php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #55403 $_SERVER['HTTPS'] should be undefined on unsecure connection
Submitted: 2011-08-11 17:19 UTC Modified: 2011-08-18 19:13 UTC
From: thetaphi@php.net Assigned: thetaphi (profile)
Status: Closed Package: iPlanet related
PHP Version: Irrelevant OS:
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: thetaphi@php.net
New email:
PHP Version: OS:

 

 [2011-08-11 17:19 UTC] thetaphi@php.net
Description:
------------
All other SAPIs (Apache, too, of course) only set the $_SERVER['HTTPS'] variable 
to "ON", if a secure connection is availab.e The key is undefined otherwise. NSAPI 
on the other hand defines $_SERVER['HTTPS']='OFF' in this case. This breaks apps 
that just do an isset() test (Drupal,...).


Patches

PatchForTrunk.patch (last revision 2011-08-11 17:21 UTC by thetaphi@php.net)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-08-11 17:21 UTC] thetaphi@php.net
The following patch has been added/updated:

Patch Name: PatchForTrunk.patch
Revision:   1313083309
URL:        https://bugs.php.net/patch-display.php?bug=55403&patch=PatchForTrunk.patch&revision=1313083309
 [2011-08-11 17:24 UTC] thetaphi@php.net
I will commit this patch to trunk and 5.4, also after 5.3.7 is released, I will 
merge there, too.
 [2011-08-11 17:36 UTC] thetaphi@php.net
-Assigned To: +Assigned To: thetaphi
 [2011-08-11 20:25 UTC] thetaphi@php.net
Automatic comment from SVN on behalf of thetaphi
Revision: http://svn.php.net/viewvc/?view=revision&revision=314799
Log: Bug #55403: Don't set $_SERVER['HTTPS'] on unsecure connection
 [2011-08-11 20:26 UTC] thetaphi@php.net
I will keep this open until committing to 5.3 is possible again.
 [2011-08-18 19:12 UTC] thetaphi@php.net
Automatic comment from SVN on behalf of thetaphi
Revision: http://svn.php.net/viewvc/?view=revision&revision=315149
Log: Bug #55403: Don't set $_SERVER['HTTPS'] on unsecure connection
 [2011-08-18 19:13 UTC] thetaphi@php.net
-Status: Assigned +Status: Closed
 [2011-08-18 19:13 UTC] thetaphi@php.net
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.

Committed to 5.3.8 branch, 5.4, trunk
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Nov 21 11:01:29 2024 UTC