Fix HTTPS protocol detection

According to PHP documentation:
http://www.php.net/manual/en/reserved.variables.server.php
The $_SERVER['HTTPS'] is set to a non-empty value if the script was queried
through the HTTPS protocol. There is also note that for ISAPI with IIS, the
value is set to 'off' if the request was not made through the HTTPS protocol.

To follow the PHP documentation the $_SERVER['HTTPS'] == 'on' doesn't seem
to be the correct way how to detect the HTTPS protocol (there maybe e.g. '1'
instead of 'on').

Bug: 46511
Change-Id: I5675fed9b7d54711b96b25702181112ef3692f3c

diff --git a/includes/WebRequest.php b/includes/WebRequest.php
index e931f28..f86a454 100644 (file)
--- a/includes/WebRequest.php
+++ b/includes/WebRequest.php
@@ -207,9 +207,9 @@ class WebRequest {
         * @return array
         */
        public static function detectProtocol() {
-               if ( ( isset( $_SERVER['HTTPS'] ) && $_SERVER['HTTPS'] == 'on' ) ||
+               if ( ( !empty( $_SERVER['HTTPS'] ) && $_SERVER['HTTPS'] !== 'off' ) ||
                        ( isset( $_SERVER['HTTP_X_FORWARDED_PROTO'] ) &&
-                       $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https' ) ) {
+                       $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https' ) ) {
                        return 'https';
                } else {
                        return 'http';