From 14c1c505e0b5915ff85f0698afc209f530fd83fb Mon Sep 17 00:00:00 2001 From: Angie Byron Date: Sun, 1 Nov 2009 23:02:13 +0000 Subject: #607008 by dww, Gerhard Killesreiter, JacobSingh, and chx: Changed Fix bugs in https support and use https for authorize.php if available. --- includes/authorize.inc | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'includes/authorize.inc') diff --git a/includes/authorize.inc b/includes/authorize.inc index 9cd4dd32f..772481b2d 100644 --- a/includes/authorize.inc +++ b/includes/authorize.inc @@ -10,10 +10,12 @@ * Build the form for choosing a FileTransfer type and supplying credentials. */ function authorize_filetransfer_form($form_state) { - global $base_url; + global $base_url, $is_https; $form = array(); - $form['#action'] = $base_url . '/authorize.php'; + // If possible, we want to post this form securely via https. + $form['#https'] = TRUE; + // CSS we depend on lives in modules/system/maintenance.css, which is loaded // via the default maintenance theme. $form['#attached']['js'][] = $base_url . '/misc/authorize.js'; @@ -26,6 +28,10 @@ function authorize_filetransfer_form($form_state) { $available_backends = $_SESSION['authorize_filetransfer_backends']; uasort($available_backends, 'drupal_sort_weight'); + if (!$is_https) { + drupal_set_message(t('WARNING: You are not using an encrypted connection, so your password will be sent in plain text. Learn more.', array('@https-link' => 'http://drupal.org/https-information')), 'error'); + } + // Decide on a default backend. if (isset($form_state['values']['connection_settings']['authorize_filetransfer_default'])) { $authorize_filetransfer_default = $form_state['values']['connection_settings']['authorize_filetransfer_default']; -- cgit v1.2.3