From a10c8e17bbd1eb75aed1bb74523449f81ee393a2 Mon Sep 17 00:00:00 2001
From: Andrey Andreev <narf@bofh.bg>
Date: Wed, 29 Feb 2012 18:56:12 +0200
Subject: Add strtolower to the HTTPS check

---
 system/core/Security.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'system')

diff --git a/system/core/Security.php b/system/core/Security.php
index 688aeba33..6f25fb5bb 100755
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -191,7 +191,7 @@ class CI_Security {
 		$expire = time() + $this->_csrf_expire;
 		$secure_cookie = (bool) config_item('cookie_secure');
 
-		if ($secure_cookie && (empty($_SERVER['HTTPS']) OR $_SERVER['HTTPS'] === 'off'))
+		if ($secure_cookie && (empty($_SERVER['HTTPS']) OR strtolower($_SERVER['HTTPS']) === 'off'))
 		{
 			return FALSE;
 		}
-- 
cgit v1.2.3-24-g4f1b