From 5d370c7e9606ca01047509aff34d71dc8cf80b42 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Wed, 12 Dec 2012 02:37:15 +0100
Subject: [PATCH] Fix: force redirect to https could not work for some
 environments

---
 htdocs/conf/conf.php.example |  7 +++++--
 htdocs/main.inc.php          | 13 +++++++++----
 2 files changed, 14 insertions(+), 6 deletions(-)

diff --git a/htdocs/conf/conf.php.example b/htdocs/conf/conf.php.example
index dd006d7755e..98cb5e96dc3 100644
--- a/htdocs/conf/conf.php.example
+++ b/htdocs/conf/conf.php.example
@@ -197,11 +197,14 @@ $dolibarr_main_authentication='dolibarr';
 //##################
 
 // dolibarr_main_force_https
-// This parameter allows to force the HTTPS mode.
+// This parameter allows to force the HTTPS mode. 
+// 0 = No forced redirect
+// 1 = Force redirect to https until SCRIPT_URI start with https
+// 2 = Force redirect to https until SERVER["HTTPS"] is 'on'
 // Warning: If you enable this parameter, your web server must be configured
 // to respond URL with https protocol.
 // Default value: 0
-// Possible values: 0 or 1
+// Possible values: 0, 1 or 2
 // Examples:
 // $dolibarr_main_force_https='0';
 //
diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php
index 2a13c7f19e5..0daf63ff750 100644
--- a/htdocs/main.inc.php
+++ b/htdocs/main.inc.php
@@ -196,9 +196,9 @@ if (isset($_SERVER["HTTP_USER_AGENT"]))
 if (! empty($conf->file->main_force_https))
 {
     $newurl='';
-    if ($conf->file->main_force_https == '1')
+    if (is_numeric($conf->file->main_force_https))
     {
-        if (! empty($_SERVER["SCRIPT_URI"]))	// If SCRIPT_URI supported by server
+        if ($conf->file->main_force_https == '1' && ! empty($_SERVER["SCRIPT_URI"]))	// If SCRIPT_URI supported by server
         {
             if (preg_match('/^http:/i',$_SERVER["SCRIPT_URI"]) && ! preg_match('/^https:/i',$_SERVER["SCRIPT_URI"]))	// If link is http
             {
@@ -216,7 +216,12 @@ if (! empty($conf->file->main_force_https))
     }
     else
     {
-        $newurl=$conf->file->main_force_https.$_SERVER["REQUEST_URI"];
+        // Check HTTPS environment variable (Apache/mod_ssl only)
+        // $_SERVER["HTTPS"] is 'on' when link is https, otherwise $_SERVER["HTTPS"] is empty or 'off'
+        if (empty($_SERVER["HTTPS"]) || $_SERVER["HTTPS"] != 'on')		// If link is http
+        {
+            $newurl=$conf->file->main_force_https.$_SERVER["REQUEST_URI"];
+        }
     }
     // Start redirect
     if ($newurl)
@@ -792,7 +797,7 @@ if (! function_exists("llxHeader"))
 	function llxHeader($head = '', $title='', $help_url='', $target='', $disablejs=0, $disablehead=0, $arrayofjs='', $arrayofcss='', $morequerystring='')
 	{
 	    global $conf;
-	
+
 		top_htmlhead($head, $title, $disablejs, $disablehead, $arrayofjs, $arrayofcss);	// Show html headers
 		if (empty($conf->global->MAIN_HIDE_TOP_MENU))
 		{
-- 
GitLab