Improved register_globals handling

16 years ago · a8e97840d7
parent b71a0a3a4b
commit a8e97840d7
1 changed files with 14 additions and 8 deletions
--- a/includes/general.php
+++ b/includes/general.php
@ -37,25 +37,31 @@

 	require_once($_SESSION['_config']['filepath']."/includes/mysql.php");

-	if($_SERVER['HTTP_HOST'] != $_SESSION['_config']['normalhostname'] &&
+	if(array_key_exists('HTTP_HOST',$_SERVER) &&
+			$_SERVER['HTTP_HOST'] != $_SESSION['_config']['normalhostname'] &&
 			$_SERVER['HTTP_HOST'] != $_SESSION['_config']['securehostname'] &&
 			$_SERVER['HTTP_HOST'] != $_SESSION['_config']['tverify'] &&
 			$_SERVER['HTTP_HOST'] != "stamp.cacert.org")
 	{
-		if($_SERVER['HTTPS'] == "on")
+		if(array_key_exists('HTTPS',$_SERVER) && $_SERVER['HTTPS'] == "on")
 			header("location: https://".$_SESSION['_config']['normalhostname']);
 		else
 			header("location: http://".$_SESSION['_config']['normalhostname']);
 		exit;
 	}

-	if(($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] ||
-			$_SERVER['HTTP_HOST'] == $_SESSION['_config']['tverify']) &&
-			$_SERVER['HTTP_HOST'] != "stamp.cacert.org" &&
-			$_SERVER['HTTPS'] != "on")
+	if(array_key_exists('HTTP_HOST',$_SERVER) && 
+			($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] ||
+			$_SERVER['HTTP_HOST'] == $_SESSION['_config']['tverify']))
 	{
-		header("location: https://".$_SERVER['HTTP_HOST']);
-		exit;
+		if(array_key_exists('HTTPS',$_SERVER) && $_SERVER['HTTPS'] == "on")
+		{
+		}
+		else
+		{
+			header("location: https://".$_SERVER['HTTP_HOST']);
+			exit;
+		}
 	}

 	$lang = "";