diff options
author | Angie Byron <webchick@24967.no-reply.drupal.org> | 2009-11-01 23:02:13 +0000 |
---|---|---|
committer | Angie Byron <webchick@24967.no-reply.drupal.org> | 2009-11-01 23:02:13 +0000 |
commit | 14c1c505e0b5915ff85f0698afc209f530fd83fb (patch) | |
tree | fb56f39b8ccf4ea846977b50c07845b5b80cc911 /includes/authorize.inc | |
parent | fedcd1acf0f1ee126febe211e8a1f47c27282956 (diff) | |
download | brdo-14c1c505e0b5915ff85f0698afc209f530fd83fb.tar.gz brdo-14c1c505e0b5915ff85f0698afc209f530fd83fb.tar.bz2 |
#607008 by dww, Gerhard Killesreiter, JacobSingh, and chx: Changed Fix bugs in https support and use https for authorize.php if available.
Diffstat (limited to 'includes/authorize.inc')
-rw-r--r-- | includes/authorize.inc | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/includes/authorize.inc b/includes/authorize.inc index 9cd4dd32f..772481b2d 100644 --- a/includes/authorize.inc +++ b/includes/authorize.inc @@ -10,10 +10,12 @@ * Build the form for choosing a FileTransfer type and supplying credentials. */ function authorize_filetransfer_form($form_state) { - global $base_url; + global $base_url, $is_https; $form = array(); - $form['#action'] = $base_url . '/authorize.php'; + // If possible, we want to post this form securely via https. + $form['#https'] = TRUE; + // CSS we depend on lives in modules/system/maintenance.css, which is loaded // via the default maintenance theme. $form['#attached']['js'][] = $base_url . '/misc/authorize.js'; @@ -26,6 +28,10 @@ function authorize_filetransfer_form($form_state) { $available_backends = $_SESSION['authorize_filetransfer_backends']; uasort($available_backends, 'drupal_sort_weight'); + if (!$is_https) { + drupal_set_message(t('WARNING: You are not using an encrypted connection, so your password will be sent in plain text. <a href="@https-link">Learn more</a>.', array('@https-link' => 'http://drupal.org/https-information')), 'error'); + } + // Decide on a default backend. if (isset($form_state['values']['connection_settings']['authorize_filetransfer_default'])) { $authorize_filetransfer_default = $form_state['values']['connection_settings']['authorize_filetransfer_default']; |