00527: Automatically detect https: server
Description:
Currently PmWiki's preamble that sets $ScriptUrl
hardcodes response to be 'http:'. For sites that choose to run the wiki over a secure connection, PmWiki should instead be using 'https:'.
A wiki administrator can always explicitly set the value of $ScriptUrl
to be the correct one, but for someone installing PmWiki on an SSL-based server they may not be aware of the need to explicitly set $ScriptUrl
, and some operations will fail as a result.
We can either have PmWiki try to automatically determine when it's running via SSL (although it could guess incorrectly), or perhaps we should add a note to sample-config.php (which could confuse people doing first-time installations).
Ideas?
See also PITS:00526 for a related issue.
- If it might not be success in some cases then enable by default please, else sample-config.php V Krishn
I'm doing something like this in one of our PHP applications:
$auto_base_url = 'http'; if(isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS'])=='on') { $auto_base_url='https'; }
I was not notified of any problems with this yet, but ymmv - perhaps our users just don't use https :). But if it doesn't work, people could still set the variables directly. Balu
I've changed the appropriate code in pmwiki.php (line 71) to
$ScriptUrl
= ((isset($_SERVER['HTTPS'])) ? 'https' : 'http').'://'.$_SERVER['HTTP_HOST'].$_SERVER['SCRIPT_NAME'];
This works like a charm - so maybe you could apply some of these code to the code repository and add it to the next release.
Delete my own posting, cause relative addressing is already discussed in PITS:00526
The snippet from Balu is more correct, because when php runs on IIS (Windows) $_SERVER['HTTPS']
is always set, with a value of 'off'
if the browser requested a http: connection.
Angelo