From 3fb026713013b60845c4cfe633a8a59a30b9c7dd Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Mon, 22 Oct 2012 16:48:01 +0300 Subject: Add is_https() as a common function --- system/core/Common.php | 18 +++++++++++++++ system/core/Config.php | 2 +- system/core/Security.php | 2 +- user_guide_src/source/changelog.rst | 3 ++- user_guide_src/source/general/common_functions.rst | 26 +++++++++++++--------- 5 files changed, 38 insertions(+), 13 deletions(-) diff --git a/system/core/Common.php b/system/core/Common.php index 341402c6b..2dd31d3e9 100644 --- a/system/core/Common.php +++ b/system/core/Common.php @@ -330,6 +330,24 @@ if ( ! function_exists('get_mimes')) // ------------------------------------------------------------------------ +if ( ! function_exists('is_https')) +{ + /** + * Is HTTPS? + * + * Determines if the application is accessed via an encrypted + * (HTTPS) connection. + * + * @return bool + */ + function is_https() + { + return ( ! empty($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) !== 'off'); + } +} + +// ------------------------------------------------------------------------ + if ( ! function_exists('show_error')) { /** diff --git a/system/core/Config.php b/system/core/Config.php index 8e4f998ef..e78128c76 100644 --- a/system/core/Config.php +++ b/system/core/Config.php @@ -75,7 +75,7 @@ class CI_Config { { if (isset($_SERVER['HTTP_HOST'])) { - $base_url = ( ! empty($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) !== 'off') ? 'https' : 'http'; + $base_url = is_https() ? 'https' : 'http'; $base_url .= '://'.$_SERVER['HTTP_HOST'] .str_replace(basename($_SERVER['SCRIPT_NAME']), '', $_SERVER['SCRIPT_NAME']); } diff --git a/system/core/Security.php b/system/core/Security.php index b22d2cf19..2fbc5b34c 100644 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -198,7 +198,7 @@ class CI_Security { $expire = time() + $this->_csrf_expire; $secure_cookie = (bool) config_item('cookie_secure'); - if ($secure_cookie && (empty($_SERVER['HTTPS']) OR strtolower($_SERVER['HTTPS']) === 'off')) + if ($secure_cookie && ! is_https()) { return FALSE; } diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 6d2b0d161..d3f91de01 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -233,10 +233,11 @@ Release Date: Not Released - Modified ``valid_ip()`` to use PHP's ``filter_var()``. - Added support for arrays and network addresses (e.g. 192.168.1.1/24) for use with the *proxy_ips* setting. - :doc:`Common functions ` changes include: - - Added ``get_mimes()`` function to return the *config/mimes.php* array. + - Added function ``get_mimes()`` to return the *config/mimes.php* array. - Added support for HTTP code 303 ("See Other") in ``set_status_header()``. - Removed redundant conditional to determine HTTP server protocol in ``set_status_header()``. - Changed ``_exception_handler()`` to respect php.ini *display_errors* setting. + - Added function ``is_https()`` to check if a secure connection is used. - Added support for HTTP-Only cookies with new config option *cookie_httponly* (default FALSE). - Renamed method ``_call_hook()`` to ``call_hook()`` in the :doc:`Hooks Library `. - :doc:`Output Library ` changes include: diff --git a/user_guide_src/source/general/common_functions.rst b/user_guide_src/source/general/common_functions.rst index 99126f900..f3d48ac91 100644 --- a/user_guide_src/source/general/common_functions.rst +++ b/user_guide_src/source/general/common_functions.rst @@ -7,7 +7,7 @@ defined, and are available to you at any point. These do not require loading any libraries or helpers. is_php('version_number') -========================== +======================== is_php() determines of the PHP version being used is greater than the supplied version_number. @@ -24,7 +24,7 @@ greater than the supplied version number. Returns FALSE if the installed version of PHP is lower than the supplied version number. is_really_writable('path/to/file') -==================================== +================================== is_writable() returns TRUE on Windows servers when you really can't write to the file as the OS reports to PHP as FALSE only if the @@ -44,7 +44,7 @@ recommended on platforms where this information may be unreliable. } config_item('item_key') -========================= +======================= The :doc:`Config library <../libraries/config>` is the preferred way of accessing configuration information, however config_item() can be used @@ -56,8 +56,8 @@ show_error('message'), show_404('page'), log_message('level', 'message') These are each outlined on the :doc:`Error Handling ` page. -set_status_header(code, 'text'); -================================ +set_status_header(code, 'text') +=============================== Permits you to manually set a server status header. Example:: @@ -68,19 +68,25 @@ Permits you to manually set a server status header. Example:: a full list of headers. remove_invisible_characters($str) -=================================== +================================= This function prevents inserting null characters between ascii characters, like Java\\0script. html_escape($mixed) -==================== +=================== -This function provides short cut for htmlspecialchars() function. It +This function provides short cut for ``htmlspecialchars()`` function. It accepts string and array. To prevent Cross Site Scripting (XSS), it is very useful. get_mimes() -============= +=========== -This function returns the MIMEs array from config/mimes.php. \ No newline at end of file +This function returns the MIMEs array *from config/mimes.php*. + +is_https() +========== + +Returns TRUE if a secure (HTTPS) connection is used and FALSE +in any other case (including non-HTTP requests). \ No newline at end of file -- cgit v1.2.3-24-g4f1b