Merge "Reject authentication data change when there are warnings"

[lhc/web/wiklou.git] / includes / MediaWiki.php

diff --git a/includes/MediaWiki.php b/includes/MediaWiki.php
index 55f9e9e..ee03f02 100644 (file)
--- a/includes/MediaWiki.php
+++ b/includes/MediaWiki.php
@@ -680,6 +680,8 @@ class MediaWiki {
                // isLoggedIn() will do all sorts of weird stuff.
                if (
                        $request->getProtocol() == 'http' &&
+                       // switch to HTTPS only when supported by the server
+                       preg_match( '#^https://#', wfExpandUrl( $request->getRequestURL(), PROTO_HTTPS ) ) &&
                        (
                                $request->getSession()->shouldForceHTTPS() ||
                                // Check the cookie manually, for paranoia