From 60ac4002536c6861b294009cb46d774310a0c041 Mon Sep 17 00:00:00 2001
From: mc12345678 <mc12345678@users.noreply.github.com>
Date: Wed, 25 Jan 2017 22:18:38 -0500
Subject: [PATCH] Forces visitor to https if full site is setup for https and
 http is entered.

Per https://www.zen-cart.com/content.php?56-how-do-i-enable-ssl-after-i-have-installed-zen-cart,
if one is to set the entire site to https, then it is recommended that
SSL_ENABLED be set to false, but if the uri entered begins with http, then
the redirect to force the page to load via SSL is not activated and the
customer could enter data to the webpage without using the SSL.

Fixes #1369
---
 includes/modules/pages/contact_us/header_php.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/includes/modules/pages/contact_us/header_php.php b/includes/modules/pages/contact_us/header_php.php
index 79d2bb4b82..7e9febbe63 100644
--- a/includes/modules/pages/contact_us/header_php.php
+++ b/includes/modules/pages/contact_us/header_php.php
@@ -91,7 +91,7 @@
 } // end action==send
 
 
-if (ENABLE_SSL == 'true' && $request_type != 'SSL') {
+if ($request_type != 'SSL' && (ENABLE_SSL == 'true' || substr(HTTP_SERVER, 0, 5) == 'https')) {
   zen_redirect(zen_href_link(FILENAME_CONTACT_US, '', 'SSL'));
 }