From: Bryan Davis <bd808@wikimedia.org>
Date: Thu, 28 Jan 2016 00:53:54 +0000 (-0700)
Subject: Log user-agents that are using HTTP when HTTPS is preferred
X-Git-Tag: 1.31.0-rc.0~8164^2
X-Git-Url: https://git.cyclocoop.org/%7B%24www_url%7Dadmin/compta/banques/?a=commitdiff_plain;ds=sidebyside;h=240f789c892694cc92c896b87c98458581494149;p=lhc%2Fweb%2Fwiklou.git

Log user-agents that are using HTTP when HTTPS is preferred

Log a feature usage message and add a warning to the response when an
API request is made over unencrypted HTTP and the wiki or user has asked
that HTTPS be used by default.

Bug: T105794
Change-Id: I339bfa96614c6318db303bb22a8f86bd0336ddbe
---

diff --git a/includes/api/ApiMain.php b/includes/api/ApiMain.php
index 6ddc28af21..458fd18ffa 100644
--- a/includes/api/ApiMain.php
+++ b/includes/api/ApiMain.php
@@ -1231,7 +1231,8 @@ class ApiMain extends ApiBase {
 	 * @param array $params An array with the request parameters
 	 */
 	protected function setupExternalResponse( $module, $params ) {
-		if ( !$this->getRequest()->wasPosted() && $module->mustBePosted() ) {
+		$request = $this->getRequest();
+		if ( !$request->wasPosted() && $module->mustBePosted() ) {
 			// Module requires POST. GET request might still be allowed
 			// if $wgDebugApi is true, otherwise fail.
 			$this->dieUsageMsgOrDebug( array( 'mustbeposted', $this->mAction ) );
@@ -1243,6 +1244,15 @@ class ApiMain extends ApiBase {
 			// Create an appropriate printer
 			$this->mPrinter = $this->createPrinterByName( $params['format'] );
 		}
+
+		if ( $request->getProtocol() === 'http' && (
+			$request->getSession()->shouldForceHTTPS() ||
+			( $this->getUser()->isLoggedIn() &&
+				$this->getUser()->requiresHTTPS() )
+		) ) {
+			$this->logFeatureUsage( 'https-expected' );
+			$this->setWarning( 'HTTP used when HTTPS was expected' );
+		}
 	}
 
 	/**