CodeSOD: On SSL

, Software Pundits
This post was originally published on this site

The Daily WTF

Mark was trawling through the WordPress code, tracking down a bug in an extension, when he noticed this particular method for deciding whether or not WordPress is served via HTTPS or not.

function is_ssl() { if ( isset($_SERVER[‘HTTPS’]) ) { if ( ‘on’ == strtolower($_SERVER[‘HTTPS’]) ) return true; if ( ‘1’ == $_SERVER[‘HTTPS’] ) return true; } elseif ( isset($_SERVER[‘SERVER_PORT’]) && ( ‘443’ == $_SERVER[‘SERVER_PORT’] ) ) { return true; } return false; }

So, the first half of this is ugly but forgivable, given the problems of truthiness. We first check if the HTTPS server variable is set to either a 1 or an on. According to the PHP docs, any non-empty value means it’s running on HTTPS, so it’s technically an incorrect check. I strongly suspect, though, that it’s a workaround for a badly behaving web server- I see a world where some server running PHP sets

To read the full article click on the 'post' link at the top.

Date

You May Also Like

A Tapestry of Threads

Error'd: Are You Old Enough to Know Better?

Perfect Uptime

Classic WTF: Working Around, Over and Through the Process

CodeSOD: Constantly Magic

CodeSOD: In House Refactoring

More Posts From: Software Pundits

Error'd: Mais Que Nada

Social Media Engagement in Early 2025

Representative Line: Get Explosive

CodeSOD: Join Us in this Query

I've been kidnapped by Robert Caro

CodeSOD: A Ruby Encrusted Footgun