Commit 80dc909c authored by lkmorlan's avatar lkmorlan

RT-Ticket: #221643

RT-Status: resolved
RT-Update: correspond
RT-TimeWorked: 30
uw_security: Form redirect code brought back from branches/forms-redirect-https. Tagging 7.x-1.1.
parent 2c7d886f
...@@ -2,4 +2,4 @@ name = uWaterloo security ...@@ -2,4 +2,4 @@ name = uWaterloo security
description = Provides security features. description = Provides security features.
core = 7.x core = 7.x
package = uWaterloo Core package = uWaterloo Core
version = 7.x-1.0 version = 7.x-1.1
<?php <?php
/**
* Implements hook_form_alter().
*
* Redirect all pages containing a form to HTTPS.
* Code based on securelogin module.
*/
function uw_security_form_alter(&$form, &$form_state, $form_id) {
global $is_https;
// Flag form as secure for theming purposes.
$form['#https'] = TRUE;
// POST requests are not redirected, to prevent unintentional redirects which result in lost POST data.
if (!$is_https && $_SERVER['REQUEST_METHOD'] !== 'POST') {
// Ignore the destination for this redirect (it was preserved in the query).
unset($_GET['destination']);
// Can't use https option to url() because we are not setting the https global variable (which is bad for security).
drupal_goto(preg_replace('/^http:/', 'https:', url($_GET['q'], array('query' => drupal_get_query_parameters(), 'absolute' => TRUE))), array(), 301);
}
}
/** /**
* Implements hook_user_logout(). * Implements hook_user_logout().
* *
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment