$_SERVER['HTTPS'] should be undefined on unsecure connection

Request #55403	$_SERVER['HTTPS'] should be undefined on unsecure connection
Submitted:	2011-08-11 17:19 UTC	Modified:	2011-08-18 19:13 UTC
From:	thetaphi@php.net	Assigned:	thetaphi (profile)
Status:	Closed	Package:	iPlanet related
PHP Version:	Irrelevant	OS:
Private report:	No	CVE-ID:	None

[2011-08-11 17:19 UTC] thetaphi@php.net

Description:
------------
All other SAPIs (Apache, too, of course) only set the $_SERVER['HTTPS'] variable 
to "ON", if a secure connection is availab.e The key is undefined otherwise. NSAPI 
on the other hand defines $_SERVER['HTTPS']='OFF' in this case. This breaks apps 
that just do an isset() test (Drupal,...).

Patches

PatchForTrunk.patch (last revision 2011-08-11 17:21 UTC by thetaphi@php.net)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2011-08-11 17:24 UTC] thetaphi@php.net

I will commit this patch to trunk and 5.4, also after 5.3.7 is released, I will 
merge there, too.

[2011-08-11 20:26 UTC] thetaphi@php.net

I will keep this open until committing to 5.3 is possible again.

[2011-08-18 19:13 UTC] thetaphi@php.net

This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.

Committed to 5.3.8 branch, 5.4, trunk