ZF-4318: Action_Helper_Redirector: Non-SSL handling

Issue Type:
Bug
Created:
2008-09-17T06:55:25.000+0000
Last Updated:
2008-11-13T14:10:14.000+0000
Status:
Resolved
Fix version(s):
  • 1.7.0 (17/Nov/08)
Reporter:
Wolfgang Gruber (arcolf)
Assignee:
Benjamin Eberlei (beberlei)
Tags:
  • Zend_Controller
Related issues:
Attachments:

Description

Although the variable $_SERVER['HTTPS'] should be empty when it isn't a HTTPS request, a few webserver set the value to 'off'. The PHP reference manual ([http://at.php.net/manual/en/…]) mentions IIS and I encountered the problem with Abyss webserver. If the value is set to 'off', Action_Helper_Redirector redirects the request to https which is wrong. Therefore the Action_Helper_Redirector should be changed in function *_redirect($url)* from


$proto = (empty($_SERVER['HTTPS'])) ? 'http' : 'https';

to


$proto = ((empty($_SERVER['HTTPS'])) || (strcasecmp($_SERVER['HTTPS'],'off') == 0)) ? 'http' : 'https';

Comments

Posted by Benjamin Eberlei (beberlei) on 2008-11-07T23:55:24.000+0000

Fixed in r12413

Posted by Wil Sinclair (wil) on 2008-11-13T14:10:14.000+0000

Changing issues in preparation for the 1.7.0 release.