From 233b5e5883e5f4dd6d6ab28569508cb06822b832 Mon Sep 17 00:00:00 2001
From: Victor Boctor <victor@mantishub.net>
Date: Thu, 6 Apr 2017 21:06:15 -0700
Subject: [PATCH] Honor HTTP_X_FORWARDED_PROTO for Gravatar

When behind a proxy/load balancer and HTTP_X_FORWARDED_PROTO indicates
that MantisBT is accessed via https, make sure all resources are loaded via https.

Fixes #22689
---
 core/http_api.php | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/core/http_api.php b/core/http_api.php
index d33a36585f..0014787fd7 100644
--- a/core/http_api.php
+++ b/core/http_api.php
@@ -40,7 +40,15 @@
  * @return boolean True if protocol is HTTPS
  */
 function http_is_protocol_https() {
-	return !empty( $_SERVER['HTTPS'] ) && ( utf8_strtolower( $_SERVER['HTTPS'] ) != 'off' );
+	if( isset( $_SERVER['HTTP_X_FORWARDED_PROTO'] ) ) {
+		return strtolower( $_SERVER['HTTP_X_FORWARDED_PROTO'] ) == 'https';
+	}
+
+	if( !empty( $_SERVER['HTTPS'] ) && ( strtolower( $_SERVER['HTTPS'] ) != 'off' ) ) {
+		return true;
+	}
+
+	return false;
 }
 
 /**