From 06076b6fe06fefbf598755bff79ac6e225fc1445 Mon Sep 17 00:00:00 2001 From: Benjamin Sonntag Date: Wed, 18 May 2016 15:04:19 +0200 Subject: [PATCH] moving https check down to AFTER hook/err initialization --- bureau/class/config.php | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/bureau/class/config.php b/bureau/class/config.php index db7c7cec..96246879 100644 --- a/bureau/class/config.php +++ b/bureau/class/config.php @@ -133,16 +133,6 @@ class DB_system extends DB_Sql { $db = new DB_system(); // $db = new Sql($L_MYSQL_DATABASE, $L_MYSQL_HOST, $L_MYSQL_LOGIN, $L_MYSQL_PWD); -// https: Redirection if not calling https://!fqdn or if https is forced -if ((variable_get('force_https', '0', "This variable is set to 0 (default) if users can access the management desktop through HTTP, otherwise we force HTTPS")&&(!isset($_SERVER["HTTPS"])|| ($_SERVER["HTTPS"] != "on"))) - ||(isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on" && $host != $L_FQDN)) { - // do not redirect if access is not by HTTP(s) - if (isset($_SERVER['REQUEST_URI'])) { - header("Location: https://$L_FQDN".$_SERVER['REQUEST_URI']); - exit; - } -} - // Current User ID = the user whose commands are made on behalf of. $cuid = 0; @@ -177,6 +167,17 @@ $err = new m_err(); $authip = new m_authip(); $hooks = new m_hooks(); + +// https: Redirection if not calling https://!fqdn or if https is forced +if ((variable_get('force_https', '0', "This variable is set to 0 (default) if users can access the management desktop through HTTP, otherwise we force HTTPS")&&(!isset($_SERVER["HTTPS"])|| ($_SERVER["HTTPS"] != "on"))) + ||(isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on" && $host != $L_FQDN)) { + // do not redirect if access is not by HTTP(s) + if (isset($_SERVER['REQUEST_URI'])) { + header("Location: https://$L_FQDN".$_SERVER['REQUEST_URI']); + exit; + } +} + /* Check the User identity (if required) */ if (!defined('NOCHECK')) { if (!$mem->checkid()) {