Fix: force redirect to https could not work for some environments

htdocs/conf/conf.php.example

@@ -198,10 +198,13 @@ $dolibarr_main_authentication='dolibarr';
 
 // dolibarr_main_force_https
 // This parameter allows to force the HTTPS mode. 
+// 0 = No forced redirect
+// 1 = Force redirect to https until SCRIPT_URI start with https
+// 2 = Force redirect to https until SERVER["HTTPS"] is 'on'
 // Warning: If you enable this parameter, your web server must be configured
 // to respond URL with https protocol.
 // Default value: 0
-// Possible values: 0 or 1
+// Possible values: 0, 1 or 2
 // Examples:
 // $dolibarr_main_force_https='0';
 //

htdocs/main.inc.php

@@ -196,9 +196,9 @@ if (isset($_SERVER["HTTP_USER_AGENT"]))
 if (! empty($conf->file->main_force_https))
 {
     $newurl='';
-    if ($conf->file->main_force_https == '1')
+    if (is_numeric($conf->file->main_force_https))
     {
-        if (! empty($_SERVER["SCRIPT_URI"]))	// If SCRIPT_URI supported by server
+        if ($conf->file->main_force_https == '1' && ! empty($_SERVER["SCRIPT_URI"]))	// If SCRIPT_URI supported by server
         {
             if (preg_match('/^http:/i',$_SERVER["SCRIPT_URI"]) && ! preg_match('/^https:/i',$_SERVER["SCRIPT_URI"]))	// If link is http
             {
@@ -215,9 +215,14 @@ if (! empty($conf->file->main_force_https))
         }
     }
     else
+    {
+        // Check HTTPS environment variable (Apache/mod_ssl only)
+        // $_SERVER["HTTPS"] is 'on' when link is https, otherwise $_SERVER["HTTPS"] is empty or 'off'
+        if (empty($_SERVER["HTTPS"]) || $_SERVER["HTTPS"] != 'on')		// If link is http
         {
             $newurl=$conf->file->main_force_https.$_SERVER["REQUEST_URI"];
         }
+    }
     // Start redirect
     if ($newurl)
     {