From 19738e65138f2c83e73e0e8eedf259cd12fdf1c7 Mon Sep 17 00:00:00 2001
From: Enrico Tagliavini <enrico.tagliavini@gmail.com>
Date: Sat, 12 Jul 2014 23:26:45 +0200
Subject: adding X-Forwarded-Proto support in is_ssl()

This commit adds support for X-Forwarded-Proto in case dokuwiki runs
behind a reverse (SSL) proxy, but the connection between the proxy and
the web server running dokuwki is plain HTTP. If an authenticated
user is accidentaly dropped to HTTP from HTTPS the securecookie setting
should be honored and the redirection when saving or canceling a page
edit should point to the correct protocol. This happens every time a
user hits cancel after editing a page, and likely even after saving. If
the webserver doesn't enforce HTTPS the coockie might be sent in clear.
---
 inc/init.php | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

(limited to 'inc/init.php')

diff --git a/inc/init.php b/inc/init.php
index 4ff239787..d825b5250 100644
--- a/inc/init.php
+++ b/inc/init.php
@@ -456,10 +456,6 @@ function getBaseURL($abs=null){
         $port = '';
     }
 
-    if(!$port && isset($_SERVER['SERVER_PORT'])) {
-        $port = $_SERVER['SERVER_PORT'];
-    }
-
     if(is_null($port)){
         $port = '';
     }
@@ -490,6 +486,14 @@ function getBaseURL($abs=null){
  * @returns bool true when SSL is active
  */
 function is_ssl(){
+    // check if we are behind a reverse proxy
+    if (isset($_SERVER['HTTP_X_FORWARDED_PROTO'])) {
+        if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') {
+	    return true;
+	} else {
+	    return false;
+	}
+    }
     if (!isset($_SERVER['HTTPS']) ||
         preg_match('/^(|off|false|disabled)$/i',$_SERVER['HTTPS'])){
         return false;
-- 
cgit v1.2.3