From 89a5f17463dba70cbb9d5b9edbf797af965317e1 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Jaroslav=20=C5=A0karvada?= <jskarvad@redhat.com>
Date: Wed, 5 Mar 2014 12:03:17 +0100
Subject: [PATCH] Fix HTTPS protocol detection

According to PHP documentation:
http://www.php.net/manual/en/reserved.variables.server.php
The $_SERVER['HTTPS'] is set to a non-empty value if the script was queried
through the HTTPS protocol. There is also note that for ISAPI with IIS, the
value is set to 'off' if the request was not made through the HTTPS protocol.

To follow the PHP documentation the $_SERVER['HTTPS'] == 'on' doesn't seem
to be the correct way how to detect the HTTPS protocol (there maybe e.g. '1'
instead of 'on').

Bug: 46511
Change-Id: I5675fed9b7d54711b96b25702181112ef3692f3c
---
 includes/WebRequest.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/includes/WebRequest.php b/includes/WebRequest.php
index e931f286a4..f86a45494e 100644
--- a/includes/WebRequest.php
+++ b/includes/WebRequest.php
@@ -207,9 +207,9 @@ class WebRequest {
 	 * @return array
 	 */
 	public static function detectProtocol() {
-		if ( ( isset( $_SERVER['HTTPS'] ) && $_SERVER['HTTPS'] == 'on' ) ||
+		if ( ( !empty( $_SERVER['HTTPS'] ) && $_SERVER['HTTPS'] !== 'off' ) ||
 			( isset( $_SERVER['HTTP_X_FORWARDED_PROTO'] ) &&
-			$_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https' ) ) {
+			$_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https' ) ) {
 			return 'https';
 		} else {
 			return 'http';
-- 
2.20.1