From 0aec89d0c8f0a6402122a3aec0f338cd84658dec Mon Sep 17 00:00:00 2001 From: Patrick Nelson Date: Wed, 6 Apr 2016 18:13:31 -0700 Subject: [PATCH] FIX for #5279 Addressing only a few PSR-2 items in one file, but primarily targeting Director::is_https() and invalid URL's. --- control/Director.php | 222 ++++++++++---------- core/startup/ParameterConfirmationToken.php | 2 +- 2 files changed, 113 insertions(+), 111 deletions(-) diff --git a/control/Director.php b/control/Director.php index f6ac0dc7e..a3ef4eb74 100644 --- a/control/Director.php +++ b/control/Director.php @@ -145,15 +145,15 @@ class Director implements TemplateGlobalProvider { public static function direct($url, DataModel $model) { // Validate $_FILES array before merging it with $_POST foreach($_FILES as $k => $v) { - if(is_array($v['tmp_name'])) { + if (is_array($v['tmp_name'])) { $v = ArrayLib::array_values_recursive($v['tmp_name']); foreach($v as $tmpFile) { - if($tmpFile && !is_uploaded_file($tmpFile)) { + if ($tmpFile && !is_uploaded_file($tmpFile)) { user_error("File upload '$k' doesn't appear to be a valid upload", E_USER_ERROR); } } } else { - if($v['tmp_name'] && !is_uploaded_file($v['tmp_name'])) { + if ($v['tmp_name'] && !is_uploaded_file($v['tmp_name'])) { user_error("File upload '$k' doesn't appear to be a valid upload", E_USER_ERROR); } } @@ -178,7 +178,7 @@ class Director implements TemplateGlobalProvider { $session = Injector::inst()->create('Session', isset($_SESSION) ? $_SESSION : array()); // Only resume a session if its not started already, and a session identifier exists - if(!isset($_SESSION) && Session::request_contains_session_id()) { + if (!isset($_SESSION) && Session::request_contains_session_id()) { $session->inst_start(); } @@ -195,10 +195,10 @@ class Director implements TemplateGlobalProvider { $session->inst_save(); // Return code for a redirection request - if(is_string($result) && substr($result,0,9) == 'redirect:') { + if (is_string($result) && substr($result, 0, 9) == 'redirect:') { $url = substr($result, 9); - if(Director::is_cli()) { + if (Director::is_cli()) { // on cli, follow SilverStripe redirects automatically return Director::direct( str_replace(Director::absoluteBaseURL(), '', $url), @@ -214,8 +214,8 @@ class Director implements TemplateGlobalProvider { } } // Handle a controller - } else if($result) { - if($result instanceof SS_HTTPResponse) { + } elseif ($result) { + if ($result instanceof SS_HTTPResponse) { $response = $result; } else { @@ -271,9 +271,9 @@ class Director implements TemplateGlobalProvider { $oldStage = Versioned::get_stage(); $getVars = array(); - if(!$httpMethod) $httpMethod = ($postVars || is_array($postVars)) ? "POST" : "GET"; + if (!$httpMethod) $httpMethod = ($postVars || is_array($postVars)) ? "POST" : "GET"; - if(!$session) $session = Injector::inst()->create('Session', array()); + if (!$session) $session = Injector::inst()->create('Session', array()); $cookieJar = $cookies instanceof Cookie_Backend ? $cookies : Injector::inst()->createWithArgs('Cookie_Backend', array($cookies ?: array())); @@ -322,7 +322,7 @@ class Director implements TemplateGlobalProvider { if (parse_url($url, PHP_URL_HOST)) { $bits = parse_url($url); // If a port is mentioned in the absolute URL, be sure to add that into the HTTP host - if(isset($bits['port'])) { + if (isset($bits['port'])) { $_SERVER['HTTP_HOST'] = $bits['host'].':'.$bits['port']; } else { $_SERVER['HTTP_HOST'] = $bits['host']; @@ -334,7 +334,7 @@ class Director implements TemplateGlobalProvider { $url = self::makeRelative($url); $urlWithQuerystring = $url; - if(strpos($url, '?') !== false) { + if (strpos($url, '?') !== false) { list($url, $getVarsEncoded) = explode('?', $url, 2); parse_str($getVarsEncoded, $getVars); } @@ -349,7 +349,11 @@ class Director implements TemplateGlobalProvider { $_SERVER['REQUEST_URI'] = Director::baseURL() . $urlWithQuerystring; $request = new SS_HTTPRequest($httpMethod, $url, $getVars, $postVars, $body); - if($headers) foreach($headers as $k => $v) $request->addHeader($k, $v); + if ($headers) { + foreach($headers as $k => $v) { + $request->addHeader($k, $v); + } + } // Pre-request filtering // @see issue #2517 @@ -364,8 +368,8 @@ class Director implements TemplateGlobalProvider { $result = Director::handleRequest($request, $session, $model); // Ensure that the result is an SS_HTTPResponse object - if(is_string($result)) { - if(substr($result,0,9) == 'redirect:') { + if (is_string($result)) { + if (substr($result, 0, 9) == 'redirect:') { $response = new SS_HTTPResponse(); $response->redirect(substr($result, 9)); $result = $response; @@ -397,32 +401,32 @@ class Director implements TemplateGlobalProvider { protected static function handleRequest(SS_HTTPRequest $request, Session $session, DataModel $model) { $rules = Config::inst()->get('Director', 'rules'); - if(isset($_REQUEST['debug'])) Debug::show($rules); + if (isset($_REQUEST['debug'])) Debug::show($rules); foreach($rules as $pattern => $controllerOptions) { - if(is_string($controllerOptions)) { - if(substr($controllerOptions,0,2) == '->') { - $controllerOptions = array('Redirect' => substr($controllerOptions,2)); + if (is_string($controllerOptions)) { + if (substr($controllerOptions, 0, 2) == '->') { + $controllerOptions = array('Redirect' => substr($controllerOptions, 2)); } else { $controllerOptions = array('Controller' => $controllerOptions); } } - if(($arguments = $request->match($pattern, true)) !== false) { + if (($arguments = $request->match($pattern, true)) !== false) { $request->setRouteParams($controllerOptions); // controllerOptions provide some default arguments $arguments = array_merge($controllerOptions, $arguments); // Find the controller name - if(isset($arguments['Controller'])) $controller = $arguments['Controller']; + if (isset($arguments['Controller'])) $controller = $arguments['Controller']; // Pop additional tokens from the tokenizer if necessary - if(isset($controllerOptions['_PopTokeniser'])) { + if (isset($controllerOptions['_PopTokeniser'])) { $request->shift($controllerOptions['_PopTokeniser']); } // Handle redirection - if(isset($arguments['Redirect'])) { + if (isset($arguments['Redirect'])) { return "redirect:" . Director::absoluteURL($arguments['Redirect'], true); } else { @@ -435,7 +439,7 @@ class Director implements TemplateGlobalProvider { } catch(SS_HTTPResponse_Exception $responseException) { $result = $responseException->getResponse(); } - if(!is_object($result) || $result instanceof SS_HTTPResponse) return $result; + if (!is_object($result) || $result instanceof SS_HTTPResponse) return $result; user_error("Bad result from url " . $request->getURL() . " handled by " . get_class($controllerObj)." controller: ".get_class($result), E_USER_WARNING); @@ -488,31 +492,31 @@ class Director implements TemplateGlobalProvider { * @return string */ public static function absoluteURL($url, $relativeParent = self::BASE) { - if(is_bool($relativeParent)) { + if (is_bool($relativeParent)) { // Deprecate old boolean second parameter Deprecation::notice('5.0', 'Director::absoluteURL takes an explicit parent for relative url'); $relativeParent = $relativeParent ? self::BASE : self::REQUEST; } // Check if there is already a protocol given - if(preg_match('/^http(s?):\/\//', $url)) { + if (preg_match('/^http(s?):\/\//', $url)) { return $url; } // Absolute urls without protocol are added // E.g. //google.com -> http://google.com - if(strpos($url, '//') === 0) { + if (strpos($url, '//') === 0) { return self::protocol() . substr($url, 2); } // Determine method for mapping the parent to this relative url - if($relativeParent === self::ROOT || self::is_root_relative_url($url)) { + if ($relativeParent === self::ROOT || self::is_root_relative_url($url)) { // Root relative urls always should be evaluated relative to the root $parent = self::protocolAndHost(); - } elseif($relativeParent === self::REQUEST) { + } elseif ($relativeParent === self::REQUEST) { // Request relative urls rely on the REQUEST_URI param (old default behaviour) - if(!isset($_SERVER['REQUEST_URI'])) { + if (!isset($_SERVER['REQUEST_URI'])) { return false; } $parent = dirname($_SERVER['REQUEST_URI'] . 'x'); @@ -523,7 +527,7 @@ class Director implements TemplateGlobalProvider { } // Map empty urls to relative slash and join to base - if(empty($url) || $url === '.' || $url === './') { + if (empty($url) || $url === '.' || $url === './') { $url = '/'; } return Controller::join_links($parent, $url); @@ -538,21 +542,25 @@ class Director implements TemplateGlobalProvider { */ public static function protocolAndHost() { $alternate = Config::inst()->get('Director', 'alternate_base_url'); - if($alternate) { - if(preg_match('/^(http[^:]*:\/\/[^\/]+)(\/|$)/', $alternate, $matches)) { + if ($alternate) { + if (preg_match('/^(http[^:]*:\/\/[^\/]+)(\/|$)/', $alternate, $matches)) { return $matches[1]; } } - if(isset($_SERVER['HTTP_HOST'])) { + if (isset($_SERVER['HTTP_HOST'])) { return Director::protocol() . $_SERVER['HTTP_HOST']; } else { global $_FILE_TO_URL_MAPPING; - if(Director::is_cli() && isset($_FILE_TO_URL_MAPPING)) $errorSuggestion = ' You probably want to define '. + if (Director::is_cli() && isset($_FILE_TO_URL_MAPPING)) { + $errorSuggestion = ' You probably want to define ' . 'an entry in $_FILE_TO_URL_MAPPING that covers "' . Director::baseFolder() . '"'; - else if(Director::is_cli()) $errorSuggestion = ' You probably want to define $_FILE_TO_URL_MAPPING in '. + } elseif (Director::is_cli()) { + $errorSuggestion = ' You probably want to define $_FILE_TO_URL_MAPPING in ' . 'your _ss_environment.php as instructed on the "sake" page of the doc.silverstripe.com wiki'; - else $errorSuggestion = ""; + } else { + $errorSuggestion = ""; + } user_error("Director::protocolAndHost() lacks sufficient information - HTTP_HOST not set." . $errorSuggestion, E_USER_WARNING); @@ -576,20 +584,18 @@ class Director implements TemplateGlobalProvider { * @return bool */ public static function is_https() { - $return = false; - // See https://en.wikipedia.org/wiki/List_of_HTTP_header_fields - // See https://support.microsoft.com/?kbID=307347 + // See https://support.microsoft.com/en-us/kb/307347 $headerOverride = false; - if(TRUSTED_PROXY) { + if (TRUSTED_PROXY) { $headers = (defined('SS_TRUSTED_PROXY_PROTOCOL_HEADER')) ? array(SS_TRUSTED_PROXY_PROTOCOL_HEADER) : null; - if(!$headers) { + if (!$headers) { // Backwards compatible defaults $headers = array('HTTP_X_FORWARDED_PROTO', 'HTTP_X_FORWARDED_PROTOCOL', 'HTTP_FRONT_END_HTTPS'); } foreach($headers as $header) { $headerCompareVal = ($header === 'HTTP_FRONT_END_HTTPS' ? 'on' : 'https'); - if(!empty($_SERVER[$header]) && strtolower($_SERVER[$header]) == $headerCompareVal) { + if (!empty($_SERVER[$header]) && strtolower($_SERVER[$header]) == $headerCompareVal) { $headerOverride = true; break; } @@ -597,18 +603,16 @@ class Director implements TemplateGlobalProvider { } if ($protocol = Config::inst()->get('Director', 'alternate_protocol')) { - $return = ($protocol == 'https'); - } else if($headerOverride) { - $return = true; - } else if((!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off')) { - $return = true; - } else if(isset($_SERVER['SSL'])) { - $return = true; + return ($protocol == 'https'); + } elseif ($headerOverride) { + return true; + } elseif ((!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off')) { + return true; + } elseif (isset($_SERVER['SSL'])) { + return true; } else { - $return = false; + return false; } - - return $return; } /** @@ -620,18 +624,18 @@ class Director implements TemplateGlobalProvider { public static function baseURL() { $alternate = Config::inst()->get('Director', 'alternate_base_url'); - if($alternate) { + if ($alternate) { return $alternate; } else { $base = BASE_URL; - if($base == '/' || $base == '/.' || $base == '\\') { + if ($base == '/' || $base == '/.' || $base == '\\') { $baseURL = '/'; } else { $baseURL = $base . '/'; } - if(defined('BASE_SCRIPT_URL')) { + if (defined('BASE_SCRIPT_URL')) { return $baseURL . BASE_SCRIPT_URL; } @@ -692,39 +696,37 @@ class Director implements TemplateGlobalProvider { $baseDomain = substr($base1, strlen(self::protocol())); // Only bother comparing the URL to the absolute version if $url looks like a URL. - if(preg_match('/^https?[^:]*:\/\//',$url,$matches)) { + if (preg_match('/^https?[^:]*:\/\//', $url, $matches)) { $urlProtocol = $matches[0]; $urlWithoutProtocol = substr($url, strlen($urlProtocol)); // If we are already looking at baseURL, return '' (substr will return false) - if($url == $base1) { + if ($url == $base1) { return ''; - } - else if(substr($url,0,strlen($base1)) == $base1) { - return substr($url,strlen($base1)); - } - else if(substr($base1,-1)=="/" && $url == substr($base1,0,-1)) { - // Convert http://www.mydomain.com/mysitedir to '' + } elseif (substr($url, 0, strlen($base1)) == $base1) { + return substr($url, strlen($base1)); + } elseif (substr($base1, -1) == "/" && $url == substr($base1, 0, -1)) { + // Convert http://www.mydomain.com/mysitedir to '' return ""; - } + } - if(substr($urlWithoutProtocol,0,strlen($baseDomain)) == $baseDomain) { - return substr($urlWithoutProtocol,strlen($baseDomain)); + if (substr($urlWithoutProtocol, 0, strlen($baseDomain)) == $baseDomain) { + return substr($urlWithoutProtocol, strlen($baseDomain)); } } // test for base folder, e.g. /var/www $base2 = self::baseFolder(); - if(substr($url,0,strlen($base2)) == $base2) return substr($url,strlen($base2)); + if (substr($url, 0, strlen($base2)) == $base2) return substr($url, strlen($base2)); // Test for relative base url, e.g. mywebsite/ if the full URL is http://localhost/mywebsite/ $base3 = self::baseURL(); - if(substr($url,0,strlen($base3)) == $base3) { - return substr($url,strlen($base3)); + if (substr($url, 0, strlen($base3)) == $base3) { + return substr($url, strlen($base3)); } // Test for relative base url, e.g mywebsite/ if the full url is localhost/myswebsite - if(substr($url,0,strlen($baseDomain)) == $baseDomain) { + if (substr($url, 0, strlen($baseDomain)) == $baseDomain) { return substr($url, strlen($baseDomain)); } @@ -740,8 +742,8 @@ class Director implements TemplateGlobalProvider { * @return bool */ public static function is_absolute($path) { - if(empty($path)) return false; - if($path[0] == '/' || $path[0] == '\\') return true; + if (empty($path)) return false; + if ($path[0] == '/' || $path[0] == '\\') return true; return preg_match('/^[a-zA-Z]:[\\\\\/]/', $path) == 1; } @@ -773,10 +775,10 @@ class Director implements TemplateGlobalProvider { */ public static function is_absolute_url($url) { // Strip off the query and fragment parts of the URL before checking - if(($queryPosition = strpos($url, '?')) !== false) { + if (($queryPosition = strpos($url, '?')) !== false) { $url = substr($url, 0, $queryPosition-1); } - if(($hashPosition = strpos($url, '#')) !== false) { + if (($hashPosition = strpos($url, '#')) !== false) { $url = substr($url, 0, $hashPosition-1); } $colonPosition = strpos($url, ':'); @@ -823,7 +825,7 @@ class Director implements TemplateGlobalProvider { public static function is_site_url($url) { $urlHost = parse_url($url, PHP_URL_HOST); $actualHost = parse_url(self::protocolAndHost(), PHP_URL_HOST); - if($urlHost && $actualHost && $urlHost == $actualHost) { + if ($urlHost && $actualHost && $urlHost == $actualHost) { return true; } else { return self::is_relative_url($url); @@ -841,7 +843,7 @@ class Director implements TemplateGlobalProvider { $headers = array(); foreach($server as $key => $value) { - if(substr($key, 0, 5) == 'HTTP_') { + if (substr($key, 0, 5) == 'HTTP_') { $key = substr($key, 5); $key = strtolower(str_replace('_', ' ', $key)); $key = str_replace(' ', '-', ucwords($key)); @@ -849,8 +851,8 @@ class Director implements TemplateGlobalProvider { } } - if(isset($server['CONTENT_TYPE'])) $headers['Content-Type'] = $server['CONTENT_TYPE']; - if(isset($server['CONTENT_LENGTH'])) $headers['Content-Length'] = $server['CONTENT_LENGTH']; + if (isset($server['CONTENT_TYPE'])) $headers['Content-Type'] = $server['CONTENT_TYPE']; + if (isset($server['CONTENT_LENGTH'])) $headers['Content-Length'] = $server['CONTENT_LENGTH']; return $headers; } @@ -875,7 +877,7 @@ class Director implements TemplateGlobalProvider { */ public static function fileExists($file) { // replace any appended query-strings, e.g. /path/to/foo.php?bar=1 to /path/to/foo.php - $file = preg_replace('/([^\?]*)?.*/','$1',$file); + $file = preg_replace('/([^\?]*)?.*/', '$1', $file); return file_exists(Director::getAbsFile($file)); } @@ -901,7 +903,7 @@ class Director implements TemplateGlobalProvider { $s = ""; $login = ""; - if(isset($_SERVER['PHP_AUTH_USER'])) $login = "$_SERVER[PHP_AUTH_USER]:$_SERVER[PHP_AUTH_PW]@"; + if (isset($_SERVER['PHP_AUTH_USER'])) $login = "$_SERVER[PHP_AUTH_USER]:$_SERVER[PHP_AUTH_PW]@"; return Director::protocol() . $login . $_SERVER['HTTP_HOST'] . Director::baseURL(); } @@ -927,19 +929,19 @@ class Director implements TemplateGlobalProvider { * * To use, call from _config.php. For example: * - * if(Director::isLive()) Director::forceSSL(); + * if (Director::isLive()) Director::forceSSL(); * * * If you don't want your entire site to be on SSL, you can pass an array of PCRE regular expression * patterns for matching relative URLs. For example: * - * if(Director::isLive()) Director::forceSSL(array('/^admin/', '/^Security/')); + * if (Director::isLive()) Director::forceSSL(array('/^admin/', '/^Security/')); * * * If you want certain parts of your site protected under a different domain, you can specify * the domain as an argument: * - * if(Director::isLive()) Director::forceSSL(array('/^admin/', '/^Security/'), 'secure.mysite.com'); + * if (Director::isLive()) Director::forceSSL(array('/^admin/', '/^Security/'), 'secure.mysite.com'); * * * Note that the session data will be lost when moving from HTTP to HTTPS. It is your responsibility @@ -954,19 +956,19 @@ class Director implements TemplateGlobalProvider { * @return bool|string String of URL when unit tests running, boolean FALSE if patterns don't match request URI. */ public static function forceSSL($patterns = null, $secureDomain = null) { - if(!isset($_SERVER['REQUEST_URI'])) return false; + if (!isset($_SERVER['REQUEST_URI'])) return false; $matched = false; - if($patterns) { + if ($patterns) { // Calling from the command-line? - if(!isset($_SERVER['REQUEST_URI'])) return; + if (!isset($_SERVER['REQUEST_URI'])) return; $relativeURL = self::makeRelative(Director::absoluteURL($_SERVER['REQUEST_URI'])); // protect portions of the site based on the pattern foreach($patterns as $pattern) { - if(preg_match($pattern, $relativeURL)) { + if (preg_match($pattern, $relativeURL)) { $matched = true; break; } @@ -976,10 +978,10 @@ class Director implements TemplateGlobalProvider { $matched = true; } - if($matched && !self::is_https()) { + if ($matched && !self::is_https()) { // if an domain is specified, redirect to that instead of the current domain - if($secureDomain) { + if ($secureDomain) { $url = 'https://' . $secureDomain . $_SERVER['REQUEST_URI']; } else { $url = $_SERVER['REQUEST_URI']; @@ -988,7 +990,7 @@ class Director implements TemplateGlobalProvider { $destURL = str_replace('http:', 'https:', Director::absoluteURL($url)); // This coupling to SapphireTest is necessary to test the destination URL and to not interfere with tests - if(class_exists('SapphireTest', false) && SapphireTest::is_running_test()) { + if (class_exists('SapphireTest', false) && SapphireTest::is_running_test()) { return $destURL; } else { self::force_redirect($destURL); @@ -1002,7 +1004,7 @@ class Director implements TemplateGlobalProvider { * Force a redirect to a domain starting with "www." */ public static function forceWWW() { - if(!Director::isDev() && !Director::isTest() && strpos($_SERVER['HTTP_HOST'], 'www') !== 0) { + if (!Director::isDev() && !Director::isTest() && strpos($_SERVER['HTTP_HOST'], 'www') !== 0) { $destURL = str_replace(Director::protocol(), Director::protocol() . 'www.', Director::absoluteURL($_SERVER['REQUEST_URI'])); @@ -1017,7 +1019,7 @@ class Director implements TemplateGlobalProvider { * @return bool */ public static function is_ajax() { - if(Controller::has_curr()) { + if (Controller::has_curr()) { return Controller::curr()->getRequest()->isAjax(); } else { return ( @@ -1074,7 +1076,7 @@ class Director implements TemplateGlobalProvider { * @param $et string */ public static function set_environment_type($et) { - if($et != 'dev' && $et != 'test' && $et != 'live') { + if ($et != 'dev' && $et != 'test' && $et != 'live') { user_error("Director::set_environment_type passed '$et'. It should be passed dev, test, or live", E_USER_WARNING); } else { @@ -1090,11 +1092,11 @@ class Director implements TemplateGlobalProvider { * @return bool|string */ public static function get_environment_type() { - if(Director::isLive()) { + if (Director::isLive()) { return 'live'; - } elseif(Director::isTest()) { + } elseif (Director::isTest()) { return 'test'; - } elseif(Director::isDev()) { + } elseif (Director::isDev()) { return 'dev'; } else { return false; @@ -1119,14 +1121,14 @@ class Director implements TemplateGlobalProvider { */ public static function isDev() { // Check session - if($env = self::session_environment()) return $env === 'dev'; + if ($env = self::session_environment()) return $env === 'dev'; // Check config - if(Config::inst()->get('Director', 'environment_type') === 'dev') return true; + if (Config::inst()->get('Director', 'environment_type') === 'dev') return true; // Check if we are running on one of the test servers $devServers = (array)Config::inst()->get('Director', 'dev_servers'); - if(isset($_SERVER['HTTP_HOST']) && in_array($_SERVER['HTTP_HOST'], $devServers)) { + if (isset($_SERVER['HTTP_HOST']) && in_array($_SERVER['HTTP_HOST'], $devServers)) { return true; } @@ -1141,17 +1143,17 @@ class Director implements TemplateGlobalProvider { */ public static function isTest() { // In case of isDev and isTest both being set, dev has higher priority - if(self::isDev()) return false; + if (self::isDev()) return false; // Check saved session - if($env = self::session_environment()) return $env === 'test'; + if ($env = self::session_environment()) return $env === 'test'; // Check config - if(Config::inst()->get('Director', 'environment_type') === 'test') return true; + if (Config::inst()->get('Director', 'environment_type') === 'test') return true; // Check if we are running on one of the test servers $testServers = (array)Config::inst()->get('Director', 'test_servers'); - if(isset($_SERVER['HTTP_HOST']) && in_array($_SERVER['HTTP_HOST'], $testServers)) { + if (isset($_SERVER['HTTP_HOST']) && in_array($_SERVER['HTTP_HOST'], $testServers)) { return true; } @@ -1165,23 +1167,23 @@ class Director implements TemplateGlobalProvider { */ protected static function session_environment() { // Set session from querystring - if(isset($_GET['isDev'])) { - if(isset($_SESSION)) { + if (isset($_GET['isDev'])) { + if (isset($_SESSION)) { unset($_SESSION['isTest']); // In case we are changing from test mode $_SESSION['isDev'] = $_GET['isDev']; } return 'dev'; - } elseif(isset($_GET['isTest'])) { - if(isset($_SESSION)) { + } elseif (isset($_GET['isTest'])) { + if (isset($_SESSION)) { unset($_SESSION['isDev']); // In case we are changing from dev mode $_SESSION['isTest'] = $_GET['isTest']; } return 'test'; } // Check session - if(isset($_SESSION['isDev']) && $_SESSION['isDev']) { + if (isset($_SESSION['isDev']) && $_SESSION['isDev']) { return 'dev'; - } elseif(isset($_SESSION['isTest']) && $_SESSION['isTest']) { + } elseif (isset($_SESSION['isTest']) && $_SESSION['isTest']) { return 'test'; } else { return null; diff --git a/core/startup/ParameterConfirmationToken.php b/core/startup/ParameterConfirmationToken.php index 07468934e..8b300e445 100644 --- a/core/startup/ParameterConfirmationToken.php +++ b/core/startup/ParameterConfirmationToken.php @@ -164,7 +164,7 @@ class ParameterConfirmationToken { // Are we http or https? Replicates Director::is_https() without its dependencies/ $proto = 'http'; // See https://en.wikipedia.org/wiki/List_of_HTTP_header_fields - // See https://support.microsoft.com/?kbID=307347 + // See https://support.microsoft.com/en-us/kb/307347 $headerOverride = false; if(TRUSTED_PROXY) { $headers = (defined('SS_TRUSTED_PROXY_PROTOCOL_HEADER')) ? array(SS_TRUSTED_PROXY_PROTOCOL_HEADER) : null;