diff --git a/auth/shibboleth/logout.php b/auth/shibboleth/logout.php index c5c541069c8..bd16aaa1d52 100644 --- a/auth/shibboleth/logout.php +++ b/auth/shibboleth/logout.php @@ -11,7 +11,7 @@ require_once($CFG->dirroot."/auth/shibboleth/auth.php"); // Find out whether host supports https $protocol = 'http://'; -if ( isset($_SERVER['HTTPS']) && !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on'){ +if (is_https()) { $protocol = 'https://'; } diff --git a/filter/mathjaxloader/filter.php b/filter/mathjaxloader/filter.php index a22e5bf130d..2d6abb2831f 100644 --- a/filter/mathjaxloader/filter.php +++ b/filter/mathjaxloader/filter.php @@ -95,12 +95,11 @@ class filter_mathjaxloader extends moodle_text_filter { * @param context $context The current context. */ public function setup($page, $context) { - global $CFG; // This only requires execution once per request. static $jsinitialised = false; if (empty($jsinitialised)) { - if (strpos($CFG->httpswwwroot, 'https:') === 0) { + if (is_https()) { $url = get_config('filter_mathjaxloader', 'httpsurl'); } else { $url = get_config('filter_mathjaxloader', 'httpurl'); diff --git a/iplookup/index.php b/iplookup/index.php index 92dd51ea462..e26f72caada 100644 --- a/iplookup/index.php +++ b/iplookup/index.php @@ -94,7 +94,7 @@ if (empty($CFG->googlemapkey3)) { echo '
'.$info['note'].'
'; } else { - if (strpos($CFG->wwwroot, 'https:') === 0) { + if (is_https()) { $PAGE->requires->js(new moodle_url('https://maps.googleapis.com/maps/api/js', array('key'=>$CFG->googlemapkey3, 'sensor'=>'false'))); } else { $PAGE->requires->js(new moodle_url('http://maps.googleapis.com/maps/api/js', array('key'=>$CFG->googlemapkey3, 'sensor'=>'false'))); diff --git a/lib/badgeslib.php b/lib/badgeslib.php index c24400ee2ba..3553d538019 100644 --- a/lib/badgeslib.php +++ b/lib/badgeslib.php @@ -1258,7 +1258,7 @@ function badges_setup_backpack_js() { global $CFG, $PAGE; if (!empty($CFG->badges_allowexternalbackpack)) { $PAGE->requires->string_for_js('error:backpackproblem', 'badges'); - $protocol = (strpos($CFG->wwwroot, 'https://') === 0) ? 'https://' : 'http://'; + $protocol = (is_https()) ? 'https://' : 'http://'; $PAGE->requires->js(new moodle_url($protocol . BADGE_BACKPACKURL . '/issuer.js'), true); $PAGE->requires->js('/badges/backpack.js', true); } diff --git a/lib/classes/session/manager.php b/lib/classes/session/manager.php index 9e1378b0c08..84e26eddbb3 100644 --- a/lib/classes/session/manager.php +++ b/lib/classes/session/manager.php @@ -180,7 +180,7 @@ class manager { protected static function prepare_cookies() { global $CFG; - if (!isset($CFG->cookiesecure) or (strpos($CFG->wwwroot, 'https://') !== 0 and empty($CFG->sslproxy))) { + if (!isset($CFG->cookiesecure) or (!is_https() and empty($CFG->sslproxy))) { $CFG->cookiesecure = 0; } diff --git a/lib/csvlib.class.php b/lib/csvlib.class.php index c3e4d9df711..229d5680044 100644 --- a/lib/csvlib.class.php +++ b/lib/csvlib.class.php @@ -476,7 +476,7 @@ class csv_export_writer { // For text based formats - we cannot test the output with behat if we force a file download. return; } - if (strpos($CFG->wwwroot, 'https://') === 0) { //https sites - watch out for IE! KB812935 and KB316431 + if (is_https()) { // HTTPS sites - watch out for IE! KB812935 and KB316431. header('Cache-Control: max-age=10'); header('Pragma: '); } else { //normal http - prevent caching at all cost diff --git a/lib/excellib.class.php b/lib/excellib.class.php index 624558ba38b..b2731b2626b 100644 --- a/lib/excellib.class.php +++ b/lib/excellib.class.php @@ -106,7 +106,7 @@ class MoodleExcelWorkbook { $mimetype = 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet'; $filename = $filename.'.xlsx'; - if (strpos($CFG->wwwroot, 'https://') === 0) { //https sites - watch out for IE! KB812935 and KB316431 + if (is_https()) { // HTTPS sites - watch out for IE! KB812935 and KB316431. header('Cache-Control: max-age=10'); header('Expires: '. gmdate('D, d M Y H:i:s', 0) .' GMT'); header('Pragma: '); diff --git a/lib/filelib.php b/lib/filelib.php index eec36dda4c7..cc794469f20 100644 --- a/lib/filelib.php +++ b/lib/filelib.php @@ -2196,7 +2196,7 @@ function send_temp_file($path, $filename, $pathisstring=false) { } header('Content-Disposition: attachment; filename="'.$filename.'"'); - if (strpos($CFG->wwwroot, 'https://') === 0) { //https sites - watch out for IE! KB812935 and KB316431 + if (is_https()) { // HTTPS sites - watch out for IE! KB812935 and KB316431. header('Cache-Control: private, max-age=10, no-transform'); header('Expires: '. gmdate('D, d M Y H:i:s', 0) .' GMT'); header('Pragma: '); @@ -2292,7 +2292,7 @@ function send_file($path, $filename, $lifetime = null , $filter=0, $pathisstring } else { // Do not cache files in proxies and browsers $nobyteserving = true; - if (strpos($CFG->wwwroot, 'https://') === 0) { //https sites - watch out for IE! KB812935 and KB316431 + if (is_https()) { // HTTPS sites - watch out for IE! KB812935 and KB316431. header('Cache-Control: private, max-age=10, no-transform'); header('Expires: '. gmdate('D, d M Y H:i:s', 0) .' GMT'); header('Pragma: '); @@ -2465,7 +2465,7 @@ function send_stored_file($stored_file, $lifetime=null, $filter=0, $forcedownloa header('Pragma: '); } else { // Do not cache files in proxies and browsers - if (strpos($CFG->wwwroot, 'https://') === 0) { //https sites - watch out for IE! KB812935 and KB316431 + if (is_https()) { // HTTPS sites - watch out for IE! KB812935 and KB316431. header('Cache-Control: private, max-age=10, no-transform'); header('Expires: '. gmdate('D, d M Y H:i:s', 0) .' GMT'); header('Pragma: '); diff --git a/lib/form/recaptcha.php b/lib/form/recaptcha.php index ccbd8cced82..20800885627 100644 --- a/lib/form/recaptcha.php +++ b/lib/form/recaptcha.php @@ -57,7 +57,7 @@ class MoodleQuickForm_recaptcha extends HTML_QuickForm_input { global $CFG; parent::HTML_QuickForm_input($elementName, $elementLabel, $attributes); $this->_type = 'recaptcha'; - if (!empty($attributes['https']) or strpos($CFG->httpswwwroot, 'https:') === 0) { + if (is_https()) { $this->_https = true; } else { $this->_https = false; diff --git a/lib/outputcomponents.php b/lib/outputcomponents.php index 8e9d4bf960c..1c7ed572ab0 100644 --- a/lib/outputcomponents.php +++ b/lib/outputcomponents.php @@ -404,7 +404,7 @@ class user_picture implements renderable { // If the currently requested page is https then we'll return an // https gravatar page. - if (strpos($CFG->httpswwwroot, 'https:') === 0) { + if (is_https()) { $gravatardefault = str_replace($CFG->wwwroot, $CFG->httpswwwroot, $gravatardefault); // Replace by secure url. return new moodle_url("https://secure.gravatar.com/avatar/{$md5}", array('s' => $size, 'd' => $gravatardefault)); } else { diff --git a/lib/outputrequirementslib.php b/lib/outputrequirementslib.php index 04420539b9d..46c2da2ba5e 100644 --- a/lib/outputrequirementslib.php +++ b/lib/outputrequirementslib.php @@ -169,7 +169,7 @@ class page_requirements_manager { $this->yui3loader = new stdClass(); $this->YUI_config = new YUI_config(); - if (strpos($CFG->httpswwwroot, 'https:') === 0) { + if (is_https()) { // On HTTPS sites all JS must be loaded from https sites, // YUI CDN does not support https yet, sorry. $CFG->useexternalyui = 0; diff --git a/lib/setuplib.php b/lib/setuplib.php index e9edecc4206..e55573cf8fe 100644 --- a/lib/setuplib.php +++ b/lib/setuplib.php @@ -816,6 +816,7 @@ function initialise_fullme() { throw new coding_exception('Must use https address in wwwroot when ssl proxy enabled!'); } $rurl['scheme'] = 'https'; // make moodle believe it runs on https, squid or something else it doing it + $_SERVER['HTTPS'] = 'on'; // Override $_SERVER to help external libraries with their HTTPS detection. } // hopefully this will stop all those "clever" admins trying to set up moodle diff --git a/lib/weblib.php b/lib/weblib.php index 3ab7691da2b..451fe25e82d 100644 --- a/lib/weblib.php +++ b/lib/weblib.php @@ -223,6 +223,20 @@ function qualified_me() { } } +/** + * Determines whether or not the Moodle site is being served over HTTPS. + * + * This is done simply by checking the value of $CFG->httpswwwroot, which seems + * to be the only reliable method. + * + * @return boolean True if site is served over HTTPS, false otherwise. + */ +function is_https() { + global $CFG; + + return (strpos($CFG->httpswwwroot, 'https://') === 0); +} + /** * Class for creating and manipulating urls. * diff --git a/mod/feedback/item/captcha/lib.php b/mod/feedback/item/captcha/lib.php index b638609a84d..88847efd12d 100644 --- a/mod/feedback/item/captcha/lib.php +++ b/mod/feedback/item/captcha/lib.php @@ -237,7 +237,7 @@ class feedback_item_captcha extends feedback_item_base { '; // Check if we are using SSL. - if (strpos($CFG->wwwroot, 'https://') === 0) { + if (is_https()) { $ssl = true; } else { $ssl = false; diff --git a/mod/lti/OAuth.php b/mod/lti/OAuth.php index 5e6559e0e2c..bdd6b2f9162 100644 --- a/mod/lti/OAuth.php +++ b/mod/lti/OAuth.php @@ -252,7 +252,7 @@ class OAuthRequest { * attempt to build up a request from what was passed to the server */ public static function from_request($http_method = null, $http_url = null, $parameters = null) { - $scheme = (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] != "on") ? 'http' : 'https'; + $scheme = (!is_https()) ? 'http' : 'https'; $port = ""; if ($_SERVER['SERVER_PORT'] != "80" && $_SERVER['SERVER_PORT'] != "443" && strpos(':', $_SERVER['HTTP_HOST']) < 0) { $port = ':' . $_SERVER['SERVER_PORT']; diff --git a/portfolio/boxnet/lib.php b/portfolio/boxnet/lib.php index ef8030acda2..7b10968f6ef 100644 --- a/portfolio/boxnet/lib.php +++ b/portfolio/boxnet/lib.php @@ -114,7 +114,7 @@ class portfolio_plugin_boxnet extends portfolio_plugin_push_base { $mform->addElement('static', 'setupinfo', get_string('setupinfo', 'portfolio_boxnet'), get_string('setupinfodetails', 'portfolio_boxnet', $a)); - if (strpos($CFG->wwwroot, 'https') !== 0) { + if (!is_https()) { $mform->addElement('static', 'warninghttps', '', get_string('warninghttps', 'portfolio_boxnet')); } } @@ -207,7 +207,7 @@ class portfolio_plugin_boxnet extends portfolio_plugin_push_base { global $CFG; if (!$this->get_config('clientid') || !$this->get_config('clientsecret')) { return 'missingoauthkeys'; - } else if (strpos($CFG->wwwroot, 'https') !== 0) { + } else if (!is_https()) { return 'missinghttps'; } } diff --git a/report/security/locallib.php b/report/security/locallib.php index e9e654a6271..41507c09092 100644 --- a/report/security/locallib.php +++ b/report/security/locallib.php @@ -381,7 +381,7 @@ function report_security_check_emailchangeconfirmation($detailed=false) { function report_security_check_cookiesecure($detailed=false) { global $CFG; - if (strpos($CFG->wwwroot, 'https://') !== 0) { + if (!is_https()) { return null; } diff --git a/repository/boxnet/lib.php b/repository/boxnet/lib.php index 9b2b96c3241..508cc5b1339 100644 --- a/repository/boxnet/lib.php +++ b/repository/boxnet/lib.php @@ -334,7 +334,7 @@ class repository_boxnet extends repository { $mform->addElement('static', null, '', get_string('information', 'repository_boxnet')); - if (strpos($CFG->wwwroot, 'https') !== 0) { + if (!is_https()) { $mform->addElement('static', null, '', get_string('warninghttps', 'repository_boxnet')); } diff --git a/user/profile.php b/user/profile.php index 248cfea1f96..5d6efc6f3da 100644 --- a/user/profile.php +++ b/user/profile.php @@ -342,7 +342,7 @@ if ($user->icq && !isset($hiddenfields['icqnumber'])) { if ($user->skype && !isset($hiddenfields['skypeid'])) { $imurl = 'skype:'.urlencode($user->skype).'?call'; $iconurl = new moodle_url('http://mystatus.skype.com/smallicon/'.urlencode($user->skype)); - if (strpos($CFG->httpswwwroot, 'https:') === 0) { + if (is_https()) { // Bad luck, skype devs are lazy to set up SSL on their servers - see MDL-37233. $statusicon = ''; } else {