Forces visitor to https if full site is setup for https and http is e…

…ntered. Per https://www.zen-cart.com/content.php?56-how-do-i-enable-ssl-after-i-have-installed-zen-cart, if one is to set the entire site to https, then it is recommended that SSL_ENABLED be set to false, but if the uri entered begins with http, then the redirect to force the page to load via SSL is not activated and the customer could enter data to the webpage without using the SSL. Fixes zencart#1369
mc12345678 · Jan 26, 2017 · 60ac400 · 60ac400
1 parent 459da9a
commit 60ac400
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/includes/modules/pages/contact_us/header_php.php b/includes/modules/pages/contact_us/header_php.php
@@ -91,7 +91,7 @@
 } // end action==send
 
 
-if (ENABLE_SSL == 'true' && $request_type != 'SSL') {
+if ($request_type != 'SSL' && (ENABLE_SSL == 'true' || substr(HTTP_SERVER, 0, 5) == 'https')) {
   zen_redirect(zen_href_link(FILENAME_CONTACT_US, '', 'SSL'));
 }