From: Uwe Schindler <thetaphi@php.net>
Date: Thu, 11 Aug 2011 20:25:24 +0000 (+0000)
Subject: Bug #55403: Don't set $_SERVER['HTTPS'] on unsecure connection
X-Git-Tag: php-5.4.0beta1~440
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=acec8201a1efdac28d12f6495003f45e48ca0106;p=php

Bug #55403: Don't set $_SERVER['HTTPS'] on unsecure connection
---

diff --git a/NEWS b/NEWS
index 5ad8640cea..99fa152efc 100644
--- a/NEWS
+++ b/NEWS
@@ -12,6 +12,9 @@ PHP                                                                        NEWS
   . Added Shift_JIS Emoji (pictograms) support. (rui)
   . Ill-formed UTF-8 check for security enhancements. (rui)
 
+- Improved NSAPI SAPI: (Uwe Schindler)
+  . Don't set $_SERVER['HTTPS'] on unsecure connection (bug #55403).
+
 04 Aug 2011, PHP 5.4.0 Alpha 3
 - Added features:
  . Short array syntax, see UPGRADING guide for full details (rsky0711 at gmail 
diff --git a/sapi/nsapi/nsapi.c b/sapi/nsapi/nsapi.c
index fa73301f62..a2081eb0c8 100644
--- a/sapi/nsapi/nsapi.c
+++ b/sapi/nsapi/nsapi.c
@@ -723,7 +723,9 @@ static void sapi_nsapi_register_server_variables(zval *track_vars_array TSRMLS_D
 	nsapi_free(value);
 
 	php_register_variable("SERVER_SOFTWARE", system_version(), track_vars_array TSRMLS_CC);
-	php_register_variable("HTTPS", (security_active ? "ON" : "OFF"), track_vars_array TSRMLS_CC);
+	if (security_active) {
+		php_register_variable("HTTPS", "ON", track_vars_array TSRMLS_CC);
+	}
 	php_register_variable("GATEWAY_INTERFACE", "CGI/1.1", track_vars_array TSRMLS_CC);
 
 	/* DOCUMENT_ROOT */