[pmwiki-users] V2 SSL Mode? (was Unable to save...)
Stirling Westrup
sti at pooq.com
Thu Nov 16 23:42:42 CST 2006
H. Fox wrote:
> On 11/16/06, H. Fox <haganfox at users.sourceforge.net> wrote:
> I reworked the code that switches to SSL only to avoid sending
> passwords in the clear. How's this?
>
> ## Switch to SSL mode to avoid sending passwords in the clear.
> if($action=='login'
> || $action=='edit'
> || $action=='post'
> || $action=='postattr'
> || $action=='attr'
> || $action=='upload'
> || $action=='loginadmin')
> {
> $ScriptUrl = 'https://www.example.com/path-to-wiki';
> $PubDirUrl = 'https://www.example.com/path-to-wiki/pub';
>
> if (!$_SERVER['HTTPS'] == 'on')
> {
> # Copy all GET request parameters and avoid
> # a problem with empty filename on upload page.
> $getparms = array();
> reset($_GET);
> while(list($name,$value) = each($_GET))
> if(!empty($value))
> $getparms[$name] = $name."=".urlencode($value);
> Redirect($pagename,'$PageUrl?'.implode("?",$getparms));
> }
> } else {
> $ScriptUrl = 'http://www.example.com/path-to-wiki';
> $PubDirUrl = 'http://www.example.com/path-to-wiki/pub';
> }
>
It would be better if the action list was handled in a way such that folks
using recipes that create new actions can adapt it. Something like this:
SDVA($SSLActions,array(
'login', 'edit', 'post', 'postattr', 'attr', 'upload', 'loginadmin'));
## Switch to SSL mode to avoid sending passwords in the clear.
if( in_array($action,$SSLActions) )
{
$ScriptUrl = 'https://www.example.com/path-to-wiki';
$PubDirUrl = 'https://www.example.com/path-to-wiki/pub';
...
More information about the pmwiki-users
mailing list