From: csteipp Date: Mon, 17 Sep 2012 18:10:30 +0000 (-0700) Subject: (bug 29898) Set cookie to force HTTPS from HTTP X-Git-Tag: 1.31.0-rc.0~22236^2~1 X-Git-Url: https://git.cyclocoop.org/%7B%24www_url%7Dadmin/compta/banques/?a=commitdiff_plain;h=5801da5f86e14793afcc96686144a5d9cfb4df4b;p=lhc%2Fweb%2Fwiklou.git (bug 29898) Set cookie to force HTTPS from HTTP Sets a cookie on user login (removed on logout) if wpStickHTTPS was checked, which causes the browser to get a redirect if they visit the HTTP version of the site. Change-Id: I60f44a1062a93d15198edae6674bb3310a148b2d --- diff --git a/includes/User.php b/includes/User.php index 0a3db4c07c..3668465efb 100644 --- a/includes/User.php +++ b/includes/User.php @@ -2798,9 +2798,13 @@ class User { * @param $value String Value to set * @param $exp Int Expiration time, as a UNIX time value; * if 0 or not specified, use the default $wgCookieExpiration + * @param $secure Bool + * true: Force setting the secure attribute when setting the cookie + * false: Force NOT setting the secure attribute when setting the cookie + * null (default): Use the default ($wgCookieSecure) to set the secure attribute */ - protected function setCookie( $name, $value, $exp = 0 ) { - $this->getRequest()->response()->setcookie( $name, $value, $exp ); + protected function setCookie( $name, $value, $exp = 0, $secure = null ) { + $this->getRequest()->response()->setcookie( $name, $value, $exp, null, null, $secure ); } /** @@ -2859,6 +2863,15 @@ class User { $this->setCookie( $name, $value ); } } + + /** + * If wpStickHTTPS was selected, also set an insecure cookie that + * will cause the site to redirect the user to HTTPS, if they access + * it over HTTP. Bug 29898. + */ + if ( $request->getCheck( 'wpStickHTTPS' ) ) { + $this->setCookie( 'forceHTTPS', 'true', time() + 2592000, false ); //30 days + } } /** @@ -2881,6 +2894,7 @@ class User { $this->clearCookie( 'UserID' ); $this->clearCookie( 'Token' ); + $this->clearCookie( 'forceHTTPS' ); # Remember when user logged out, to prevent seeing cached pages $this->setCookie( 'LoggedOut', wfTimestampNow(), time() + 86400 ); diff --git a/includes/WebResponse.php b/includes/WebResponse.php index 193101b1a7..9c613a97bc 100644 --- a/includes/WebResponse.php +++ b/includes/WebResponse.php @@ -45,8 +45,12 @@ class WebResponse { * @param $expire Int: number of seconds til cookie expires * @param $prefix String: Prefix to use, if not $wgCookiePrefix (use '' for no prefix) * @param @domain String: Cookie domain to use, if not $wgCookieDomain + * @param $forceSecure Bool: + * true: force the cookie to be set with the secure attribute + * false: force the cookie to be set without the secure attribute + * null: use the value from $wgCookieSecure */ - public function setcookie( $name, $value, $expire = 0, $prefix = null, $domain = null ) { + public function setcookie( $name, $value, $expire = 0, $prefix = null, $domain = null, $forceSecure = null ) { global $wgCookiePath, $wgCookiePrefix, $wgCookieDomain; global $wgCookieSecure,$wgCookieExpiration, $wgCookieHttpOnly; if ( $expire == 0 ) { @@ -58,6 +62,13 @@ class WebResponse { if( $domain === null ) { $domain = $wgCookieDomain; } + + if ( is_null( $forceSecure ) ) { + $secureCookie = $wgCookieSecure; + } else { + $secureCookie = $forceSecure; + } + $httpOnlySafe = wfHttpOnlySafe() && $wgCookieHttpOnly; wfDebugLog( 'cookie', 'setcookie: "' . implode( '", "', @@ -67,14 +78,14 @@ class WebResponse { $expire, $wgCookiePath, $domain, - $wgCookieSecure, + $secureCookie, $httpOnlySafe ) ) . '"' ); setcookie( $prefix . $name, $value, $expire, $wgCookiePath, $domain, - $wgCookieSecure, + $secureCookie, $httpOnlySafe ); } } @@ -140,7 +151,7 @@ class FauxResponse extends WebResponse { * @param $domain TODO DOCUMENT (Default: null) * */ - public function setcookie( $name, $value, $expire = 0, $prefix = null, $domain = null ) { + public function setcookie( $name, $value, $expire = 0, $prefix = null, $domain = null, $forceSecure = null ) { $this->cookies[$name] = $value; } diff --git a/includes/WebStart.php b/includes/WebStart.php index 01c5eea846..247f810089 100644 --- a/includes/WebStart.php +++ b/includes/WebStart.php @@ -156,4 +156,3 @@ wfProfileOut( 'WebStart.php-ob_start' ); if ( !defined( 'MW_NO_SETUP' ) ) { require_once( MWInit::compiledPath( "includes/Setup.php" ) ); } - diff --git a/includes/Wiki.php b/includes/Wiki.php index a4a89032d4..e1d84d4559 100644 --- a/includes/Wiki.php +++ b/includes/Wiki.php @@ -490,6 +490,23 @@ class MediaWiki { $request = $this->context->getRequest(); + if ( $request->getCookie( 'forceHTTPS' ) + && $request->detectProtocol() == 'http' + && $request->getMethod() == 'GET' + ) { + $redirUrl = $request->getFullRequestURL(); + $redirUrl = str_replace( 'http://' , 'https://' , $redirUrl ); + + // Setup dummy Title, otherwise OutputPage::redirect will fail + $title = Title::newFromText( NS_MAIN, 'REDIR' ); + $this->context->setTitle( $title ); + $output = $this->context->getOutput(); + $output->redirect( $redirUrl ); + $output->output(); + wfProfileOut( __METHOD__ ); + return; + } + // Send Ajax requests to the Ajax dispatcher. if ( $wgUseAjax && $request->getVal( 'action', 'view' ) == 'ajax' ) {