From 512faec3b716e3e4ae08b293ed48b5ebeae7b1cb Mon Sep 17 00:00:00 2001
From: Per Malmberg <per.malmberg@gmail.com>
Date: Mon, 21 Dec 2015 21:13:46 +0100
Subject: [PATCH] Added logic to prevent Jacknife to break out of
 SSL-connections.

---
 index.php  |  9 ++++++++-
 manage.php | 10 +++++++++-
 2 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/index.php b/index.php
index bfb806d..dcc37d3 100644
--- a/index.php
+++ b/index.php
@@ -25,7 +25,14 @@
 ini_set("zlib.output_compression", "On");
 ini_set("zlib.output_compression", 4096);
 
-define("SELF_URL", "http://" . $_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF']."?");
+if( isset( $_SERVER['HTTPS'] ) ) {
+	define("URL_SCHEME", "https" );
+}
+else {
+	define("URL_SCHEME", "http" );
+}
+
+define("SELF_URL", URL_SCHEME."://" . $_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF']."?");
 define("AUDIT_PHP", true);
 
 $cookielogin = false;
diff --git a/manage.php b/manage.php
index 41a473f..452776c 100644
--- a/manage.php
+++ b/manage.php
@@ -24,7 +24,15 @@
 // ****************************************************************************
 // acount management
 define("MANAGE_PHP", true);
-define("SELF_URL", "http://" . $_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF']."?");
+
+if( isset( $_SERVER['HTTPS'] ) ) {
+	define("URL_SCHEME", "https" );
+}
+else {
+	define("URL_SCHEME", "http" );
+}
+
+define("SELF_URL", URL_SCHEME."://" . $_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF']."?");
 
 require_once("eve.php");
 require_once("audit.funcs.php");