# HG changeset patch
# User Matti Hamalainen <ccr@tnsp.org>
# Date 1386069203 -7200
# Node ID 2e0a0d93b8c1a01895c249c4a3bf53099c913476
# Parent  975938f83e594be64816381f066c3d8c3baa533e
Sanitize secure pages scheme.

diff -r 975938f83e59 -r 2e0a0d93b8c1 index.php
--- a/index.php	Tue Dec 03 12:36:58 2013 +0200
+++ b/index.php	Tue Dec 03 13:13:23 2013 +0200
@@ -11,8 +11,8 @@
 cmLocaleInit();
 
 // Switch to https first, if needed
-if (!stCheckHTTPS() && isset($_SERVER["REQUEST_URI"]) &&
-  array_key_exists($_SERVER["REQUEST_URI"], $securePages))
+$isSecurePage = isset($_GET["page"]) && array_key_exists($_GET["page"], $securePages);
+if (!stCheckHTTPS() && $isSecurePage)
 {
   header("Location: https://".$_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"]);
   exit;
@@ -20,13 +20,13 @@
 
 
 // Check for cache-controlled pages
-if (isset($_SERVER["REQUEST_URI"]) &&
-  array_key_exists($_SERVER["REQUEST_URI"], $securePages))
+$noCache = $isSecurePage && $securePages[$_GET["page"]];
+if ($noCache)
   stSetupCacheControl();
 
 // Start output
 cmPrintPageHeader($pageTitle,
-  "  <meta http-equiv=\"Pragma\" content=\"no-cache\" />\n".
+  ($noCache ? "  <meta http-equiv=\"Pragma\" content=\"no-cache\" />\n" : "").
   "  <meta name=\"viewport\" content=\"width=device-width\" />\n");
 
 // Initiate SQL database connection
diff -r 975938f83e59 -r 2e0a0d93b8c1 msitegen.inc.php
--- a/msitegen.inc.php	Tue Dec 03 12:36:58 2013 +0200
+++ b/msitegen.inc.php	Tue Dec 03 13:13:23 2013 +0200
@@ -633,8 +633,6 @@
 
   if (isset($pageUrchin))
     require_once $pageUrchin;
-  else
-    require_once "urchin.inc.php";
 
   echo "<div id=\"messageBox\"></div>\n";