ZF-11783: Zend_Amf_Response_Http emits notice when $_SERVER['HTTPS'] not defined

Description

Just upgraded from Zend AMF 1.11.10 to 1.11.11 and tried running my Flex application. It failed and the following error was generated:

Undefined index: HTTPS

0 include() called at [/RCMS/Kernel/Bootstrap.php:16]

1 errorHandler(8, Undefined index: HTTPS, /Zend/Amf/Response/Http.php, 59, Array()) called at [/Zend/Amf/Response/Http.php:59]

2 Zend_Amf_Response_Http->isIeOverSsl() called at [/Zend/Amf/Response/Http.php:44]

3 Zend_Amf_Response_Http->getResponse() called at [/Zend/Amf/Response.php:147]

4 Zend_Amf_Response->__toString() called at [/DesktopAMF.php:58]

========

Line 59 of Http.php reads:

$ssl = $_SERVER['HTTPS'];

Changing it to the following code resolves the issue:

$ssl = isset($_SERVER['HTTPS']);

Comments

Fixed in trunk r24523 r24524. Merged to release-1.11 in r24525.

I think it would be better to check it like this:


$ssl = false;
if ( isset($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] == 'on' || $_SERVER['HTTPS'] == 1)
  || isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') {
    $ssl = true;
}

There has been discussion about HTTP_X_FORWARDED_PROTO in the past (see ZF-5012) and it was agreed then that we shouldn't rely on it.