mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-08-05 14:17:49 +02:00
Code Issues Releases Wiki Activity

mod rewrite support - e_REQUEST_URI and e_REQUEST_URL added to be used in forms (instead e_SELF), basic experimental generic XSS protection

Browse Source
This commit is contained in:
secretr
2010-11-21 12:49:36 +00:00
parent 02c16d4ed7
commit e376b00298
2 changed files with 58 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
class2.php
View File

@@ -432,7 +432,19 @@ $pref = e107::getPref();
//DEPRECATED, BC, call e107::getConfig('menu')->get('pref_name') only when needed
$menu_pref = e107::getConfig('menu')->getPref(); //extract menu prefs
// NEW - force ssl
if(e107::getPref('ssl_enabled') && !deftrue('e_SSL_DISABLE'))
{
// NOTE: e_SSL_DISABLE check is here to help webmasters fix 'ssl_enabled'
// if set by accident on site with no SSL support - just define it in e107_config.php
if(strpos(e_REQUEST_URL, 'http://') === 0)
{
// e_REQUEST_URL and e_REQUEST_URI introduced
$url = 'https://'.substr(e_REQUEST_URL, 7);
header('Location: '.$url);
exit;
}
}
// $sql->db_Mark_Time('(Extracting Core Prefs Done)');