MDL-28484 core_lib: Add function for https detection

Signed-off-by: Tony Butler <tonyjbutler@gmail.com>
NoelDeMartin · Oct 3, 2014 · 1e31f11 · 1e31f11
1 parent 6597413
commit 1e31f11
Show file tree

Hide file tree

Showing 19 changed files with 35 additions and 21 deletions.
diff --git a/auth/shibboleth/logout.php b/auth/shibboleth/logout.php
@@ -11,7 +11,7 @@
 
 // Find out whether host supports https
 $protocol = 'http://';
-if ( isset($_SERVER['HTTPS']) && !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on'){
+if (is_https()) {
     $protocol = 'https://';
 }
 

diff --git a/filter/mathjaxloader/filter.php b/filter/mathjaxloader/filter.php
@@ -95,12 +95,11 @@ public function map_language_code($moodlelangcode) {
      * @param context $context The current context.
      */
     public function setup($page, $context) {
-        global $CFG;
         // This only requires execution once per request.
         static $jsinitialised = false;
 
         if (empty($jsinitialised)) {
-            if (strpos($CFG->httpswwwroot, 'https:') === 0) {
+            if (is_https()) {
                 $url = get_config('filter_mathjaxloader', 'httpsurl');
             } else {
                 $url = get_config('filter_mathjaxloader', 'httpurl');

diff --git a/iplookup/index.php b/iplookup/index.php
@@ -94,7 +94,7 @@
     echo '<div id="note">'.$info['note'].'</div>';
 
 } else {
-    if (strpos($CFG->wwwroot, 'https:') === 0) {
+    if (is_https()) {
         $PAGE->requires->js(new moodle_url('https://maps.googleapis.com/maps/api/js', array('key'=>$CFG->googlemapkey3, 'sensor'=>'false')));
     } else {
         $PAGE->requires->js(new moodle_url('http://maps.googleapis.com/maps/api/js', array('key'=>$CFG->googlemapkey3, 'sensor'=>'false')));

diff --git a/lib/badgeslib.php b/lib/badgeslib.php
@@ -1258,7 +1258,7 @@ function badges_setup_backpack_js() {
     global $CFG, $PAGE;
     if (!empty($CFG->badges_allowexternalbackpack)) {
         $PAGE->requires->string_for_js('error:backpackproblem', 'badges');
-        $protocol = (strpos($CFG->wwwroot, 'https://') === 0) ? 'https://' : 'http://';
+        $protocol = (is_https()) ? 'https://' : 'http://';
         $PAGE->requires->js(new moodle_url($protocol . BADGE_BACKPACKURL . '/issuer.js'), true);
         $PAGE->requires->js('/badges/backpack.js', true);
     }

diff --git a/lib/classes/session/manager.php b/lib/classes/session/manager.php
@@ -180,7 +180,7 @@ public static function init_empty_session() {
     protected static function prepare_cookies() {
         global $CFG;
 
-        if (!isset($CFG->cookiesecure) or (strpos($CFG->wwwroot, 'https://') !== 0 and empty($CFG->sslproxy))) {
+        if (!isset($CFG->cookiesecure) or (!is_https() and empty($CFG->sslproxy))) {
             $CFG->cookiesecure = 0;
         }
 

diff --git a/lib/csvlib.class.php b/lib/csvlib.class.php
@@ -476,7 +476,7 @@ protected function send_header() {
             // For text based formats - we cannot test the output with behat if we force a file download.
             return;
         }
-        if (strpos($CFG->wwwroot, 'https://') === 0) { //https sites - watch out for IE! KB812935 and KB316431
+        if (is_https()) { // HTTPS sites - watch out for IE! KB812935 and KB316431.
             header('Cache-Control: max-age=10');
             header('Pragma: ');
         } else { //normal http - prevent caching at all cost

diff --git a/lib/excellib.class.php b/lib/excellib.class.php
@@ -106,7 +106,7 @@ public function close() {
         $mimetype = 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet';
         $filename = $filename.'.xlsx';
 
-        if (strpos($CFG->wwwroot, 'https://') === 0) { //https sites - watch out for IE! KB812935 and KB316431
+        if (is_https()) { // HTTPS sites - watch out for IE! KB812935 and KB316431.
             header('Cache-Control: max-age=10');
             header('Expires: '. gmdate('D, d M Y H:i:s', 0) .' GMT');
             header('Pragma: ');

diff --git a/lib/filelib.php b/lib/filelib.php
@@ -2196,7 +2196,7 @@ function send_temp_file($path, $filename, $pathisstring=false) {
     }
 
     header('Content-Disposition: attachment; filename="'.$filename.'"');
-    if (strpos($CFG->wwwroot, 'https://') === 0) { //https sites - watch out for IE! KB812935 and KB316431
+    if (is_https()) { // HTTPS sites - watch out for IE! KB812935 and KB316431.
         header('Cache-Control: private, max-age=10, no-transform');
         header('Expires: '. gmdate('D, d M Y H:i:s', 0) .' GMT');
         header('Pragma: ');
@@ -2292,7 +2292,7 @@ function send_file($path, $filename, $lifetime = null , $filter=0, $pathisstring
 
     } else { // Do not cache files in proxies and browsers
         $nobyteserving = true;
-        if (strpos($CFG->wwwroot, 'https://') === 0) { //https sites - watch out for IE! KB812935 and KB316431
+        if (is_https()) { // HTTPS sites - watch out for IE! KB812935 and KB316431.
             header('Cache-Control: private, max-age=10, no-transform');
             header('Expires: '. gmdate('D, d M Y H:i:s', 0) .' GMT');
             header('Pragma: ');
@@ -2465,7 +2465,7 @@ function send_stored_file($stored_file, $lifetime=null, $filter=0, $forcedownloa
         header('Pragma: ');
 
     } else { // Do not cache files in proxies and browsers
-        if (strpos($CFG->wwwroot, 'https://') === 0) { //https sites - watch out for IE! KB812935 and KB316431
+        if (is_https()) { // HTTPS sites - watch out for IE! KB812935 and KB316431.
             header('Cache-Control: private, max-age=10, no-transform');
             header('Expires: '. gmdate('D, d M Y H:i:s', 0) .' GMT');
             header('Pragma: ');

diff --git a/lib/form/recaptcha.php b/lib/form/recaptcha.php
@@ -57,7 +57,7 @@ function MoodleQuickForm_recaptcha($elementName = null, $elementLabel = null, $a
         global $CFG;
         parent::HTML_QuickForm_input($elementName, $elementLabel, $attributes);
         $this->_type = 'recaptcha';
-        if (!empty($attributes['https']) or strpos($CFG->httpswwwroot, 'https:') === 0) {
+        if (is_https()) {
             $this->_https = true;
         } else {
             $this->_https = false;

diff --git a/lib/outputcomponents.php b/lib/outputcomponents.php
@@ -404,7 +404,7 @@ public function get_url(moodle_page $page, renderer_base $renderer = null) {
 
             // If the currently requested page is https then we'll return an
             // https gravatar page.
-            if (strpos($CFG->httpswwwroot, 'https:') === 0) {
+            if (is_https()) {
                 $gravatardefault = str_replace($CFG->wwwroot, $CFG->httpswwwroot, $gravatardefault); // Replace by secure url.
                 return new moodle_url("https://secure.gravatar.com/avatar/{$md5}", array('s' => $size, 'd' => $gravatardefault));
             } else {

diff --git a/lib/outputrequirementslib.php b/lib/outputrequirementslib.php
@@ -169,7 +169,7 @@ public function __construct() {
         $this->yui3loader = new stdClass();
         $this->YUI_config = new YUI_config();
 
-        if (strpos($CFG->httpswwwroot, 'https:') === 0) {
+        if (is_https()) {
             // On HTTPS sites all JS must be loaded from https sites,
             // YUI CDN does not support https yet, sorry.
             $CFG->useexternalyui = 0;

diff --git a/lib/setuplib.php b/lib/setuplib.php
@@ -816,6 +816,7 @@ function initialise_fullme() {
             throw new coding_exception('Must use https address in wwwroot when ssl proxy enabled!');
         }
         $rurl['scheme'] = 'https'; // make moodle believe it runs on https, squid or something else it doing it
+        $_SERVER['HTTPS'] = 'on'; // Override $_SERVER to help external libraries with their HTTPS detection.
     }
 
     // hopefully this will stop all those "clever" admins trying to set up moodle

diff --git a/lib/weblib.php b/lib/weblib.php
@@ -223,6 +223,20 @@ function qualified_me() {
     }
 }
 
+/**
+ * Determines whether or not the Moodle site is being served over HTTPS.
+ *
+ * This is done simply by checking the value of $CFG->httpswwwroot, which seems
+ * to be the only reliable method.
+ *
+ * @return boolean True if site is served over HTTPS, false otherwise.
+ */
+function is_https() {
+    global $CFG;
+
+    return (strpos($CFG->httpswwwroot, 'https://') === 0);
+}
+
 /**
  * Class for creating and manipulating urls.
  *

diff --git a/mod/feedback/item/captcha/lib.php b/mod/feedback/item/captcha/lib.php
@@ -237,7 +237,7 @@ public function print_item_complete($item, $value = '', $highlightrequire = fals
         </div>';
 
         // Check if we are using SSL.
-        if (strpos($CFG->wwwroot, 'https://') === 0) {
+        if (is_https()) {
             $ssl = true;
         } else {
             $ssl = false;

diff --git a/mod/lti/OAuth.php b/mod/lti/OAuth.php
@@ -252,7 +252,7 @@ function __construct($http_method, $http_url, $parameters = null) {
      * attempt to build up a request from what was passed to the server
      */
     public static function from_request($http_method = null, $http_url = null, $parameters = null) {
-        $scheme = (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] != "on") ? 'http' : 'https';
+        $scheme = (!is_https()) ? 'http' : 'https';
         $port = "";
         if ($_SERVER['SERVER_PORT'] != "80" && $_SERVER['SERVER_PORT'] != "443" && strpos(':', $_SERVER['HTTP_HOST']) < 0) {
             $port = ':' . $_SERVER['SERVER_PORT'];

diff --git a/portfolio/boxnet/lib.php b/portfolio/boxnet/lib.php
@@ -114,7 +114,7 @@ public static function admin_config_form(&$mform) {
         $mform->addElement('static', 'setupinfo', get_string('setupinfo', 'portfolio_boxnet'),
             get_string('setupinfodetails', 'portfolio_boxnet', $a));
 
-        if (strpos($CFG->wwwroot, 'https') !== 0) {
+        if (!is_https()) {
             $mform->addElement('static', 'warninghttps', '', get_string('warninghttps', 'portfolio_boxnet'));
         }
     }
@@ -207,7 +207,7 @@ public function instance_sanity_check() {
         global $CFG;
         if (!$this->get_config('clientid') || !$this->get_config('clientsecret')) {
             return 'missingoauthkeys';
-        } else if (strpos($CFG->wwwroot, 'https') !== 0) {
+        } else if (!is_https()) {
             return 'missinghttps';
         }
     }

diff --git a/report/security/locallib.php b/report/security/locallib.php
@@ -381,7 +381,7 @@ function report_security_check_emailchangeconfirmation($detailed=false) {
 function report_security_check_cookiesecure($detailed=false) {
     global $CFG;
 
-    if (strpos($CFG->wwwroot, 'https://') !== 0) {
+    if (!is_https()) {
         return null;
     }
 

diff --git a/repository/boxnet/lib.php b/repository/boxnet/lib.php
@@ -334,7 +334,7 @@ public static function type_config_form($mform, $classname = 'repository') {
 
         $mform->addElement('static', null, '',  get_string('information', 'repository_boxnet'));
 
-        if (strpos($CFG->wwwroot, 'https') !== 0) {
+        if (!is_https()) {
             $mform->addElement('static', null, '',  get_string('warninghttps', 'repository_boxnet'));
         }
 

diff --git a/user/profile.php b/user/profile.php
@@ -342,7 +342,7 @@
 if ($user->skype && !isset($hiddenfields['skypeid'])) {
     $imurl = 'skype:'.urlencode($user->skype).'?call';
     $iconurl = new moodle_url('http://mystatus.skype.com/smallicon/'.urlencode($user->skype));
-    if (strpos($CFG->httpswwwroot, 'https:') === 0) {
+    if (is_https()) {
         // Bad luck, skype devs are lazy to set up SSL on their servers - see MDL-37233.
         $statusicon = '';
     } else {