Mercurial > hg > fapweb

changeset 365:2e0a0d93b8c1

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Sanitize secure pages scheme.
author Matti Hamalainen <ccr@tnsp.org>
date Tue, 03 Dec 2013 13:13:23 +0200
parents 975938f83e59
children 9b266dcd1064
files index.php msitegen.inc.php
diffstat 2 files changed, 5 insertions(+), 7 deletions(-) [+]
line wrap: on
line diff
--- a/index.php	Tue Dec 03 12:36:58 2013 +0200
+++ b/index.php	Tue Dec 03 13:13:23 2013 +0200
@@ -11,8 +11,8 @@
 cmLocaleInit();
 
 // Switch to https first, if needed
-if (!stCheckHTTPS() && isset($_SERVER["REQUEST_URI"]) &&
-  array_key_exists($_SERVER["REQUEST_URI"], $securePages))
+$isSecurePage = isset($_GET["page"]) && array_key_exists($_GET["page"], $securePages);
+if (!stCheckHTTPS() && $isSecurePage)
 {
   header("Location: https://".$_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"]);
   exit;
@@ -20,13 +20,13 @@
 
 
 // Check for cache-controlled pages
-if (isset($_SERVER["REQUEST_URI"]) &&
-  array_key_exists($_SERVER["REQUEST_URI"], $securePages))
+$noCache = $isSecurePage && $securePages[$_GET["page"]];
+if ($noCache)
   stSetupCacheControl();
 
 // Start output
 cmPrintPageHeader($pageTitle,
-  "  <meta http-equiv=\"Pragma\" content=\"no-cache\" />\n".
+  ($noCache ? "  <meta http-equiv=\"Pragma\" content=\"no-cache\" />\n" : "").
   "  <meta name=\"viewport\" content=\"width=device-width\" />\n");
 
 // Initiate SQL database connection
--- a/msitegen.inc.php	Tue Dec 03 12:36:58 2013 +0200
+++ b/msitegen.inc.php	Tue Dec 03 13:13:23 2013 +0200
@@ -633,8 +633,6 @@
 
   if (isset($pageUrchin))
     require_once $pageUrchin;
-  else
-    require_once "urchin.inc.php";
 
   echo "<div id=\"messageBox\"></div>\n";