From 69f52123bb71d089e81c8e5427806450c201a35c Mon Sep 17 00:00:00 2001
From: =?utf8?q?Gerg=C5=91=20Tisza?= <gtisza@wikimedia.org>
Date: Thu, 26 May 2016 18:04:02 +0000
Subject: [PATCH] Do not redirect to HTTPS when it's not supported

Most URL generation happens via wfExpandUrl, which honors $wgServer
(or whatever setting it is told to use): if it has an explicit
protcol, that is always used; if it is a protocol-relative URL,
the protocol is selected based on the parameters given to wfExpandUrl.

One exception is MediaWiki::main() which always uses HTTPS if the
relevant cookie or user option is set, even if the wiki does not
support it. That can lead to annoying problems on Vagrant where it
is not unusual to turn HTTPS support on and off: when that happens,
the user can get locked out of the account.

Change-Id: I06982a26cd808f2aaa26753cd3353ed82473d9e0
---
 includes/MediaWiki.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/includes/MediaWiki.php b/includes/MediaWiki.php
index ff469e4e39..8f93778e23 100644
--- a/includes/MediaWiki.php
+++ b/includes/MediaWiki.php
@@ -680,6 +680,8 @@ class MediaWiki {
 		// isLoggedIn() will do all sorts of weird stuff.
 		if (
 			$request->getProtocol() == 'http' &&
+			// switch to HTTPS only when supported by the server
+			preg_match( '#^https://#', wfExpandUrl( $request->getRequestURL(), PROTO_HTTPS ) ) &&
 			(
 				$request->getSession()->shouldForceHTTPS() ||
 				// Check the cookie manually, for paranoia
-- 
2.20.1