summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorcatch2013-04-09 20:38:06 (GMT)
committercatch2013-04-09 20:38:06 (GMT)
commit95516e65b7038d71003310902bf16f50c399196d (patch)
tree4bc9780f9c7364e88a4ee02efe0255b5220132dc
parentd9cbceca75610d1ba7f3b898b44c0014ad287f25 (diff)
Issue #1798832 by andreiashu, Berdir, heyrocker, aspilicious, johan.gant, typhonius, ACF: Convert https to .
-rw-r--r--core/includes/common.inc4
-rw-r--r--core/includes/form.inc2
-rw-r--r--core/includes/session.inc16
-rw-r--r--core/modules/language/language.negotiation.inc2
-rw-r--r--core/modules/language/lib/Drupal/language/Tests/LanguageUILanguageNegotiationTest.php4
-rw-r--r--core/modules/system/lib/Drupal/system/Tests/Session/SessionHttpsTest.php8
-rw-r--r--sites/default/default.settings.php8
7 files changed, 29 insertions, 15 deletions
diff --git a/core/includes/common.inc b/core/includes/common.inc
index e795734..617d27b 100644
--- a/core/includes/common.inc
+++ b/core/includes/common.inc
@@ -2113,7 +2113,7 @@ function url($path = NULL, array $options = array()) {
if ($options['query']) {
$path .= (strpos($path, '?') !== FALSE ? '&' : '?') . drupal_http_build_query($options['query']);
}
- if (isset($options['https']) && variable_get('https', FALSE)) {
+ if (isset($options['https']) && settings()->get('mixed_mode_sessions', FALSE)) {
if ($options['https'] === TRUE) {
$path = str_replace('http://', 'https://', $path);
}
@@ -2129,7 +2129,7 @@ function url($path = NULL, array $options = array()) {
// The base_url might be rewritten from the language rewrite in domain mode.
if (!isset($options['base_url'])) {
- if (isset($options['https']) && variable_get('https', FALSE)) {
+ if (isset($options['https']) && settings()->get('mixed_mode_sessions', FALSE)) {
if ($options['https'] === TRUE) {
$options['base_url'] = $base_secure_url;
$options['absolute'] = TRUE;
diff --git a/core/includes/form.inc b/core/includes/form.inc
index 6906937..ca9e614 100644
--- a/core/includes/form.inc
+++ b/core/includes/form.inc
@@ -1825,7 +1825,7 @@ function form_builder($form_id, &$element, &$form_state) {
// Special handling if we're on the top level form element.
if (isset($element['#type']) && $element['#type'] == 'form') {
- if (!empty($element['#https']) && variable_get('https', FALSE) &&
+ if (!empty($element['#https']) && settings()->get('mixed_mode_sessions', FALSE) &&
!url_is_external($element['#action'])) {
global $base_root;
diff --git a/core/includes/session.inc b/core/includes/session.inc
index 31e67a6..beb5659 100644
--- a/core/includes/session.inc
+++ b/core/includes/session.inc
@@ -188,14 +188,14 @@ function _drupal_session_write($sid, $value) {
// The "secure pages" setting allows a site to simultaneously use both
// secure and insecure session cookies. If enabled and both cookies are
// presented then use both keys.
- if (variable_get('https', FALSE)) {
+ if (settings()->get('mixed_mode_sessions', FALSE)) {
$insecure_session_name = substr(session_name(), 1);
if (isset($_COOKIE[$insecure_session_name])) {
$key['sid'] = $_COOKIE[$insecure_session_name];
}
}
}
- elseif (variable_get('https', FALSE)) {
+ elseif (settings()->get('mixed_mode_sessions', FALSE)) {
unset($key['ssid']);
}
@@ -239,7 +239,7 @@ function drupal_session_initialize() {
// We use !empty() in the following check to ensure that blank session IDs
// are not valid.
- if (!empty($_COOKIE[session_name()]) || ($is_https && variable_get('https', FALSE) && !empty($_COOKIE[substr(session_name(), 1)]))) {
+ if (!empty($_COOKIE[session_name()]) || ($is_https && settings()->get('mixed_mode_sessions', FALSE) && !empty($_COOKIE[substr(session_name(), 1)]))) {
// If a session cookie exists, initialize the session. Otherwise the
// session is only started on demand in drupal_session_commit(), making
// anonymous users not use a session cookie unless something is stored in
@@ -260,7 +260,7 @@ function drupal_session_initialize() {
// anonymous users than are generated in drupal_session_regenerate() when
// a user becomes authenticated.
session_id(drupal_hash_base64(uniqid(mt_rand(), TRUE)));
- if ($is_https && variable_get('https', FALSE)) {
+ if ($is_https && settings()->get('mixed_mode_sessions', FALSE)) {
$insecure_session_name = substr(session_name(), 1);
$session_id = drupal_hash_base64(uniqid(mt_rand(), TRUE));
$_COOKIE[$insecure_session_name] = $session_id;
@@ -315,7 +315,7 @@ function drupal_session_commit() {
// started.
if (!drupal_session_started()) {
drupal_session_start();
- if ($is_https && variable_get('https', FALSE)) {
+ if ($is_https && settings()->get('mixed_mode_sessions', FALSE)) {
$insecure_session_name = substr(session_name(), 1);
$params = session_get_cookie_params();
$expire = $params['lifetime'] ? REQUEST_TIME + $params['lifetime'] : 0;
@@ -351,7 +351,7 @@ function drupal_session_regenerate() {
return;
}
- if ($is_https && variable_get('https', FALSE)) {
+ if ($is_https && settings()->get('mixed_mode_sessions', FALSE)) {
$insecure_session_name = substr(session_name(), 1);
if (!isset($GLOBALS['lazy_session']) && isset($_COOKIE[$insecure_session_name])) {
$old_insecure_session_id = $_COOKIE[$insecure_session_name];
@@ -380,7 +380,7 @@ function drupal_session_regenerate() {
$fields['ssid'] = session_id();
// If the "secure pages" setting is enabled, use the newly-created
// insecure session identifier as the regenerated sid.
- if (variable_get('https', FALSE)) {
+ if (settings()->get('mixed_mode_sessions', FALSE)) {
$fields['sid'] = $session_id;
}
}
@@ -440,7 +440,7 @@ function _drupal_session_destroy($sid) {
if ($is_https) {
_drupal_session_delete_cookie(substr(session_name(), 1), FALSE);
}
- elseif (variable_get('https', FALSE)) {
+ elseif (settings()->get('mixed_mode_sessions', FALSE)) {
_drupal_session_delete_cookie('S' . session_name(), TRUE);
}
}
diff --git a/core/modules/language/language.negotiation.inc b/core/modules/language/language.negotiation.inc
index 6565c6d..ca41c78 100644
--- a/core/modules/language/language.negotiation.inc
+++ b/core/modules/language/language.negotiation.inc
@@ -480,7 +480,7 @@ function language_url_rewrite_url(&$path, &$options) {
$options['base_url'] .= ':' . $port;
}
- if (isset($options['https']) && variable_get('https', FALSE)) {
+ if (isset($options['https']) && settings()->get('mixed_mode_sessions', FALSE)) {
if ($options['https'] === TRUE) {
$options['base_url'] = str_replace('http://', 'https://', $options['base_url']);
}
diff --git a/core/modules/language/lib/Drupal/language/Tests/LanguageUILanguageNegotiationTest.php b/core/modules/language/lib/Drupal/language/Tests/LanguageUILanguageNegotiationTest.php
index e614da2..a6c1dc7 100644
--- a/core/modules/language/lib/Drupal/language/Tests/LanguageUILanguageNegotiationTest.php
+++ b/core/modules/language/lib/Drupal/language/Tests/LanguageUILanguageNegotiationTest.php
@@ -462,11 +462,11 @@ class LanguageUILanguageNegotiationTest extends WebTestBase {
$this->assertTrue($italian_url == $correct_link, format_string('The url() function returns the right URL (@url) in accordance with the chosen language', array('@url' => $italian_url)));
// Test HTTPS via options.
- variable_set('https', TRUE);
+ $this->settingsSet('mixed_mode_sessions', TRUE);
$italian_url = url('admin', array('https' => TRUE, 'language' => $languages['it'], 'script' => ''));
$correct_link = 'https://' . $link;
$this->assertTrue($italian_url == $correct_link, format_string('The url() function returns the right HTTPS URL (via options) (@url) in accordance with the chosen language', array('@url' => $italian_url)));
- variable_set('https', FALSE);
+ $this->settingsSet('mixed_mode_sessions', FALSE);
// Test HTTPS via current URL scheme.
$temp_https = $is_https;
diff --git a/core/modules/system/lib/Drupal/system/Tests/Session/SessionHttpsTest.php b/core/modules/system/lib/Drupal/system/Tests/Session/SessionHttpsTest.php
index 0ab45a9..787b7d0 100644
--- a/core/modules/system/lib/Drupal/system/Tests/Session/SessionHttpsTest.php
+++ b/core/modules/system/lib/Drupal/system/Tests/Session/SessionHttpsTest.php
@@ -113,7 +113,13 @@ class SessionHttpsTest extends WebTestBase {
}
// Enable secure pages.
- variable_set('https', TRUE);
+ $this->settingsSet('mixed_mode_sessions', TRUE);
+ // Write that value also into the test settings.php file.
+ $settings['settings']['mixed_mode_sessions'] = (object) array(
+ 'value' => TRUE,
+ 'required' => TRUE,
+ );
+ $this->writeSettings($settings);
$this->curlClose();
// Start an anonymous session on the insecure site.
diff --git a/sites/default/default.settings.php b/sites/default/default.settings.php
index 7fcda31..a0f1016 100644
--- a/sites/default/default.settings.php
+++ b/sites/default/default.settings.php
@@ -444,6 +444,14 @@ $settings['update_free_access'] = FALSE;
# $settings['allow_authorize_operations'] = FALSE;
/**
+ * Mixed-mode sessions:
+ *
+ * Set to TRUE to create both secure and insecure sessions when using HTTPS.
+ * Defaults to FALSE.
+ */
+# $settings['mixed_mode_sessions'] = TRUE;
+
+/**
* Base URL (optional).
*
* If Drupal is generating incorrect URLs on your site, which could