Merge pull request #8 from PerMalmberg/master

Added logic to prevent Jacknife breaking out of SSL-connections.
whinis · Dec 21, 2015 · 213db9b · 213db9b · PerMalmberg · Dec 21, 2015
2 parents c2ff4d5 + 512faec
commit 213db9b
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 2 deletions.
diff --git a/index.php b/index.php
@@ -25,7 +25,14 @@
 ini_set("zlib.output_compression", "On");
 ini_set("zlib.output_compression", 4096);
 
-define("SELF_URL", "http://" . $_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF']."?");
+if( isset( $_SERVER['HTTPS'] ) ) {
+	define("URL_SCHEME", "https" );
+}
+else {
+	define("URL_SCHEME", "http" );
+}
+
+define("SELF_URL", URL_SCHEME."://" . $_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF']."?");
 define("AUDIT_PHP", true);
 
 $cookielogin = false;

diff --git a/manage.php b/manage.php
@@ -24,7 +24,15 @@
 // ****************************************************************************
 // acount management
 define("MANAGE_PHP", true);
-define("SELF_URL", "http://" . $_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF']."?");
+
+if( isset( $_SERVER['HTTPS'] ) ) {
+	define("URL_SCHEME", "https" );
+}
+else {
+	define("URL_SCHEME", "http" );
+}
+
+define("SELF_URL", URL_SCHEME."://" . $_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF']."?");
 
 require_once("eve.php");
 require_once("audit.funcs.php");