$isbn: ISBN to show information for
$output: OutputPage object in use
+'CanIPUseHTTPS': Determine whether the client at a given source IP is likely
+to be able to access the wiki via HTTPS.
+$ip: The IP address in human-readable form
+&$canDo: This reference should be set to false if the client may not be able
+to use HTTPS
+
'CanonicalNamespaces': For extensions adding their own namespaces or altering
the defaults.
Note that if you need to specify namespace protection or content model for
wfProfileOut( __METHOD__ );
return $bad;
}
+
+/**
+ * Determine whether the client at a given source IP is likely to be able to
+ * access the wiki via HTTPS.
+ *
+ * @param string $ip The IPv4/6 address in the normal human-readable form
+ * @return boolean
+ */
+function wfCanIPUseHTTPS( $ip ) {
+ $canDo = true;
+ wfRunHooks( 'CanIPUseHTTPS', array( $ip, &$canDo ) );
+ return !!$canDo;
+}
: 'login';
$is_signup = $request->getText( 'type' ) == 'signup';
- # anonlogin & login are the same
- $proto = $wgSecureLogin ? PROTO_HTTPS : null;
-
$login_id = $this->showIPinHeader() ? 'anonlogin' : 'login';
$login_url = array(
'text' => $this->msg( $loginlink )->text(),
- 'href' => self::makeSpecialUrl( 'Userlogin', $returnto, $proto ),
+ 'href' => self::makeSpecialUrl( 'Userlogin', $returnto ),
'active' => $title->isSpecial( 'Userlogin' ) && ( $loginlink == 'nav-login-createaccount' || !$is_signup ),
);
$createaccount_url = array(
'text' => $this->msg( 'createaccount' )->text(),
- 'href' => self::makeSpecialUrl( 'Userlogin', "$returnto&type=signup", $proto ),
+ 'href' => self::makeSpecialUrl( 'Userlogin', "$returnto&type=signup" ),
'active' => $title->isSpecial( 'Userlogin' ) && $is_signup,
);
} else {
$https = $this->getBoolOption( 'prefershttps' );
wfRunHooks( 'UserRequiresHTTPS', array( $this, &$https ) );
+ if ( $https ) {
+ $https = wfCanIPUseHTTPS( $this->getRequest()->getIP() );
+ }
return $https;
}
}
(
$request->getCookie( 'forceHTTPS' ) ||
// Avoid checking the user and groups unless it's enabled.
- $this->context->getUser()->requiresHTTPS()
+ (
+ $this->context->getUser()->isLoggedIn()
+ && $this->context->getUser()->requiresHTTPS()
+ )
) &&
$request->detectProtocol() == 'http'
) {
'wpStickHTTPS' => $this->mStickHTTPS
);
$url = $title->getFullURL( $query, false, PROTO_HTTPS );
- if ( $wgSecureLogin ) {
+ if ( $wgSecureLogin && wfCanIPUseHTTPS( $this->getRequest()->getIP() ) ) {
$this->getOutput()->redirect( $url );
return;
} else {
}
// Decide if we default stickHTTPS on
- if ( $wgSecureLoginDefaultHTTPS && $this->mAction != 'submitlogin' && !$this->mLoginattempt ) {
+ if ( $wgSecureLoginDefaultHTTPS
+ && $this->mAction != 'submitlogin'
+ && !$this->mLoginattempt
+ && wfCanIPUseHTTPS( $this->getRequest()->getIP() ) )
+ {
$this->mStickHTTPS = true;
}