Mercurial > hg > fapweb
changeset 365:2e0a0d93b8c1
Sanitize secure pages scheme.
author | Matti Hamalainen <ccr@tnsp.org> |
---|---|
date | Tue, 03 Dec 2013 13:13:23 +0200 |
parents | 975938f83e59 |
children | 9b266dcd1064 |
files | index.php msitegen.inc.php |
diffstat | 2 files changed, 5 insertions(+), 7 deletions(-) [+] |
line wrap: on
line diff
--- a/index.php Tue Dec 03 12:36:58 2013 +0200 +++ b/index.php Tue Dec 03 13:13:23 2013 +0200 @@ -11,8 +11,8 @@ cmLocaleInit(); // Switch to https first, if needed -if (!stCheckHTTPS() && isset($_SERVER["REQUEST_URI"]) && - array_key_exists($_SERVER["REQUEST_URI"], $securePages)) +$isSecurePage = isset($_GET["page"]) && array_key_exists($_GET["page"], $securePages); +if (!stCheckHTTPS() && $isSecurePage) { header("Location: https://".$_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"]); exit; @@ -20,13 +20,13 @@ // Check for cache-controlled pages -if (isset($_SERVER["REQUEST_URI"]) && - array_key_exists($_SERVER["REQUEST_URI"], $securePages)) +$noCache = $isSecurePage && $securePages[$_GET["page"]]; +if ($noCache) stSetupCacheControl(); // Start output cmPrintPageHeader($pageTitle, - " <meta http-equiv=\"Pragma\" content=\"no-cache\" />\n". + ($noCache ? " <meta http-equiv=\"Pragma\" content=\"no-cache\" />\n" : ""). " <meta name=\"viewport\" content=\"width=device-width\" />\n"); // Initiate SQL database connection