From: Gergő Tisza <gtisza@wikimedia.org>
Date: Thu, 26 May 2016 18:04:02 +0000 (+0000)
Subject: Do not redirect to HTTPS when it's not supported
X-Git-Tag: 1.31.0-rc.0~6755^2
X-Git-Url: http://git.cyclocoop.org/%24image?a=commitdiff_plain;h=69f52123bb71d089e81c8e5427806450c201a35c;p=lhc%2Fweb%2Fwiklou.git

Do not redirect to HTTPS when it's not supported

Most URL generation happens via wfExpandUrl, which honors $wgServer
(or whatever setting it is told to use): if it has an explicit
protcol, that is always used; if it is a protocol-relative URL,
the protocol is selected based on the parameters given to wfExpandUrl.

One exception is MediaWiki::main() which always uses HTTPS if the
relevant cookie or user option is set, even if the wiki does not
support it. That can lead to annoying problems on Vagrant where it
is not unusual to turn HTTPS support on and off: when that happens,
the user can get locked out of the account.

Change-Id: I06982a26cd808f2aaa26753cd3353ed82473d9e0
---

diff --git a/includes/MediaWiki.php b/includes/MediaWiki.php
index ff469e4e39..8f93778e23 100644
--- a/includes/MediaWiki.php
+++ b/includes/MediaWiki.php
@@ -680,6 +680,8 @@ class MediaWiki {
 		// isLoggedIn() will do all sorts of weird stuff.
 		if (
 			$request->getProtocol() == 'http' &&
+			// switch to HTTPS only when supported by the server
+			preg_match( '#^https://#', wfExpandUrl( $request->getRequestURL(), PROTO_HTTPS ) ) &&
 			(
 				$request->getSession()->shouldForceHTTPS() ||
 				// Check the cookie manually, for paranoia