Move SSL redirection logic to Context::init()

2026-01-03 16:51:40 +09:00 · 2020-06-17 22:25:40 +09:00 · 2020-06-17 22:25:40 +09:00 · b5740052fc
commit b5740052fc
parent 65df40ad9f
15 changed files with 199 additions and 126 deletions
--- a/classes/context/Context.class.php
+++ b/classes/context/Context.class.php
@ -133,12 +133,6 @@ class Context
 	 */
 	private static $_oFrontEndFileHandler = null;

-	/**
-	 * SSL action cache file
-	 * @var array
-	 */
-	private static $_ssl_actions_cache_file = 'files/cache/common/ssl_actions.php';
-
 	/**
 	 * SSL action cache
 	 */
@ -199,13 +193,6 @@ class Context
 			self::$_oFrontEndFileHandler = self::$_instance->oFrontEndFileHandler = new FrontEndFileHandler();
 			self::$_get_vars = self::$_get_vars ?: new stdClass;
 			self::$_tpl_vars = self::$_tpl_vars ?: new stdClass;
-
-			// Include SSL action cache file.
-			self::$_ssl_actions_cache_file = RX_BASEDIR . self::$_ssl_actions_cache_file;
-			if(Rhymix\Framework\Storage::exists(self::$_ssl_actions_cache_file))
-			{
-				self::$_ssl_actions = (include self::$_ssl_actions_cache_file) ?: array();
-			}
 		}
 		return self::$_instance;
 	}
@ -287,9 +274,19 @@ class Context
 		}
 		
 		// Redirect to SSL if the current domain always uses SSL.
-		if ($site_module_info->security === 'always' && !RX_SSL && PHP_SAPI !== 'cli' && !$site_module_info->is_default_replaced)
+		if (!RX_SSL && PHP_SAPI !== 'cli' && $site_module_info->security === 'always' && !$site_module_info->is_default_replaced)
 		{
-			$ssl_url = self::getDefaultUrl($site_module_info) . RX_REQUEST_URL;
+			$ssl_url = self::getDefaultUrl($site_module_info, true) . RX_REQUEST_URL;
+			self::setCacheControl(0);
+			header('Location: ' . $ssl_url, true, 301);
+			exit;
+		}
+		
+		// Redirect to SSL if the current action requires SSL.
+		self::$_ssl_actions = $site_module_info->security === 'optional' ? ModuleModel::getActionSecurity() : array();
+		if (!RX_SSL && count(self::$_ssl_actions) && self::isExistsSSLAction(self::get('act')) && self::getRequestMethod() === 'GET')
+		{
+			$ssl_url = self::getDefaultUrl($site_module_info, true) . RX_REQUEST_URL;
 			self::setCacheControl(0);
 			header('Location: ' . $ssl_url, true, 301);
 			exit;
@ -619,7 +616,7 @@ class Context
 	 *
 	 * @return object SSL status (Optional - none|always|optional)
 	 */
-	public static function getSslStatus()
+	public static function getSSLStatus()
 	{
 		return self::get('_use_ssl');
 	}
@ -628,9 +625,10 @@ class Context
 	 * Return default URL
 	 *
 	 * @param object $site_module_info (optional)
+	 * @param bool $use_ssl (optional)
 	 * @return string Default URL
 	 */
-	public static function getDefaultUrl($site_module_info = null)
+	public static function getDefaultUrl($site_module_info = null, $use_ssl = null)
 	{
 		if ($site_module_info === null && ($default_url = self::get('_default_url')))
 		{
@ -642,9 +640,9 @@ class Context
 			$site_module_info = self::get('site_module_info');
 		}
 		
-		$prefix = $site_module_info->security === 'always' ? 'https://' : 'http://';
+		$prefix = ($site_module_info->security === 'always' || $use_ssl) ? 'https://' : 'http://';
 		$hostname = $site_module_info->domain;
-		$port = $site_module_info->security === 'always' ? $site_module_info->https_port : $site_module_info->http_port;
+		$port = ($prefix === 'https://') ? $site_module_info->https_port : $site_module_info->http_port;
 		$result = $prefix . $hostname . ($port ? sprintf(':%d', $port) : '') . RX_BASEURL;
 		return $result;
 	}
@ -1993,40 +1991,25 @@ class Context
 	 */
 	public static function addSSLAction($action)
 	{
-		if(isset(self::$_ssl_actions[$action]))
+		if (!ModuleModel::getActionSecurity($action))
 		{
-			return;
+			getController('module')->insertActionSecurity($action);
 		}
-		
-		self::$_ssl_actions[$action] = 1;
-		$buff = '<?php return ' . var_export(self::$_ssl_actions, true) . ';';
-		Rhymix\Framework\Storage::write(self::$_ssl_actions_cache_file, $buff);
+		self::$_ssl_actions[$action] = true;
 	}

 	/**
 	 * Register if actions are to be encrypted by SSL. Those actions are sent to https in common/js/xml_handler.js
 	 *
-	 * @param string $action act name
+	 * @param array $action_array
 	 * @return void
 	 */
 	public static function addSSLActions($action_array)
 	{
-		$changed = false;
 		foreach($action_array as $action)
 		{
-			if(!isset(self::$_ssl_actions[$action]))
-			{
-				self::$_ssl_actions[$action] = 1;
-				$changed = true;
-			}
+			self::addSSLAction($action);
 		}
-		if(!$changed)
-		{
-			return;
-		}
-		
-		$buff = '<?php return ' . var_export(self::$_ssl_actions, true) . ';';
-		Rhymix\Framework\Storage::write(self::$_ssl_actions_cache_file, $buff);
 	}

 	/**
@ -2037,14 +2020,11 @@ class Context
 	 */
 	public static function subtractSSLAction($action)
 	{
-		if(!isset(self::$_ssl_actions[$action]))
+		if (ModuleModel::getActionSecurity($action))
 		{
-			return;
+			getController('module')->deleteActionSecurity($action);
 		}
-		
 		unset(self::$_ssl_actions[$action]);
-		$buff = '<?php return ' . var_export(self::$_ssl_actions, true) . ';';
-		Rhymix\Framework\Storage::write(self::$_ssl_actions_cache_file, $buff);
 	}

 	/**
@ -2054,7 +2034,7 @@ class Context
 	 */
 	public static function getSSLActions()
 	{
-		if(self::getSslStatus() == 'optional')
+		if(self::getSSLStatus() == 'optional')
 		{
 			return self::$_ssl_actions;
 		}
--- a/classes/module/ModuleHandler.class.php
+++ b/classes/module/ModuleHandler.class.php
@ -114,22 +114,6 @@ class ModuleHandler extends Handler
 			return;
 		}

-		if(isset($this->act) && (strlen($this->act) >= 4 && substr_compare($this->act, 'disp', 0, 4) === 0))
-		{
-			if(Context::get('_use_ssl') == 'optional' && Context::isExistsSSLAction($this->act) && !RX_SSL)
-			{
-				if(Context::get('_https_port') != null)
-				{
-					header('location: https://' . $_SERVER['HTTP_HOST'] . ':' . Context::get('_https_port') . $_SERVER['REQUEST_URI']);
-				}
-				else
-				{
-					header('location: https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
-				}
-				return;
-			}
-		}
-
 		// call a trigger before moduleHandler init
 		self::triggerCall('moduleHandler.init', 'before', $this);

--- a/common/framework/parsers/moduleactionparser.php
+++ b/common/framework/parsers/moduleactionparser.php
@ -142,6 +142,7 @@ class ModuleActionParser
 			$action_info->standalone = trim($action['standalone']) === 'false' ? 'false' : 'true';
 			$action_info->check_csrf = (trim($action['check_csrf']) ?: trim($action['check-csrf'])) === 'false' ? 'false' : 'true';
 			$action_info->meta_noindex = (trim($action['meta_noindex']) ?: trim($action['meta-noindex'])) === 'true' ? 'true' : 'false';
+			$action_info->use_ssl = (trim($action['use_ssl']) ?: trim($action['use-ssl'])) === 'true' ? 'true' : 'false';
 			$info->action->{$action_name} = $action_info;
 			
 			// Set the menu name and index settings.
--- a/modules/board/board.class.php
+++ b/modules/board/board.class.php
@ -25,18 +25,6 @@ class board extends ModuleObject
 	 */
 	function __construct()
 	{
-		if(!Context::isInstalled()) return;
-
-		if(!Context::isExistsSSLAction('dispBoardWrite') && Context::getSslStatus() == 'optional')
-		{
-			$ssl_actions = array('dispBoardWrite', 'dispBoardWriteComment', 'dispBoardReplyComment', 'dispBoardModifyComment', 'dispBoardDelete', 'dispBoardDeleteComment', 'procBoardInsertDocument', 'procBoardDeleteDocument', 'procBoardInsertComment', 'procBoardDeleteComment', 'procBoardVerificationPassword');
-			Context::addSSLActions($ssl_actions);
-		}
-		if(!Context::isExistsSSLAction('dispTempSavedList') && Context::getSslStatus() == 'optional')
-		{
-			Context::addSSLAction('dispTempSavedList');
-		}
-
 		parent::__construct();
 	}

--- a/modules/board/conf/module.xml
+++ b/modules/board/conf/module.xml
@ -68,25 +68,25 @@
 			<route route="category/$category:int/page/$page:int" priority="40" />
 			<route route="page/$page:int" priority="10" />
 		</action>
-		<action name="dispBoardWrite" type="view" permission="write_document" standalone="false" meta-noindex="true">
+		<action name="dispBoardWrite" type="view" permission="write_document" standalone="false" meta-noindex="true" use-ssl="true">
 			<route route="write" />
 			<route route="$document_srl/edit" />
 		</action>
-		<action name="dispBoardDelete" type="view" permission="write_document" standalone="false" meta-noindex="true" route="$document_srl/delete" />
-		<action name="dispBoardWriteComment" type="view" permission="write_comment" standalone="false" meta-noindex="true" route="$document_srl/comment" />
-		<action name="dispBoardReplyComment" type="view" permission="write_comment" standalone="false" meta-noindex="true">
+		<action name="dispBoardDelete" type="view" permission="write_document" standalone="false" meta-noindex="true" use-ssl="true" route="$document_srl/delete" />
+		<action name="dispBoardWriteComment" type="view" permission="write_comment" standalone="false" meta-noindex="true" use-ssl="true" route="$document_srl/comment" />
+		<action name="dispBoardReplyComment" type="view" permission="write_comment" standalone="false" meta-noindex="true" use-ssl="true">
 			<route route="comment/$comment_srl/reply" />
 			<route route="comment/$comment_srl/reply$document_srl:delete" />
 		</action>
-		<action name="dispBoardModifyComment" type="view" permission="write_comment" standalone="false" meta-noindex="true">
+		<action name="dispBoardModifyComment" type="view" permission="write_comment" standalone="false" meta-noindex="true" use-ssl="true">
 			<route route="comment/$comment_srl/edit" />
 			<route route="comment/$comment_srl/edit$document_srl:delete" />
 		</action>
-		<action name="dispBoardDeleteComment" type="view" permission="write_comment" standalone="false" meta-noindex="true">
+		<action name="dispBoardDeleteComment" type="view" permission="write_comment" standalone="false" meta-noindex="true" use-ssl="true">
 			<route route="comment/$comment_srl/delete" />
 			<route route="comment/$comment_srl/delete$document_srl:delete" />
 		</action>
-		<action name="dispBoardDeleteTrackback" type="view" permission="list,view" standalone="false" meta-noindex="true" />
+		<action name="dispBoardDeleteTrackback" type="view" permission="list,view" standalone="false" meta-noindex="true" use-ssl="true" />
 		<action name="dispBoardContentList" type="view" permission="list" standalone="false" />
 		<action name="dispBoardContentView" type="view" permission="view" standalone="false" />
 		<action name="dispBoardUpdateLog" type="view" permission="update_view" standalone="false" />
@ -102,13 +102,13 @@
 		<action name="dispBoardCommentPage" type="view" permission="view" standalone="false" />
 		<action name="getBoardCommentPage" type="mobile" permission="view" standalone="false" />
 		
-		<action name="procBoardInsertDocument" type="controller" permission="write_document" standalone="false" ruleset="insertDocument" />
-		<action name="procBoardDeleteDocument" type="controller" permission="write_document" standalone="false" />
-		<action name="procBoardRevertDocument" type="controller" permission="update_view" standalone="false" />
-		<action name="procBoardInsertComment" type="controller" permission="write_comment" standalone="false" />
-		<action name="procBoardDeleteComment" type="controller" permission="write_comment" standalone="false" />
-		<action name="procBoardDeleteTrackback" type="controller" permission="list,view" standalone="false" />
-		<action name="procBoardVerificationPassword" type="controller" permission="view" standalone="false" />
+		<action name="procBoardInsertDocument" type="controller" permission="write_document" standalone="false" use-ssl="true" ruleset="insertDocument" />
+		<action name="procBoardDeleteDocument" type="controller" permission="write_document" standalone="false" use-ssl="true" />
+		<action name="procBoardRevertDocument" type="controller" permission="update_view" standalone="false" use-ssl="true" />
+		<action name="procBoardInsertComment" type="controller" permission="write_comment" standalone="false" use-ssl="true" />
+		<action name="procBoardDeleteComment" type="controller" permission="write_comment" standalone="false" use-ssl="true" />
+		<action name="procBoardDeleteTrackback" type="controller" permission="list,view" standalone="false" use-ssl="true" />
+		<action name="procBoardVerificationPassword" type="controller" permission="view" standalone="false" use-ssl="true" />
 		<action name="procBoardVoteDocument" type="controller" permission="view" standalone="false" />
 		
 		<action name="dispBoardAdminContent" type="view" admin_index="true" menu_name="board" menu_index="true" />
--- a/modules/document/conf/module.xml
+++ b/modules/document/conf/module.xml
@ -4,7 +4,7 @@
 	<actions>
 		<action name="dispDocumentPrint" type="view" meta-noindex="true"/>
 		<action name="dispDocumentPreview" type="view" meta-noindex="true"/>
-		<action name="dispTempSavedList" type="view" permission="member" meta-noindex="true"/>
+		<action name="dispTempSavedList" type="view" permission="member" meta-noindex="true" use-ssl="true" />
 		<action name="dispDocumentDeclare" type="view" permission="member" meta-noindex="true" />
 		<action name="dispDocumentManageDocument" type="view" permission="all-managers" meta-noindex="true" />
 		
--- a/modules/install/install.admin.controller.php
+++ b/modules/install/install.admin.controller.php
@ -26,6 +26,7 @@ class installAdminController extends install
 		$oInstallController->installModule($module_name, './modules/'.$module_name);
 		$oModuleController = getController('module');
 		$oModuleController->registerActionForwardRoutes($module_name);
+		$oModuleController->registerSecureActions($module_name);
 		$this->setMessage('success_installed');
 	}

@ -51,7 +52,13 @@ class installAdminController extends install
 		}
 		
 		$oModuleController = getController('module');
-		$oModuleController->registerActionForwardRoutes($module_name);
+		$output = $oModuleController->registerActionForwardRoutes($module_name);
+		if($output instanceof BaseObject && !$output->toBool())
+		{
+			Rhymix\Framework\Session::start();
+			return $output;
+		}
+		$output = $oModuleController->registerSecureActions($module_name);
 		if($output instanceof BaseObject && !$output->toBool())
 		{
 			Rhymix\Framework\Session::start();
--- a/modules/member/conf/module.xml
+++ b/modules/member/conf/module.xml
@ -2,42 +2,42 @@
 <module>
 	<grants />
 	<actions>
-		<action name="dispMemberSignUpForm" type="view" meta-noindex="true" route="signup" />
-		<action name="dispMemberLoginForm" type="view" meta-noindex="true" route="login" />
-		<action name="dispMemberFindAccount" type="view" meta-noindex="true" />
-		<action name="dispMemberResendAuthMail" type="view" meta-noindex="true" />
+		<action name="dispMemberSignUpForm" type="view" meta-noindex="true" use-ssl="true" route="signup" />
+		<action name="dispMemberLoginForm" type="view" meta-noindex="true" use-ssl="true" route="login" />
+		<action name="dispMemberFindAccount" type="view" meta-noindex="true" use-ssl="true" />
+		<action name="dispMemberResendAuthMail" type="view" meta-noindex="true" use-ssl="true" />
 		<action name="dispMemberInfo" type="view" permission="member" meta-noindex="true" route="member_info" />
-		<action name="dispMemberModifyInfo" type="view" permission="member" meta-noindex="true" />
-		<action name="dispMemberModifyPassword" type="view" permission="member" meta-noindex="true" />
-		<action name="dispMemberModifyEmailAddress" type="view" permission="member" meta-noindex="true" />
-		<action name="dispMemberLeave" type="view" permission="member" meta-noindex="true" />
-		<action name="dispMemberScrappedDocument" type="view" permission="member" meta-noindex="true" route="my_scrap" />
-		<action name="dispMemberSavedDocument" type="view" permission="member" meta-noindex="true" route="my_saved_documents" />
-		<action name="dispMemberOwnDocument" type="view" permission="member" meta-noindex="true" route="my_documents" />
-		<action name="dispMemberOwnComment" type="view" permission="member" meta-noindex="true" route="my_comments" />
-		<action name="dispMemberActiveLogins" type="view" permission="member" meta-noindex="true" route="active_logins" />
-		<action name="dispMemberModifyNicknameLog" type="view" permission="member" meta-noindex="true" />
+		<action name="dispMemberModifyInfo" type="view" permission="member" meta-noindex="true" use-ssl="true" />
+		<action name="dispMemberModifyPassword" type="view" permission="member" meta-noindex="true" use-ssl="true" />
+		<action name="dispMemberModifyEmailAddress" type="view" permission="member" meta-noindex="true" use-ssl="true" />
+		<action name="dispMemberLeave" type="view" permission="member" meta-noindex="true" use-ssl="true" />
+		<action name="dispMemberScrappedDocument" type="view" permission="member" meta-noindex="true" use-ssl="true" route="my_scrap" />
+		<action name="dispMemberSavedDocument" type="view" permission="member" meta-noindex="true" use-ssl="true" route="my_saved_documents" />
+		<action name="dispMemberOwnDocument" type="view" permission="member" meta-noindex="true" use-ssl="true" route="my_documents" />
+		<action name="dispMemberOwnComment" type="view" permission="member" meta-noindex="true" use-ssl="true" route="my_comments" />
+		<action name="dispMemberActiveLogins" type="view" permission="member" meta-noindex="true" use-ssl="true" route="active_logins" />
+		<action name="dispMemberModifyNicknameLog" type="view" permission="member" meta-noindex="true" use-ssl="true" />
 		<action name="dispMemberLogout" type="view" permission="member" meta-noindex="true" />
 		<action name="dispMemberSpammer" type="view" permission="manager" check_var="module_srl" meta-noindex="true" />
 		
 		<action name="getMemberMenu" type="model" />
 		<action name="getApiGroups" type="model" permission="root" />
 		
-		<action name="procMemberInsert" type="controller" ruleset="@insertMember" />
+		<action name="procMemberInsert" type="controller" ruleset="@insertMember" use-ssl="true" />
 		<action name="procMemberCheckValue" type="controller" />
-		<action name="procMemberLogin" type="controller" ruleset="@login" />
-		<action name="procMemberFindAccount" type="controller" method="GET|POST" ruleset="findAccount" />
-		<action name="procMemberFindAccountByQuestion" type="controller" method="GET|POST" />
-		<action name="procMemberAuthAccount" type="controller" method="GET|POST" />
-		<action name="procMemberAuthEmailAddress" type="controller" method="GET|POST" />
-		<action name="procMemberResendAuthMail" type="controller" ruleset="resendAuthMail" />
-		<action name="procMemberSendVerificationSMS" type="controller" />
-		<action name="procMemberConfirmVerificationSMS" type="controller" />
-		<action name="procMemberModifyInfoBefore" type="controller" permission="member" ruleset="recheckedPassword" />
-		<action name="procMemberModifyInfo" type="controller" permission="member" ruleset="@insertMember" />
-		<action name="procMemberModifyPassword" type="controller" permission="member" ruleset="modifyPassword" />
-		<action name="procMemberModifyEmailAddress" type="controller" permission="member" ruleset="modifyEmailAddress" />
-		<action name="procMemberLeave" type="controller" permission="member" ruleset="leaveMember" />
+		<action name="procMemberLogin" type="controller" ruleset="@login" use-ssl="true" />
+		<action name="procMemberFindAccount" type="controller" method="GET|POST" ruleset="findAccount" use-ssl="true" />
+		<action name="procMemberFindAccountByQuestion" type="controller" method="GET|POST" use-ssl="true" />
+		<action name="procMemberAuthAccount" type="controller" method="GET|POST" use-ssl="true" />
+		<action name="procMemberAuthEmailAddress" type="controller" method="GET|POST" use-ssl="true" />
+		<action name="procMemberResendAuthMail" type="controller" ruleset="resendAuthMail" use-ssl="true" />
+		<action name="procMemberSendVerificationSMS" type="controller" use-ssl="true" />
+		<action name="procMemberConfirmVerificationSMS" type="controller" use-ssl="true" />
+		<action name="procMemberModifyInfoBefore" type="controller" permission="member" ruleset="recheckedPassword" use-ssl="true" />
+		<action name="procMemberModifyInfo" type="controller" permission="member" ruleset="@insertMember" use-ssl="true" />
+		<action name="procMemberModifyPassword" type="controller" permission="member" ruleset="modifyPassword" use-ssl="true" />
+		<action name="procMemberModifyEmailAddress" type="controller" permission="member" ruleset="modifyEmailAddress" use-ssl="true" />
+		<action name="procMemberLeave" type="controller" permission="member" ruleset="leaveMember" use-ssl="true" />
 		<action name="procMemberInsertProfileImage" type="controller" permission="member" ruleset="insertProfileImage" />
 		<action name="procMemberDeleteProfileImage" type="controller" permission="member" />
 		<action name="procMemberInsertImageName" type="controller" permission="member" ruleset="insertImageName" />
--- a/modules/member/member.class.php
+++ b/modules/member/member.class.php
@ -20,15 +20,6 @@ class member extends ModuleObject {
 	 */
 	function __construct()
 	{
-		if(!Context::isInstalled()) return;
-
-		// Set to use SSL upon actions related member join/information/password and so on. 2013.02.15
-		if(!Context::isExistsSSLAction('dispMemberModifyPassword') && Context::getSslStatus() == 'optional')
-		{
-			$ssl_actions = array('dispMemberModifyPassword', 'dispMemberSignUpForm', 'dispMemberModifyInfo', 'dispMemberModifyEmailAddress', 'dispMemberResendAuthMail', 'dispMemberLoginForm', 'dispMemberFindAccount', 'dispMemberLeave', 'procMemberLogin', 'procMemberModifyPassword', 'procMemberInsert', 'procMemberModifyInfo', 'procMemberFindAccount', 'procMemberModifyEmailAddress', 'procMemberResendAuthMail', 'procMemberLeave'/*, 'getMemberMenu'*/, 'procMemberFindAccountByQuestion');
-			Context::addSSLActions($ssl_actions);
-		}
-
 		parent::__construct();
 	}

--- a/modules/module/module.controller.php
+++ b/modules/module/module.controller.php
@ -49,6 +49,32 @@ class moduleController extends module
 		return $output;
 	}

+	/**
+	 * @brief Add action security
+	 */
+	function insertActionSecurity($act)
+	{
+		$args = new stdClass();
+		$args->act = $act;
+		$output = executeQuery('module.insertActionSecurity', $args);
+
+		Rhymix\Framework\Cache::delete('action_security');
+		return $output;
+	}
+
+	/**
+	 * @brief Delete action security
+	 */
+	function deleteActionSecurity($act)
+	{
+		$args = new stdClass();
+		$args->act = $act;
+		$output = executeQuery('module.deleteActionSecurity', $args);
+
+		Rhymix\Framework\Cache::delete('action_security');
+		return $output;
+	}
+
 	/**
 	 * @brief Add trigger callback function
 	 * 
@ -1362,6 +1388,28 @@ class moduleController extends module
 		
 		return new BaseObject();
 	}
+	
+	/**
+	 * Check if all secure actions are registered. If not, register them.
+	 * 
+	 * @param string $module_name
+	 * @return object
+	 */
+	public function registerSecureActions(string $module_name)
+	{
+		$action_security = ModuleModel::getActionSecurity();
+		$module_action_info = ModuleModel::getModuleActionXml($module_name);
+		
+		foreach ($module_action_info->action ?: [] as $action_name => $action_info)
+		{
+			if ($action_info->use_ssl === 'true' && !isset($action_security[$action_name]))
+			{
+				$output = $this->insertActionSecurity($action_name);
+			}
+		}
+		
+		return new BaseObject();
+	}
 }
 /* End of file module.controller.php */
 /* Location: ./modules/module/module.controller.php */
--- a/modules/module/module.model.php
+++ b/modules/module/module.model.php
@ -602,6 +602,38 @@ class moduleModel extends module
 		return $action_forward[$act];
 	}

+	/**
+	 * @brief Get SSL action setting
+	 */
+	public static function getActionSecurity($act = null)
+	{
+		$action_security = Rhymix\Framework\Cache::get('action_security');
+		if($action_security === null)
+		{
+			$args = new stdClass();
+			$output = executeQueryArray('module.getActionSecurity', $args);
+			if(!$output->toBool())
+			{
+				return;
+			}
+			
+			$action_security = array();
+			foreach($output->data as $item)
+			{
+				$action_security[$item->act] = true;
+			}
+			
+			Rhymix\Framework\Cache::set('action_security', $action_security, 0, true);
+		}
+		
+		if(!isset($act))
+		{
+			return $action_security;
+		}
+		
+		return isset($action_security[$act]) ? true : false;
+	}
+
 	/**
 	 * @brief Get trigger functions
 	 */
@ -1347,6 +1379,9 @@ class moduleModel extends module
 		
 		// Get action forward
 		$action_forward = self::getActionForward();
+		
+		// Get action security
+		$action_security = self::getActionSecurity();

 		foreach ($searched_list as $module_name)
 		{
@ -1431,6 +1466,15 @@ class moduleModel extends module
 						$info->need_update = true;
 					}
 				}
+				
+				// Check if all secure actions are registered
+				foreach ($module_action_info->action ?: [] as $action_name => $action_info)
+				{
+					if ($action_info->use_ssl === 'true' && !isset($action_security[$action_name]))
+					{
+						$info->need_update = true;
+					}
+				}
 			}
 			$list[] = $info;
 		}
--- a/modules/module/queries/deleteActionSecurity.xml
+++ b/modules/module/queries/deleteActionSecurity.xml
@ -0,0 +1,8 @@
+<query id="deleteActionSecurity" action="delete">
+    <tables>
+        <table name="action_security" />
+    </tables>
+    <conditions>
+        <condition operation="equal" column="act" var="act" notnull="notnull" />
+    </conditions>
+</query>
--- a/modules/module/queries/getActionSecurity.xml
+++ b/modules/module/queries/getActionSecurity.xml
@ -0,0 +1,11 @@
+<query id="getActionSecurity" action="select">
+    <tables>
+        <table name="action_security" />
+    </tables>
+    <columns>
+        <column name="*" />
+    </columns>
+    <conditions>
+        <condition operation="equal" column="act" var="act" />
+    </conditions>
+</query>
--- a/modules/module/queries/insertActionSecurity.xml
+++ b/modules/module/queries/insertActionSecurity.xml
@ -0,0 +1,8 @@
+<query id="insertActionSecurity" action="insert">
+    <tables>
+        <table name="action_security" />
+    </tables>
+    <columns>
+        <column name="act" var="act" notnull="notnull" />
+    </columns>
+</query>
--- a/modules/module/schemas/action_security.xml
+++ b/modules/module/schemas/action_security.xml
@ -0,0 +1,3 @@
+<table name="action_security">
+    <column name="act" type="varchar" size="80" notnull="notnull" primary_key="primary_key" />
+</table>