Patch: support force_login_ssl properly

OCS development discussion, enhancement requests, third-party patches and plug-ins.

Moderators: jmacgreg, michael

Forum rules
The Public Knowledge Project Support Forum is moving to http://forum.pkp.sfu.ca

This forum will be maintained permanently as an archived historical resource, but all new questions should be added to the new forum. Questions will no longer be monitored on this old forum after March 30, 2015.
derekp
Posts: 16
Joined: Wed Oct 10, 2007 12:45 am
Location: University of British Columbia
Contact:

Patch: support force_login_ssl properly

Postby derekp » Wed Mar 19, 2008 3:33 pm

This patch fixes the Request::url(...) function to generate HTTPS URLs where required. Without this patch, resources (the login controller in particular) are not adequately protected by SSL. With force_login_ssl=On in config.inc.php, users would transmit their credentials over plaintext HTTP before being redirected to HTTPS.

This is not an elegant patch, since it hard-codes special cases into a generic function, but it is an effective solution.

Code: Select all

--- ocs-2.0.0-1/classes/core/Request.inc.php.forcessl   2007-04-10 13:45:06.000000000 -0700
+++ ocs-2.0.0-1/classes/core/Request.inc.php    2008-03-18 11:48:55.793930000 -0700
@@ -715,5 +715,10 @@
                }

-               return ((empty($overriddenBaseUrl)?Request::getIndexUrl():$overriddenBaseUrl) . $baseParams . $pathString . $additionalParams . $anchor);
+               $url = ((empty($overriddenBaseUrl)?Request::getIndexUrl():$overriddenBaseUrl) . $baseParams . $pathString . $additionalParams . $anchor);
+               if ( ($page == 'login' && $op == 'signIn' && Config::getVar('security', 'force_login_ssl')) ||
+                    Config::getVar('security', 'force_ssl') ) {
+                       $url = preg_replace('/^http:/', 'https:', $url);
+               }
+               return $url;
        }
 }

Return to “OCS Development”

Who is online

Users browsing this forum: No registered users and 1 guest