Issue #1960344 by ParisLiakos, kid_icarus: Replace $is_https() global with Request::isSecure().

2784f488 · alexpott · 620d4979 · 2784f488 · 2784f488 · 2784f488
Commit 2784f488 authored Apr 30, 2013 by alexpott
--- a/core/includes/authorize.inc
+++ b/core/includes/authorize.inc
@@ -15,7 +15,7 @@
 * @ingroup forms
 */
 function authorize_filetransfer_form($form, &$form_state) {
-  global $base_url, $is_https;
+  global $base_url;
  $form = array();

  // If possible, we want to post this form securely via HTTPS.
@@ -28,7 +28,7 @@ function authorize_filetransfer_form($form, &$form_state) {
  }
  $available_backends = $_SESSION['authorize_filetransfer_info'];

-  if (!$is_https) {
+  if (!Drupal::request()->isSecure()) {
    $form['information']['https_warning'] = array(
      '#prefix' => '<div class="messages error">',
      '#markup' => t('WARNING: You are not using an encrypted connection, so your password will be sent in plain text. <a href="@https-link">Learn more</a>.', array('@https-link' => 'http://drupal.org/https-information')),

--- a/core/includes/bootstrap.inc
+++ b/core/includes/bootstrap.inc
@@ -733,7 +733,7 @@ function drupal_settings_initialize() {
  global $base_url, $base_path, $base_root, $script_path;

  // Export these settings.php variables to the global namespace.
-  global $databases, $cookie_domain, $conf, $db_prefix, $drupal_hash_salt, $is_https, $base_secure_url, $base_insecure_url, $config_directories;
+  global $databases, $cookie_domain, $conf, $db_prefix, $drupal_hash_salt, $base_secure_url, $base_insecure_url, $config_directories;
  $conf = array();

  // Make conf_path() available as local variable in settings.php.

--- a/core/includes/session.inc
+++ b/core/includes/session.inc
@@ -68,7 +68,7 @@ function _drupal_session_close() {
 *   The user's session, or an empty string if no session exists.
 */
 function _drupal_session_read($sid) {
-  global $user, $is_https;
+  global $user;

  // Write and Close handlers are called after destructing objects
  // since PHP 5.0.5.
@@ -88,7 +88,7 @@ function _drupal_session_read($sid) {
  // client's session in the database. If it's HTTPS then we are either have
  // a HTTPS session or we are about to log in so we check the sessions table
  // for an anonymous session with the non-HTTPS-only cookie.
-  if ($is_https) {
+  if (Drupal::request()->isSecure()) {
    $user = db_query("SELECT u.*, s.* FROM {users} u INNER JOIN {sessions} s ON u.uid = s.uid WHERE s.ssid = :ssid", array(':ssid' => $sid))->fetchObject();
    if (!$user) {
      if (isset($_COOKIE[$insecure_session_name])) {
@@ -153,7 +153,7 @@ function _drupal_session_read($sid) {
 *   Always returns TRUE.
 */
 function _drupal_session_write($sid, $value) {
-  global $user, $is_https;
+  global $user;

  // The exception handler is not active at this point, so we need to do it
  // manually.
@@ -183,7 +183,7 @@ function _drupal_session_write($sid, $value) {
      // default.
      $key = array('sid' => $sid, 'ssid' => '');
      // On HTTPS connections, use the session ID as both 'sid' and 'ssid'.
-      if ($is_https) {
+      if (Drupal::request()->isSecure()) {
        $key['ssid'] = $sid;
        // The "secure pages" setting allows a site to simultaneously use both
        // secure and insecure session cookies. If enabled and both cookies are
@@ -233,10 +233,11 @@ function _drupal_session_write($sid, $value) {
 * Initializes the session handler, starting a session if needed.
 */
 function drupal_session_initialize() {
-  global $user, $is_https;
+  global $user;

  session_set_save_handler('_drupal_session_open', '_drupal_session_close', '_drupal_session_read', '_drupal_session_write', '_drupal_session_destroy', '_drupal_session_garbage_collection');

+  $is_https = Drupal::request()->isSecure();
  // We use !empty() in the following check to ensure that blank session IDs
  // are not valid.
  if (!empty($_COOKIE[session_name()]) || ($is_https && settings()->get('mixed_mode_sessions', FALSE) && !empty($_COOKIE[substr(session_name(), 1)]))) {
@@ -296,7 +297,7 @@ function drupal_session_start() {
 * If an anonymous user already have an empty session, destroy it.
 */
 function drupal_session_commit() {
-  global $user, $is_https;
+  global $user;

  if (!drupal_save_session()) {
    // We don't have anything to do if we are not allowed to save the session.
@@ -315,7 +316,7 @@ function drupal_session_commit() {
    // started.
    if (!drupal_session_started()) {
      drupal_session_start();
-      if ($is_https && settings()->get('mixed_mode_sessions', FALSE)) {
+      if (Drupal::request()->isSecure() && settings()->get('mixed_mode_sessions', FALSE)) {
        $insecure_session_name = substr(session_name(), 1);
        $params = session_get_cookie_params();
        $expire = $params['lifetime'] ? REQUEST_TIME + $params['lifetime'] : 0;
@@ -344,13 +345,15 @@ function drupal_session_started($set = NULL) {
 * @ingroup php_wrappers
 */
 function drupal_session_regenerate() {
-  global $user, $is_https;
+  global $user;

  // Nothing to do if we are not allowed to change the session.
  if (!drupal_save_session()) {
    return;
  }

+  $is_https = Drupal::request()->isSecure();
+
  if ($is_https && settings()->get('mixed_mode_sessions', FALSE)) {
    $insecure_session_name = substr(session_name(), 1);
    if (!isset($GLOBALS['lazy_session']) && isset($_COOKIE[$insecure_session_name])) {
@@ -418,13 +421,14 @@ function drupal_session_regenerate() {
 *   Session ID.
 */
 function _drupal_session_destroy($sid) {
-  global $user, $is_https;
+  global $user;

  // Nothing to do if we are not allowed to change the session.
  if (!drupal_save_session()) {
    return;
  }

+  $is_https = Drupal::request()->isSecure();
  // Delete session data.
  db_delete('sessions')
    ->condition($is_https ? 'ssid' : 'sid', $sid)
@@ -454,8 +458,7 @@ function _drupal_session_destroy($sid) {
 *   Force the secure value of the cookie.
 */
 function _drupal_session_delete_cookie($name, $secure = NULL) {
-  global $is_https;
-  if (isset($_COOKIE[$name]) || (!$is_https && $secure === TRUE)) {
+  if (isset($_COOKIE[$name]) || (!Drupal::request()->isSecure() && $secure === TRUE)) {
    $params = session_get_cookie_params();
    if ($secure !== NULL) {
      $params['secure'] = $secure;

--- a/core/modules/language/language.negotiation.inc
+++ b/core/modules/language/language.negotiation.inc
@@ -453,8 +453,6 @@ function language_url_rewrite_url(&$path, &$options) {
      case LANGUAGE_NEGOTIATION_URL_DOMAIN:
        $domains = language_negotiation_url_domains();
        if (is_object($options['language']) && !empty($domains[$options['language']->langcode])) {
-          global $is_https;
-
          // Save the original base URL. If it contains a port, we need to
          // retain it below.
          if (!empty($options['base_url'])) {
@@ -464,7 +462,7 @@ function language_url_rewrite_url(&$path, &$options) {
          }

          // Ask for an absolute URL with our modified base URL.
-          $url_scheme = ($is_https) ? 'https://' : 'http://';
+          $url_scheme = Drupal::request()->isSecure() ? 'https://' : 'http://';
          $options['absolute'] = TRUE;
          $options['base_url'] = $url_scheme . $domains[$options['language']->langcode];


--- a/core/modules/language/lib/Drupal/language/Tests/LanguageUILanguageNegotiationTest.php
+++ b/core/modules/language/lib/Drupal/language/Tests/LanguageUILanguageNegotiationTest.php
@@ -9,6 +9,7 @@

 use Drupal\simpletest\WebTestBase;
 use Drupal\Core\Language\Language;
+use Symfony\Component\HttpFoundation\Request;

 /**
 * Test UI language negotiation
@@ -60,6 +61,9 @@ public static function getInfo() {
  function setUp() {
    parent::setUp();

+    $this->request = Request::create('http://example.com/');
+    $this->container->set('request', $this->request);
+
    require_once DRUPAL_ROOT . '/core/includes/language.inc';
    $admin_user = $this->drupalCreateUser(array('administer languages', 'translate interface', 'access administration pages', 'administer blocks'));
    $this->drupalLogin($admin_user);
@@ -452,12 +456,11 @@ function testLanguageDomain() {
    // Build the link we're going to test.
    $link = 'it.example.com/admin';

-    global $is_https;
    // Test URL in another language: http://it.example.com/admin.
    // Base path gives problems on the testbot, so $correct_link is hard-coded.
    // @see UrlAlterFunctionalTest::assertUrlOutboundAlter (path.test).
    $italian_url = url('admin', array('language' => $languages['it'], 'script' => ''));
-    $url_scheme = ($is_https) ? 'https://' : 'http://';
+    $url_scheme = $this->request->isSecure() ? 'https://' : 'http://';
    $correct_link = $url_scheme . $link;
    $this->assertTrue($italian_url == $correct_link, format_string('The url() function returns the right URL (@url) in accordance with the chosen language', array('@url' => $italian_url)));

@@ -469,11 +472,11 @@ function testLanguageDomain() {
    $this->settingsSet('mixed_mode_sessions', FALSE);

    // Test HTTPS via current URL scheme.
-    $temp_https = $is_https;
-    $is_https = TRUE;
+    $temp_https = $this->request->server->get('HTTPS');
+    $this->request->server->set('HTTPS', 'on');
    $italian_url = url('admin', array('language' => $languages['it'], 'script' => ''));
    $correct_link = 'https://' . $link;
    $this->assertTrue($italian_url == $correct_link, format_string('The url() function returns the right URL (via current URL scheme) (@url) in accordance with the chosen language', array('@url' => $italian_url)));
-    $is_https = $temp_https;
+    $this->request->server->set('HTTPS', $temp_https);
  }
 }
--- a/core/modules/system/lib/Drupal/system/Tests/Session/SessionHttpsTest.php
+++ b/core/modules/system/lib/Drupal/system/Tests/Session/SessionHttpsTest.php
@@ -8,6 +8,7 @@
 namespace Drupal\system\Tests\Session;

 use Drupal\simpletest\WebTestBase;
+use Symfony\Component\HttpFoundation\Request;

 /**
 * Ensure that when running under HTTPS two session cookies are generated.
@@ -29,10 +30,14 @@ public static function getInfo() {
    );
  }

-  protected function testHttpsSession() {
-    global $is_https;
+  public function setUp() {
+    parent::setUp();
+    $this->request = Request::create('http://example.com/');
+    $this->container->set('request', $this->request);
+  }

-    if ($is_https) {
+  protected function testHttpsSession() {
+    if ($this->request->isSecure()) {
      $secure_session_name = session_name();
      $insecure_session_name = substr(session_name(), 1);
    }
@@ -107,7 +112,7 @@ protected function testHttpsSession() {
    // Clear browser cookie jar.
    $this->cookies = array();

-    if ($is_https) {
+    if ($this->request->isSecure()) {
      // The functionality does not make sense when running on HTTPS.
      return;
    }
@@ -241,6 +246,7 @@ protected function assertSessionIds($sid, $ssid, $assertion_text) {
   */
  protected function httpsUrl($url) {
    global $base_url;
+    $this->request->server->set('HTTPS', 'on');
    return $base_url . '/core/modules/system/tests/https.php/' . $url;
  }