[pmwiki-users] V2 SSL Mode? (was Unable to save...)

[H. Fox]

On 11/16/06, Stirling Westrup <sti at pooq.com> wrote:
[...]
> It would be better if the action list was handled in a way such that folks
> using recipes that create new actions can adapt it. Something like this:
>
> SDVA($SSLActions,array(
>   'login', 'edit', 'post', 'postattr', 'attr', 'upload', 'loginadmin'));
>
> ## Switch to SSL mode to avoid sending passwords in the clear.
> if( in_array($action,$SSLActions) )
> {
>   $ScriptUrl = 'https://www.example.com/path-to-wiki';
>   $PubDirUrl = 'https://www.example.com/path-to-wiki/pub';
> ...

Seems reasonable to make it sorter, except why use SDVA() in
config.php?  (This doesn't seem like a recipe that should be a script
in cookbook/ directory.)

Note that the in_array() function has a bad reputation for
performance, although I don't think it's a problem when there are just
a few items in the array.  Maybe it would be better to avoid that
function...

[later...]

OK, how about this.  It also avoids adding the page name parameter
(n=), since that's added by pmwiki and it doesn't need to be there
twice.


## Switch to SSL mode when password would be sent in the clear.
$SSLActions = array(
  '1'=>'login', 'edit', 'post', 'postattr', 'attr', 'upload', 'loginadmin');
$SSLActions = array_flip($SSLActions);
if ($SSLActions[$action])
{
  $ScriptUrl = 'https://www.example.com/path-to-wiki';
  $PubDirUrl = 'https://www.example.com/path-to-wiki/pub';

  if (!$_SERVER['HTTPS'] == 'on')
  {
    # Copy all GET request parameters and avoid
    # a problem with empty filename on upload page.
    $getparms = array();
    reset($_GET);
    while(list($name,$value) = each($_GET))
      if(!empty($value) && $name != 'n')
        $getparms[$name] = $name."=".urlencode($value);
    Redirect($pagename,'$PageUrl?'.implode("?",$getparms));
  }
} else {
  $ScriptUrl = 'http://www.example.com/path-to-wiki';
  $PubDirUrl = 'http://www.example.com/path-to-wiki/pub';
}


Hagan