Redirect all pages containing a form to HTTPS.

82296817 · lkmorlan · aade9177 · 82296817 · 82296817
Commit 82296817 authored Jan 31, 2012 by lkmorlan
Hide whitespace changes
Inline Side-by-side

Showing with 24 additions and 0 deletions

uw_security.info uw_security.info +4 -0

uw_security.module uw_security.module +20 -0

No files found.
--- a/uw_security.info
+++ b/uw_security.info
+name = uWaterloo security
+description = Provides security features.
+core = 7.x
+package = uWaterloo Core
--- a/uw_security.module
+++ b/uw_security.module
+<?php
+
+/**
+ * Implements hook_form_alter().
+ *
+ * Redirect all pages containing a form to HTTPS.
+ * Code based on securelogin module.
+ */
+function uw_security_form_alter(&$form, &$form_state, $form_id) {
+  global $is_https;
+  // Flag form as secure for theming purposes.
+  $form['#https'] = TRUE;
+  // POST requests are not redirected, to prevent unintentional redirects which result in lost POST data.
+  if (!$is_https && $_SERVER['REQUEST_METHOD'] !== 'POST') {
+    // Ignore the destination for this redirect (it was preserved in the query).
+    unset($_GET['destination']);
+    // Can't use https option to url() because we are not setting the https global variable (which is bad for security).
+    drupal_goto(preg_replace('/^http:/', 'https:', url($_GET['q'], array('query' => drupal_get_query_parameters(), 'absolute' => TRUE))), array(), 301);
+  }
+}