptUrl.'/'.$pagename"); 
>>exit(); }

This should have been:

if (!@$_SERVER['HTTPS']) { header("Location: $ScriptUrl/$pagename"); 
exit(); }

> You can also do
> 
>   if (!@$_SERVER['HTTPS']) Redirect($pagename);
> 
> which takes advantage of PmWiki's Redirect-to-page function, and provides
> redirects-via-HTML for servers that don't properly process the Location:
> header.

That works, too.  Maybe this is the best option then, unless there's a 
drawback to using redirects-via-HTML.  IIRC HTML redirects can be 
disabled in some browser.  Would some page contents come through if so? 
  I tried

if (!@$_SERVER['HTTPS']) { Redirect($pagename); exit(); }

and it works, but maybe the exit(); is redundant.

Hagan




More information about the pmwiki-users mailing list