From c059da31385c82f9f2d33ca280d9595b816ec3b4 Mon Sep 17 00:00:00 2001
From: ovclas <ovclas@gmail.com>
Date: Wed, 22 Aug 2012 04:46:23 +0000
Subject: [PATCH] issue 2234 if access http protocol instead of https protocol,
 redirect to https (only https setting action and https option on)

git-svn-id: http://xe-core.googlecode.com/svn/branches/1.5.3.2@11054 201d5d3c-b55e-5fd7-737f-ddc643e51545
---
 classes/context/Context.class.php      | 36 +++++++++++++++++++++++---
 classes/module/ModuleHandler.class.php |  9 +++++++
 2 files changed, 41 insertions(+), 4 deletions(-)

diff --git a/classes/context/Context.class.php b/classes/context/Context.class.php
index 61c8c586e..12ea39802 100644
--- a/classes/context/Context.class.php
+++ b/classes/context/Context.class.php
@@ -41,6 +41,11 @@ class Context {
 	 * @var object
 	 */
 	var $ftp_info = NULL;
+	/**
+	 * ssl action cache file
+	 * @var array
+	 */
+	var $sslActionCacheFile = './files/cache/sslCacheFile.php';
 	/**
 	 * List of actions to be sent via ssl (it is used by javascript xml handler for ajax)
 	 * @var array
@@ -118,6 +123,17 @@ class Context {
 		static $theInstance = null;
 		if(!$theInstance) $theInstance = new Context();
 
+		// include ssl action cache file
+		$theInstance->sslActionCacheFile = FileHandler::getRealPath($theInstance->sslActionCacheFile);
+		if(is_readable($theInstance->sslActionCacheFile))
+		{
+			require_once($theInstance->sslActionCacheFile);
+			if(isset($sslActions))
+			{
+				$theInstance->ssl_actions = $sslActions;
+			}
+		}
+
 		return $theInstance;
 	}
 
@@ -1263,16 +1279,28 @@ class Context {
 		return new stdClass;
 	}
 
+
 	/**
 	 * Register if actions is to be encrypted by SSL. Those actions are sent to https in common/js/xml_handler.js
 	 *
 	 * @param string $action act name
 	 * @return void
 	 */
-	function addSSLAction($action) {
+	function addSSLAction($action)
+	{
 		is_a($this,'Context')?$self=&$this:$self=&Context::getInstance();
-		if(in_array($action, $self->ssl_actions)) return;
-		$self->ssl_actions[] = $action;
+
+		if(!is_readable($self->sslActionCacheFile))
+		{
+			$buff = '<?php if(!defined("__XE__"))exit;';
+			FileHandler::writeFile($self->sslActionCacheFile, $buff);
+		}
+
+		if(!isset($self->ssl_actions[$action]))
+		{
+			$sslActionCacheString = sprintf('$sslActions[\'%s\'] = 1;', $action);
+			FileHandler::writeFile($self->sslActionCacheFile, $sslActionCacheString, 'a');
+		}
 	}
 
 	/**
@@ -1293,7 +1321,7 @@ class Context {
 	 */
 	function isExistsSSLAction($action) {
 		is_a($this,'Context')?$self=&$this:$self=&Context::getInstance();
-		return in_array($action, $self->ssl_actions);
+		return isset($self->ssl_actions[$action]);
 	}
 
 	/**
diff --git a/classes/module/ModuleHandler.class.php b/classes/module/ModuleHandler.class.php
index c890a9135..df639a65c 100644
--- a/classes/module/ModuleHandler.class.php
+++ b/classes/module/ModuleHandler.class.php
@@ -60,6 +60,15 @@
 				exit;
 			}
 
+			if(isset($this->act) && substr($this->act, 0, 4) == 'disp')
+			{
+				if(Context::get('_use_ssl') == 'optional' && Context::isExistsSSLAction($this->act) && $_SERVER['HTTPS'] != 'on')
+				{
+					header('location:https://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
+					return;
+				}
+			}
+
             // execute addon (before module initialization)
             $called_position = 'before_module_init';
             $oAddonController = &getController('addon');