From 63525284c6f8c45e70a35979e3ba798592c1034b Mon Sep 17 00:00:00 2001
From: Tim Starling <tstarling@wikimedia.org>
Date: Wed, 14 May 2014 13:49:26 +1000
Subject: [PATCH] Avoid an infinite redirect in $wgSecureLogin handling

If, for some reason, (e.g. https://gerrit.wikimedia.org/r/#/c/133205/ )
HTTPS requests are not recognised as such and WebRequest::getProtocol()
unconditionally returns "http", use the fromhttp parameter to avoid an
infinite redirect loop.

Change-Id: Iefbf679ef995f5e347e2b9c3f1f5a5b22055e107
---
 includes/specials/SpecialUserlogin.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/includes/specials/SpecialUserlogin.php b/includes/specials/SpecialUserlogin.php
index b049975e3e..27fecca872 100644
--- a/includes/specials/SpecialUserlogin.php
+++ b/includes/specials/SpecialUserlogin.php
@@ -193,7 +193,10 @@ class LoginForm extends SpecialPage {
 				'title' => null,
 			) + $this->mRequest->getQueryValues();
 			$url = $title->getFullURL( $query, false, PROTO_HTTPS );
-			if ( $wgSecureLogin && wfCanIPUseHTTPS( $this->getRequest()->getIP() ) ) {
+			if ( $wgSecureLogin
+				&& wfCanIPUseHTTPS( $this->getRequest()->getIP() )
+				&& !$this->mFromHTTP ) // Avoid infinite redirect
+			{
 				$url = wfAppendQuery( $url, 'fromhttp=1' );
 				$this->getOutput()->redirect( $url );
 				// Since we only do this redir to change proto, always vary
-- 
2.20.1