This method can read the client protocol from the "X-Forwarded-Proto" header
when trusted proxies were set via "setTrustedProxies()".
The "X-Forwarded-Proto" header must contain the protocol: "https" or "http".
If your reverse proxy uses a different header name than "X-Forwarded-Proto"
("SSL_HTTPS" for instance), configure it via "setTrustedHeaderName()" with
the "client-proto" key.
/**
* @param \Illuminate\Config\Repository $config
*/
public function __construct(Config $config, Session $session)
{
$scheme = \Request::isSecure() ? 'https://' : 'http://';
$this->u2f = new \u2flib_server\U2F($scheme . \Request::getHttpHost());
$this->config = $config;
$this->session = $session;
}
public function testIsSecureChecksScheme()
{
$request = new Request('GET', '/resource/123', 'http://example.com');
$this->assertFalse($request->isSecure());
$request = new Request('GET', '/resource/123', 'https://example.com');
$this->assertTrue($request->isSecure());
}
/**
* Initialize the class members values.
* @return void
*/
public static function init()
{
static::$ssl = Request::isSecure();
static::$protocol = static::$ssl === true ? 'https' : 'http';
static::$request_uri = $req = $_SERVER['REQUEST_URI'];
static::$request_method = $_SERVER['REQUEST_METHOD'];
if (strpos($req, '?') !== false) {
list(static::$request_uri, static::$query_string) = explode('?', $req);
}
}
/**
* Initialise the captcha
*
* @param string $id The id of the field.
* @return boolean True on success, false otherwise
* @since 2.5
*/
public function onInit($id)
{
// Initialise variables
$lang = $this->_getLanguage();
$pubkey = $this->params->get('public_key', '');
$theme = $this->params->get('theme', 'clean');
if ($pubkey == null || $pubkey == '') {
throw new Exception(Lang::txt('PLG_RECAPTCHA_ERROR_NO_PUBLIC_KEY'));
}
$server = self::RECAPTCHA_API_SERVER;
if (Request::isSecure()) {
$server = self::RECAPTCHA_API_SECURE_SERVER;
}
Html::asset('script', $server . '/js/recaptcha_ajax.js');
Document::addScriptDeclaration('jQuery(document).ready(function($) {
Recaptcha.create("' . $pubkey . '", "dynamic_recaptcha_1", {theme: "' . $theme . '",' . $lang . 'tabindex: 0});
});');
return true;
}
/**
* Checks if we need to remove Cache-Control for SSL encrypted downloads when using IE < 9.
*
* @link http://support.microsoft.com/kb/323308
*/
protected function ensureIEOverSSLCompatibility(Request $request)
{
if (false !== stripos($this->headers->get('Content-Disposition'), 'attachment') && preg_match('/MSIE (.*?);/i', $request->server->get('HTTP_USER_AGENT'), $match) == 1 && true === $request->isSecure()) {
if (intval(preg_replace("/(MSIE )(.*?);/", "\$2", $match[0])) < 9) {
$this->headers->remove('Cache-Control');
}
}
}
/**
* @todo Implement testIsSSL().
*/
public function testIsSSL()
{
$this->assertEquals(false, $this->request->isSecure());
}
/**
* Prepares the Response before it is sent to the client.
*
* This method tweaks the Response to ensure that it is
* compliant with RFC 2616. Most of the changes are based on
* the Request that is "associated" with this Response.
*
* @param Request $request A Request instance
*
* @return Response The current response.
*/
public function prepare(Request $request)
{
$headers = $this->headers;
if ($this->isInformational() || in_array($this->statusCode, array(204, 304))) {
$this->setContent(null);
}
// Content-type based on the Request
if (!$headers->has('Content-Type')) {
$format = $request->getRequestFormat();
if (null !== $format && $mimeType = $request->getMimeType($format)) {
$headers->set('Content-Type', $mimeType);
}
}
// Fix Content-Type
$charset = $this->charset ?: 'UTF-8';
if (!$headers->has('Content-Type')) {
$headers->set('Content-Type', 'text/html; charset='.$charset);
} elseif (0 === strpos($headers->get('Content-Type'), 'text/') && false === strpos($headers->get('Content-Type'), 'charset')) {
// add the charset
$headers->set('Content-Type', $headers->get('Content-Type').'; charset='.$charset);
}
// Fix Content-Length
if ($headers->has('Transfer-Encoding')) {
$headers->remove('Content-Length');
}
if ($request->isMethod('HEAD')) {
// cf. RFC2616 14.13
$length = $headers->get('Content-Length');
$this->setContent(null);
if ($length) {
$headers->set('Content-Length', $length);
}
}
// Fix protocol
if ('HTTP/1.0' != $request->server->get('SERVER_PROTOCOL')) {
$this->setProtocolVersion('1.1');
}
// Check if we need to send extra expire info headers
if ('1.0' == $this->getProtocolVersion() && 'no-cache' == $this->headers->get('Cache-Control')) {
$this->headers->set('pragma', 'no-cache');
$this->headers->set('expires', -1);
}
/**
* Check if we need to remove Cache-Control for ssl encrypted downloads when using IE < 9
* @link http://support.microsoft.com/kb/323308
*/
if (false !== stripos($this->headers->get('Content-Disposition'), 'attachment') && preg_match('/MSIE (.*?);/i', $request->server->get('HTTP_USER_AGENT'), $match) == 1 && true === $request->isSecure()) {
if(intval(preg_replace("/(MSIE )(.*?);/", "$2", $match[0])) < 9) {
$this->headers->remove('Cache-Control');
}
}
return $this;
}
<?php
/*
|--------------------------------------------------------------------------
| Application & Route Filters
|--------------------------------------------------------------------------
|
| Below you will find the "before" and "after" events for the application
| which may be used to do any work before or after a request into your
| application. Here you may also register your custom route filters.
|
*/
App::before(function ($request) {
//if (!preg_match("#admincp#", Request::path()) and Request::path() != "logout" ) return Redirect::to("admincp");
if (Config::get('enable-https', 0) and !\Request::isSecure()) {
return Redirect::secure(Request::path());
}
if (Auth::check()) {
//use here to update online status of this user
Auth::user()->updateOnline();
}
});
App::after(function ($request, $response) {
//
});
/*
|--------------------------------------------------------------------------
| Authentication Filters
|--------------------------------------------------------------------------
|
| The following filters are used to verify that the user of the current
public function testIsSecure()
{
$this->assertThat($this->object->isSecure(), $this->equalTo(false));
}
public function defaultAction()
{
if (!Request::isSecure() && Config::get()->forceAdminHttps) {
Helpers::redirect(Helpers::getCompleteUrl(Config::get()->baseUrl . 'admin/html-output/login', 'https://'));
}
}
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*
* HUBzero is a registered trademark of Purdue University.
*
* @package hubzero-cms
* @author Shawn Rice <*****@*****.**>
* @copyright Copyright 2005-2015 HUBzero Foundation, LLC.
* @license http://opensource.org/licenses/MIT MIT
*/
// No direct access
defined('_HZEXEC_') or die;
$base = Request::base();
if (Request::isSecure()) {
$base = str_replace('http://', 'https://', $base);
}
$controller = Request::getCmd('controller', Request::getCmd('view', ''));
$this->css();
?>
<div class="captcha-block">
<div class="grid">
<div class="col span8">
<label for="imgCatchaTxt<?php
echo $this->total;
?>
">
<?php
echo Lang::txt('PLG_CAPTCHA_IMAGE_ENTER_CAPTCHA_VALUE');
