From 46098102bed8da0e2a2fbe42e53904dba13a14d7 Mon Sep 17 00:00:00 2001 From: Cole Thorsen <959538+colethorsen@users.noreply.github.com> Date: Mon, 13 Jul 2020 10:05:45 -0400 Subject: [PATCH 1/2] =?UTF-8?q?force=5Fhttps=20didn=E2=80=99t=20force=20ht?= =?UTF-8?q?tps?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit when https:// is present in a defined base URL and a user accesses the site on on an insecure protocol, it would not force them onto secure. --- system/Common.php | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/system/Common.php b/system/Common.php index 348826263c38..ca3bec7e67a7 100644 --- a/system/Common.php +++ b/system/Common.php @@ -447,13 +447,11 @@ function force_https(int $duration = 31536000, RequestInterface $request = null, $baseURL = config(App::class)->baseURL; - // If we already use 'https' then return immediately if (strpos($baseURL, 'https://') === 0) { - return; + $baseURL = (string) substr($baseURL, strlen('https://')); } - - if (strpos($baseURL, 'http://') === 0) + else if (strpos($baseURL, 'http://') === 0) { $baseURL = (string) substr($baseURL, strlen('http://')); } From af0606d9fa93f2496987175038355c9d3b1f0bdb Mon Sep 17 00:00:00 2001 From: Cole Thorsen <959538+colethorsen@users.noreply.github.com> Date: Mon, 13 Jul 2020 12:45:29 -0400 Subject: [PATCH 2/2] Update system/Common.php Co-authored-by: Michal Sniatala --- system/Common.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/system/Common.php b/system/Common.php index ca3bec7e67a7..22dd4135162e 100644 --- a/system/Common.php +++ b/system/Common.php @@ -451,7 +451,7 @@ function force_https(int $duration = 31536000, RequestInterface $request = null, { $baseURL = (string) substr($baseURL, strlen('https://')); } - else if (strpos($baseURL, 'http://') === 0) + elseif (strpos($baseURL, 'http://') === 0) { $baseURL = (string) substr($baseURL, strlen('http://')); }