]> git.wh0rd.org Git - tt-rss.git/commitdiff
add sanity check for SELF_URL_PATH going to http url if server is accessed over https
authorAndrew Dolgov <noreply@fakecake.org>
Fri, 5 May 2017 07:16:54 +0000 (10:16 +0300)
committerAndrew Dolgov <noreply@fakecake.org>
Fri, 5 May 2017 07:16:54 +0000 (10:16 +0300)
include/sanity_check.php

index 3b3e281ec7932c07f16630df73f8c52d51a41ff3..12cc5579df02316f2b72db48de4aac9d36c7553f 100755 (executable)
                        if (!class_exists("DOMDocument")) {
                                array_push($errors, "PHP support for DOMDocument is required, but was not found.");
                        }
+
+                       $self_scheme = parse_url(SELF_URL_PATH, PHP_URL_SCHEME);
+
+                       if ($_SERVER['HTTPS'] && $self_scheme == 'http') {
+                               array_push($errors, "You are accessing tt-rss over SSL but SELF_URL_PATH in config.php refers to a http:// URL.");
+                       }
                }
 
                if (count($errors) > 0 && $_SERVER['REQUEST_URI']) { ?>