Commit 82296817 authored by lkmorlan's avatar lkmorlan

Redirect all pages containing a form to HTTPS.

parent aade9177
name = uWaterloo security
description = Provides security features.
core = 7.x
package = uWaterloo Core
<?php
/**
* Implements hook_form_alter().
*
* Redirect all pages containing a form to HTTPS.
* Code based on securelogin module.
*/
function uw_security_form_alter(&$form, &$form_state, $form_id) {
global $is_https;
// Flag form as secure for theming purposes.
$form['#https'] = TRUE;
// POST requests are not redirected, to prevent unintentional redirects which result in lost POST data.
if (!$is_https && $_SERVER['REQUEST_METHOD'] !== 'POST') {
// Ignore the destination for this redirect (it was preserved in the query).
unset($_GET['destination']);
// Can't use https option to url() because we are not setting the https global variable (which is bad for security).
drupal_goto(preg_replace('/^http:/', 'https:', url($_GET['q'], array('query' => drupal_get_query_parameters(), 'absolute' => TRUE))), array(), 301);
}
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment