return;
}
// Logged out, send normal public headers below
- } elseif ( session_id() != '' ) {
+ } elseif ( MediaWiki\Session\SessionManager::getGlobalSession()->isPersistent() ) {
// Logged in or otherwise has session (e.g. anonymous users who have edited)
// Mark request private
$response->header( "Cache-Control: $privateCache" );
* @param array $params An array with the request parameters
*/
protected function setupExternalResponse( $module, $params ) {
- if ( !$this->getRequest()->wasPosted() && $module->mustBePosted() ) {
+ $request = $this->getRequest();
+ if ( !$request->wasPosted() && $module->mustBePosted() ) {
// Module requires POST. GET request might still be allowed
// if $wgDebugApi is true, otherwise fail.
$this->dieUsageMsgOrDebug( array( 'mustbeposted', $this->mAction ) );
// Create an appropriate printer
$this->mPrinter = $this->createPrinterByName( $params['format'] );
}
+
+ if ( $request->getProtocol() === 'http' && (
+ $request->getSession()->shouldForceHTTPS() ||
+ ( $this->getUser()->isLoggedIn() &&
+ $this->getUser()->requiresHTTPS() )
+ ) ) {
+ $this->logFeatureUsage( 'https-expected' );
+ $this->setWarning( 'HTTP used when HTTPS was expected' );
+ }
}
/**
dépôts / lhc / web / wiklou.git / blobdiff