X-Git-Url: https://git.heureux-cyclage.org/?a=blobdiff_plain;f=includes%2Fapi%2FApiMain.php;h=458fd18ffa5ec60e187a1db548ed27dc192b8075;hb=240f789c892694cc92c896b87c98458581494149;hp=ef9f901ec870693d461ac39379f4154ca8379164;hpb=174f34a86de3162bc673fd3bc6bed815cccf0edc;p=lhc%2Fweb%2Fwiklou.git

diff --git a/includes/api/ApiMain.php b/includes/api/ApiMain.php
index ef9f901ec8..458fd18ffa 100644
--- a/includes/api/ApiMain.php
+++ b/includes/api/ApiMain.php
@@ -769,7 +769,7 @@ class ApiMain extends ApiBase {
 					return;
 				}
 				// Logged out, send normal public headers below
-			} elseif ( session_id() != '' ) {
+			} elseif ( MediaWiki\Session\SessionManager::getGlobalSession()->isPersistent() ) {
 				// Logged in or otherwise has session (e.g. anonymous users who have edited)
 				// Mark request private
 				$response->header( "Cache-Control: $privateCache" );
@@ -1231,7 +1231,8 @@ class ApiMain extends ApiBase {
 	 * @param array $params An array with the request parameters
 	 */
 	protected function setupExternalResponse( $module, $params ) {
-		if ( !$this->getRequest()->wasPosted() && $module->mustBePosted() ) {
+		$request = $this->getRequest();
+		if ( !$request->wasPosted() && $module->mustBePosted() ) {
 			// Module requires POST. GET request might still be allowed
 			// if $wgDebugApi is true, otherwise fail.
 			$this->dieUsageMsgOrDebug( array( 'mustbeposted', $this->mAction ) );
@@ -1243,6 +1244,15 @@ class ApiMain extends ApiBase {
 			// Create an appropriate printer
 			$this->mPrinter = $this->createPrinterByName( $params['format'] );
 		}
+
+		if ( $request->getProtocol() === 'http' && (
+			$request->getSession()->shouldForceHTTPS() ||
+			( $this->getUser()->isLoggedIn() &&
+				$this->getUser()->requiresHTTPS() )
+		) ) {
+			$this->logFeatureUsage( 'https-expected' );
+			$this->setWarning( 'HTTP used when HTTPS was expected' );
+		}
 	}
 
 	/**