[TASK] Properly check for HTTPS 64/55764/2
authorAlexander Opitz <opitz.alexander@googlemail.com>
Fri, 16 Feb 2018 09:08:07 +0000 (10:08 +0100)
committerChristian Kuhn <lolli@schwarzbu.ch>
Sat, 17 Feb 2018 09:03:36 +0000 (10:03 +0100)
Take into account empty and "off" values for the HTTPS request variable
to support ISAPI with IIS.

Resolves: #81837
Releases: master, 8.7
Change-Id: I5937c506d3e36a2009a8da6e66724728654b4001
Reviewed-on: https://review.typo3.org/55764
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
typo3/sysext/core/Classes/Utility/GeneralUtility.php

index 23dddae..6134e6b 100644 (file)
@@ -3029,7 +3029,10 @@ class GeneralUtility
                 if (self::cmpIP($_SERVER['REMOTE_ADDR'], $proxySSL)) {
                     $retVal = true;
                 } else {
-                    $retVal = $_SERVER['SSL_SESSION_ID'] || strtolower($_SERVER['HTTPS']) === 'on' || (string)$_SERVER['HTTPS'] === '1';
+                    // https://secure.php.net/manual/en/reserved.variables.server.php
+                    // "Set to a non-empty value if the script was queried through the HTTPS protocol."
+                    $retVal = $_SERVER['SSL_SESSION_ID']
+                        || (!empty($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) !== 'off');
                 }
                 break;
             case '_ARRAY':