for reporting these issues. [CVE-2007-1262]
- Fix busy loop and notice when two literals in IMAP fetch (#1739433).
- Resolved issue with compose session not being updated after send/safe.
+ - Added ability to detect HTTP_X_FORWARDED_PROTO in get_location(),
+ thanks to Daniel Watts
Version 1.5.1 (branched on 2006-02-12)
--------------------------------------
/*
* If you have 'SSLOptions +StdEnvVars' in your apache config
* OR if you have HTTPS=on in your HTTP_SERVER_VARS
+ * OR if you have HTTP_X_FORWARDED_PROTO=https in your HTTP_SERVER_VARS
* OR if you are on port 443
*/
$getEnvVar = getenv('HTTPS');
+ if (!sqgetGlobalVar('HTTP_X_FORWARDED_PROTO', $forwarded_proto, SQ_SERVER))
+ $forwarded_proto = '';
if ((isset($getEnvVar) && strcasecmp($getEnvVar, 'on') === 0) ||
(sqgetGlobalVar('HTTPS', $https_on, SQ_SERVER) && strcasecmp($https_on, 'on') === 0) ||
+ (strcasecmp($forwarded_proto, 'https') === 0) ||
(sqgetGlobalVar('SERVER_PORT', $server_port, SQ_SERVER) && $server_port == 443)) {
$proto = 'https://';
}
if (! strstr($host, ':')) {
if (sqgetGlobalVar('SERVER_PORT', $server_port, SQ_SERVER)) {
if (($server_port != 80 && $proto == 'http://') ||
- ($server_port != 443 && $proto == 'https://')) {
+ ($server_port != 443 && $proto == 'https://' &&
+ $forwarded_proto != 'https')) {
$port = sprintf(':%d', $server_port);
}
}
projects / squirrelmail.git / commitdiff