Support hostname and hostname:port in force_https option (#5511)

8 years ago · ad9a55f8cb
parent c344f60d75
commit ad9a55f8cb
3 changed files with 22 additions and 8 deletions
--- a/1
+++ b/1
@ -1,6 +1,7 @@
 CHANGELOG Roundcube Webmail
 ===========================

+- Support hostname and hostname:port in force_https option (#5511)
 - Support ALLOW-FROM in x_frame_options (#5122)
 - Allow to omit a subject when sending an email (#5068)
 - Warn about too many disclosed recipients in composed email [max_disclosed_recipients] (#5132)
--- a/config/defaults.inc.php
+++ b/config/defaults.inc.php
@ -391,9 +391,10 @@ $config['temp_dir'] = RCUBE_INSTALL_PATH . 'temp/';
 // possible units: s, m, h, d, w
 $config['temp_dir_ttl'] = '48h';

-// enforce connections over https
-// with this option enabled, all non-secure connections will be redirected.
-// set the port for the ssl connection as value of this option if it differs from the default 443
+// Enforce connections over https
+// With this option enabled, all non-secure connections will be redirected.
+// It can be also a port number, hostname or hostname:port if they are
+// different than default HTTP_HOST:443
 $config['force_https'] = false;

 // tell PHP that it should work as under secure connection
--- a/index.php
+++ b/index.php
@ -4,7 +4,7 @@
 | Roundcube Webmail IMAP Client                                           |
 | Version 1.3-git                                                         |
 |                                                                         |
- | Copyright (C) 2005-2015, The Roundcube Dev Team                         |
+ | Copyright (C) 2005-2016, The Roundcube Dev Team                         |
 |                                                                         |
 | This program is free software: you can redistribute it and/or modify    |
 | it under the terms of the GNU General Public License (with exceptions   |
@ -72,11 +72,23 @@ if ($RCMAIL->action == 'error' && !empty($_GET['_code'])) {

 // check if https is required (for login) and redirect if necessary
 if (empty($_SESSION['user_id']) && ($force_https = $RCMAIL->config->get('force_https', false))) {
-    $https_port = is_bool($force_https) ? 443 : $force_https;
+    // force_https can be true, <hostname>, <hostname>:<port>, <port>
+    if (!is_bool($force_https)) {
+        list($host, $port) = explode(':', $force_https);

-    if (!rcube_utils::https_check($https_port)) {
-        $host  = preg_replace('/:[0-9]+$/', '', $_SERVER['HTTP_HOST']);
-        $host .= ($https_port != 443 ? ':' . $https_port : '');
+        if (is_numeric($host) && empty($port)) {
+            $port = $host;
+            $host = '';
+        }
+    }
+
+    if (!rcube_utils::https_check($port ?: 443)) {
+        if (empty($host)) {
+            $host = preg_replace('/:[0-9]+$/', '', $_SERVER['HTTP_HOST']);
+        }
+        if ($port && $port != 443) {
+            $host .= ':' . $port;
+        }

        header('Location: https://' . $host . $_SERVER['REQUEST_URI']);
        exit;