diff options
Diffstat (limited to 'app')
| -rw-r--r-- | app/Auth/RememberMe.php | 5 | ||||
| -rw-r--r-- | app/Core/Response.php | 2 | ||||
| -rw-r--r-- | app/Core/Session.php | 2 | ||||
| -rw-r--r-- | app/Core/Tool.php | 23 | ||||
| -rw-r--r-- | app/helpers.php | 2 |
5 files changed, 29 insertions, 5 deletions
diff --git a/app/Auth/RememberMe.php b/app/Auth/RememberMe.php index 3cf6fc86..50e0bcef 100644 --- a/app/Auth/RememberMe.php +++ b/app/Auth/RememberMe.php @@ -3,6 +3,7 @@ namespace Auth; use Core\Security; +use Core\Tool; /** * RememberMe model @@ -309,7 +310,7 @@ class RememberMe extends Base $expiration, BASE_URL_DIRECTORY, null, - ! empty($_SERVER['HTTPS']), + Tool::isHTTPS(), true ); } @@ -342,7 +343,7 @@ class RememberMe extends Base time() - 3600, BASE_URL_DIRECTORY, null, - ! empty($_SERVER['HTTPS']), + Tool::isHTTPS(), true ); } diff --git a/app/Core/Response.php b/app/Core/Response.php index 1ccf9f5e..347cdde7 100644 --- a/app/Core/Response.php +++ b/app/Core/Response.php @@ -246,7 +246,7 @@ class Response */ public function hsts() { - if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off') { + if (Tool::isHTTPS()) { header('Strict-Transport-Security: max-age=31536000'); } } diff --git a/app/Core/Session.php b/app/Core/Session.php index f072350d..4f44e8e0 100644 --- a/app/Core/Session.php +++ b/app/Core/Session.php @@ -35,7 +35,7 @@ class Session self::SESSION_LIFETIME, $base_path ?: '/', null, - ! empty($_SERVER['HTTPS']), + Tool::isHTTPS(), true ); diff --git a/app/Core/Tool.php b/app/Core/Tool.php index 85b684e2..e54a0d3b 100644 --- a/app/Core/Tool.php +++ b/app/Core/Tool.php @@ -32,6 +32,15 @@ class Tool } } + /** + * Load and register a model + * + * @static + * @access public + * @param Core\Registry $registry DPI container + * @param string $name Model name + * @return mixed + */ public static function loadModel(Registry $registry, $name) { if (! isset($registry->$name)) { @@ -41,4 +50,18 @@ class Tool return $registry->shared($name); } + + /** + * Check if the page is requested through HTTPS + * + * Note: IIS return the value 'off' and other web servers an empty value when it's not HTTPS + * + * @static + * @access public + * @return boolean + */ + public static function isHTTPS() + { + return isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== '' && $_SERVER['HTTPS'] !== 'off'; + } } diff --git a/app/helpers.php b/app/helpers.php index 0d8409c8..85a2507d 100644 --- a/app/helpers.php +++ b/app/helpers.php @@ -65,7 +65,7 @@ function markdown($text) function get_current_base_url() { - $url = isset($_SERVER['HTTPS']) ? 'https://' : 'http://'; + $url = \Core\Tool::isHTTPS() ? 'https://' : 'http://'; $url .= $_SERVER['SERVER_NAME']; $url .= $_SERVER['SERVER_PORT'] == 80 || $_SERVER['SERVER_PORT'] == 443 ? '' : ':'.$_SERVER['SERVER_PORT']; $url .= dirname($_SERVER['PHP_SELF']) !== '/' ? dirname($_SERVER['PHP_SELF']).'/' : '/'; |