* New key added to $wgGalleryOptions - $wgGalleryOptions['mode'] to set
default gallery mode.
* New hook 'GalleryGetModes' to allow extensions to make new gallery modes.
+* The checkbox for staying in HTTPS displayed on the login form when $wgSecureLogin is
+ enabled has been removed. Instead, whether the user stays in HTTPS will be determined
+ based on the user's preferences, and whether they came from HTTPS or not.
=== New features in 1.22 ===
* (bug 44525) mediawiki.jqueryMsg can now parse (whitelisted) HTML elements and attributes.
'watchmoves' => 0,
'wllimit' => 250,
'useeditwarning' => 1,
+ 'prefershttps' => 1,
);
/**
global $wgAuth, $wgContLang, $wgParser, $wgCookieExpiration, $wgLanguageCode,
$wgDisableTitleConversion, $wgDisableLangConversion, $wgMaxSigChars,
$wgEnableEmail, $wgEmailConfirmToEdit, $wgEnableUserEmail, $wgEmailAuthentication,
- $wgEnotifWatchlist, $wgEnotifUserTalk, $wgEnotifRevealEditorAddress;
+ $wgEnotifWatchlist, $wgEnotifUserTalk, $wgEnotifRevealEditorAddress,
+ $wgSecureLogin;
// retrieving user name for GENDER and misc.
$userName = $user->getName();
'section' => 'personal/info',
);
}
+ // Only show preferhttps if secure login is turned on
+ if ( $wgSecureLogin ) {
+ $defaultPreferences['prefershttps'] = array(
+ 'type' => 'toggle',
+ 'label-message' => 'tog-prefershttps',
+ 'default' => true,
+ 'section' => 'personal/info'
+ );
+ }
// Language
$languages = Language::fetchLanguageNames( null, 'mw' );
return $this->mDatePreference;
}
+ /**
+ * Determine based on the wiki configuration and the user's options,
+ * whether this user must be over HTTPS no matter what.
+ *
+ * @return bool
+ */
+ public function requiresHTTPS() {
+ global $wgSecureLogin;
+ if ( !$wgSecureLogin ) {
+ return false;
+ } else {
+ return $this->getBoolOption( 'prefershttps' );
+ }
+ }
+
/**
* Get the user preferred stub threshold
*
* will cause the site to redirect the user to HTTPS, if they access
* it over HTTP. Bug 29898.
*/
- if ( $request->getCheck( 'wpStickHTTPS' ) ) {
+ if ( $request->getCheck( 'wpStickHTTPS' ) || $this->requiresHTTPS() ) {
$this->setCookie( 'forceHTTPS', 'true', time() + 2592000, false ); //30 days
}
}
$request = $this->context->getRequest();
- if ( $request->getCookie( 'forceHTTPS' )
- && $request->detectProtocol() == 'http'
- && $request->getMethod() == 'GET'
+ // If the user has forceHTTPS set to true, or if the user
+ // is in a group requiring HTTPS, or if they have the HTTPS
+ // preference set, redirect them to HTTPS.
+ if (
+ (
+ $request->getCookie( 'forceHTTPS' ) ||
+ // Avoid checking the user and groups unless it's enabled.
+ $this->context->getUser()->requiresHTTPS()
+ ) &&
+ $request->detectProtocol() == 'http'
) {
$redirUrl = $request->getFullRequestURL();
$redirUrl = str_replace( 'http://', 'https://', $redirUrl );
$this->mLoginattempt = $request->getCheck( 'wpLoginattempt' );
$this->mAction = $request->getVal( 'action' );
$this->mRemember = $request->getCheck( 'wpRemember' );
- $this->mStickHTTPS = $request->getCheck( 'wpStickHTTPS' );
+ $this->mStickHTTPS = $request->getBool( 'wpStickHTTPS' );
$this->mLanguage = $request->getText( 'uselang' );
$this->mSkipCookieCheck = $request->getCheck( 'wpSkipCookieCheck' );
$this->mToken = ( $this->mType == 'signup' ) ? $request->getVal( 'wpCreateaccountToken' ) : $request->getVal( 'wpLoginToken' );
$user->invalidateCache();
}
+ if ( $user->requiresHTTPS() ) {
+ $this->mStickHTTPS = true;
+ }
+
if ( $wgSecureLogin && !$this->mStickHTTPS ) {
$user->setCookies( null, false );
} else {
$template->set( 'usereason', $user->isLoggedIn() );
$template->set( 'remember', $user->getOption( 'rememberpassword' ) || $this->mRemember );
$template->set( 'cansecurelogin', ( $wgSecureLogin === true ) );
- $template->set( 'stickHTTPS', $this->mStickHTTPS );
+ $template->set( 'stickHTTPS', (int)$this->mStickHTTPS );
if ( $this->mType === 'signup' && $user->isLoggedIn() ) {
$template->set( 'createAnother', true );
<?php } ?>
</div>
- <?php if ( $this->data['cansecurelogin'] ) { ?>
- <div>
- <label class="mw-ui-checkbox-label">
- <input name="wpStickHTTPS" type="checkbox" value="1" id="wpStickHTTPS" tabindex="5"
- <?php if ( $this->data['stickHTTPS'] ) {
- echo 'checked="checked"';
- } ?>
- >
- <?php $this->msg( 'securelogin-stick-https' ); ?>
- </label>
- </div>
- <?php } ?>
<div>
<?php
echo Html::input( 'wpLoginAttempt', $this->getMsg( 'login' )->text(), 'submit', array(
<?php } ?>
<?php if ( $this->haveData( 'uselang' ) ) { ?><input type="hidden" name="uselang" value="<?php $this->text( 'uselang' ); ?>" /><?php } ?>
<?php if ( $this->haveData( 'token' ) ) { ?><input type="hidden" name="wpLoginToken" value="<?php $this->text( 'token' ); ?>" /><?php } ?>
+<?php if ( $this->data['cansecurelogin'] ) {?><input type="hidden" name="wpStickHTTPS" value="<?php $this->text( 'stickHTTPS' ); ?>" /><?php } ?>
</form>
</div>
</div>
'tog-noconvertlink' => 'Disable link title conversion', # only translate this message to other languages if you have to change it
'tog-norollbackdiff' => 'Omit diff after performing a rollback',
'tog-useeditwarning' => 'Warn me when I leave an edit page with unsaved changes',
+'tog-prefershttps' => 'Always use a secure connection when logged in',
'underline-always' => 'Always',
'underline-never' => 'Never',
'remembermypassword' => 'Remember my login on this browser (for a maximum of $1 {{PLURAL:$1|day|days}})',
'userlogin-remembermypassword' => 'Keep me logged in',
'userlogin-signwithsecure' => 'Use secure connection',
-'securelogin-stick-https' => 'Stay connected to HTTPS after login',
'yourdomainname' => 'Your domain:',
'password-change-forbidden' => 'You cannot change passwords on this wiki.',
'externaldberror' => 'There was either an authentication database error or you are not allowed to update your external account.',
'tog-ccmeonemails' => 'Option in [[Special:Preferences]] > {{int:prefs-personal}} > {{int:email}}. {{Gender}}',
'tog-diffonly' => 'Toggle option used in [[Special:Preferences]]. {{Gender}}',
'tog-showhiddencats' => 'Toggle option used in [[Special:Preferences]]. {{Gender}}',
+'tog-prefershttps' => 'Toggle option used in [[Special:Preferences]] that indicates if the user wants to use a secure connection when logged in',
'tog-noconvertlink' => "{{optional}}
''(the message is considered optional because it is only used in wikis with language variants)''",
'userlogin-signwithsecure' => 'Text of link to HTTPS login form.
See example: [[Special:UserLogin]]',
-'securelogin-stick-https' => 'Used as label for checkbox.',
'yourdomainname' => 'Used as label for listbox.',
'password-change-forbidden' => 'Error message shown when an external authentication source does not allow the password to be changed.',
'externaldberror' => 'This message is thrown when a valid attempt to change the wiki password for a user fails because of a database error or an error from an external system.',
'tog-noconvertlink',
'tog-norollbackdiff',
'tog-useeditwarning',
+ 'tog-prefershttps'
),
'underline' => array(
'underline-always',
'remembermypassword',
'userlogin-remembermypassword',
'userlogin-signwithsecure',
- 'securelogin-stick-https',
'yourdomainname',
'password-change-forbidden',
'externaldberror',