[pmwiki-users] "Bug" when installing to a secure server?
HaganFox
haganfox at users.sourceforge.net
Thu Dec 21 20:36:53 CST 2006
<christian.ridderstrom <at> gmail.com> writes:
> On Wed, 20 Dec 2006, Patrick R. Michaud wrote:
[...]
> >> I think you may rely on the HTTPS environment variable.
> >
> > Hmm. It's annoying that none of the Apache/mod_ssl docs
> > actually say what value the HTTPS environment variable will
> > be set to when running via a secure connection.
> >
> > But based on the phpinfo you've given above I guess we'll
> > just assume 'https:' whenever $_SERVER['HTTPS'] is 'on', and
> > 'http:' otherwise.
I looked into this quite a bit when I wrote the SwitchToSSLMode recipe[1] and
decided that "whenever $_SERVER['HTTPS'] is 'on'" is a fairly reliable test.
I think these are accurate:
if ($_SERVER['HTTPS'] == 'on') { # definitely SSL }
if (!isset($_SERVER['HTTPS'])) { # definitely not SSL }
if ($_SERVER['HTTPS'] == 'off') { # definitely not SSL }
if ($_SERVER['SERVER_PORT'] == '443') { # extremely likely SSL }
if ($_SERVER['SERVER_PORT'] == '80') { # very likely not SSL }
> I just checked using
>
> echo "HTTPS: '". $_SERVER['HTTPS'] ."'";
>
> On my secure installation the result was 'on', and on a public I just got
> what I think is an empty string, i.e. ''.
That's good feedback. Just to be sure I understand, the public server is also
HTTPS, correct?
Assuming so, I suspect
if (@$_SERVER['HTTPS'] == 'on'
|| @$_SERVER['SERVER_PORT'] == '443') { # ... }
would work on both of those servers. I think it would virtually never detect
HTTPS in error, except if a server is using port 443 and not HTTPS. I don't
think that's likely to happen, and even if it does the wiki administrator can
always set $ScriptUrl explicitly.
Hagan
[1] http://www.pmwiki.org/wiki/Cookbook/SwitchToSSLMode
More information about the pmwiki-users
mailing list