From 565014a8cb578889de1666256d1dba6a7ecc8629 Mon Sep 17 00:00:00 2001
From: Tyler Anthony Romeo <tylerromeo@gmail.com>
Date: Thu, 27 Sep 2012 14:34:11 -0400
Subject: [PATCH] (bug 40541) Fixed $wgSecureLogin functionality.

* Added parameter to login link so that wpStickHTTPS
  is set to true by default when the user is coming
  from HTTPS.
* Added redirect in Special:Userlogin so that when
  $wgSecureLogin is enabled it automatically redirects
  to HTTPS.
* Adjusted User::setCookies() to add a parameter for
  forcing secure/insecure cookies, and then added the
  appropriate argument to Special:Userlogin so that
  cookies are set appropriately.

Change-Id: I17ac68014840daa47bfd4768e978e9ff2edb00db
---
 includes/SkinTemplate.php              |  7 ++++++
 includes/User.php                      |  5 ++--
 includes/specials/SpecialUserlogin.php | 35 +++++++++++++++++++++-----
 3 files changed, 39 insertions(+), 8 deletions(-)

diff --git a/includes/SkinTemplate.php b/includes/SkinTemplate.php
index bda43957dc..b692838b1b 100644
--- a/includes/SkinTemplate.php
+++ b/includes/SkinTemplate.php
@@ -529,6 +529,8 @@ class SkinTemplate extends Skin {
 	 * @return array
 	 */
 	protected function buildPersonalUrls() {
+		global $wgSecureLogin;
+
 		$title = $this->getTitle();
 		$request = $this->getRequest();
 		$pageurl = $title->getLocalURL();
@@ -551,6 +553,11 @@ class SkinTemplate extends Skin {
 				$a['returntoquery'] = $query;
 			}
 		}
+
+		if ( $wgSecureLogin && $request->detectProtocol() == 'https' ) {
+			$a['wpStickHTTPS'] = true;
+		}
+
 		$returnto = wfArrayToCGI( $a );
 		if( $this->loggedin ) {
 			$personal_urls['userpage'] = array(
diff --git a/includes/User.php b/includes/User.php
index 3668465efb..a4965a0f9a 100644
--- a/includes/User.php
+++ b/includes/User.php
@@ -2820,8 +2820,9 @@ class User {
 	 *
 	 * @param $request WebRequest object to use; $wgRequest will be used if null
 	 *        is passed.
+	 * @param $secure Whether to force secure/insecure cookies or use default
 	 */
-	public function setCookies( $request = null ) {
+	public function setCookies( $request = null, $secure = null ) {
 		if ( $request === null ) {
 			$request = $this->getRequest();
 		}
@@ -2860,7 +2861,7 @@ class User {
 			if ( $value === false ) {
 				$this->clearCookie( $name );
 			} else {
-				$this->setCookie( $name, $value );
+				$this->setCookie( $name, $value, 0, $secure );
 			}
 		}
 
diff --git a/includes/specials/SpecialUserlogin.php b/includes/specials/SpecialUserlogin.php
index c101897219..901623269a 100644
--- a/includes/specials/SpecialUserlogin.php
+++ b/includes/specials/SpecialUserlogin.php
@@ -149,6 +149,23 @@ class LoginForm extends SpecialPage {
 		$this->load();
 		$this->setHeaders();
 
+		global $wgSecureLogin;
+		if (
+			$this->mType != 'signup' &&
+			$wgSecureLogin &&
+			WebRequest::detectProtocol() !== 'https'
+		) {
+			$title = $this->getFullTitle();
+			$query = array(
+				'returnto' => $this->mReturnTo,
+				'returntoquery' => $this->mReturnToQuery,
+				'wpStickHTTPS' => $this->mStickHTTPS
+			);
+			$url = $title->getFullURL( $query, false, PROTO_HTTPS );
+			$this->getOutput()->redirect( $url );
+			return;
+		}
+
 		if ( $par == 'signup' ) { # Check for [[Special:Userlogin/signup]]
 			$this->mType = 'signup';
 		}
@@ -722,6 +739,7 @@ class LoginForm extends SpecialPage {
 
 		switch ( $this->authenticateUserData() ) {
 			case self::SUCCESS:
+				global $wgSecureLogin;
 				# We've verified now, update the real record
 				$user = $this->getUser();
 				if( (bool)$this->mRemember != (bool)$user->getOption( 'rememberpassword' ) ) {
@@ -730,7 +748,7 @@ class LoginForm extends SpecialPage {
 				} else {
 					$user->invalidateCache();
 				}
-				$user->setCookies();
+				$user->setCookies( null, $wgSecureLogin && !$this->mStickHTTPS ? false : null );
 				self::clearLoginToken();
 
 				// Reset the throttle
@@ -963,14 +981,19 @@ class LoginForm extends SpecialPage {
 			$returnToTitle = Title::newMainPage();
 		}
 
+		if( $wgSecureLogin && !$this->mStickHTTPS ) {
+			$options = array( 'http' );
+			$proto = PROTO_HTTP;
+		} else {
+			$options = array( 'https' );
+			$proto = PROTO_HTTPS;
+		}
+
 		if ( $type == 'successredirect' ) {
-			$redirectUrl = $returnToTitle->getFullURL( $returnToQuery );
-			if( $wgSecureLogin && !$this->mStickHTTPS ) {
-				$redirectUrl = preg_replace( '/^https:/', 'http:', $redirectUrl );
-			}
+			$redirectUrl = $returnToTitle->getFullURL( $returnToQuery, false, $proto );
 			$this->getOutput()->redirect( $redirectUrl );
 		} else {
-			$this->getOutput()->addReturnTo( $returnToTitle, $returnToQuery );
+			$this->getOutput()->addReturnTo( $returnToTitle, $returnToQuery, $options );
 		}
 	}
 
-- 
2.20.1