From e35ba0e2121977d123159a18581c229b26054e74 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <noreply@fakecake.org>
Date: Fri, 5 May 2017 10:16:54 +0300
Subject: add sanity check for SELF_URL_PATH going to http url if server is
 accessed over https

---
 include/sanity_check.php | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'include/sanity_check.php')

diff --git a/include/sanity_check.php b/include/sanity_check.php
index 3b3e281ec..12cc5579d 100755
--- a/include/sanity_check.php
+++ b/include/sanity_check.php
@@ -147,6 +147,12 @@
 			if (!class_exists("DOMDocument")) {
 				array_push($errors, "PHP support for DOMDocument is required, but was not found.");
 			}
+
+			$self_scheme = parse_url(SELF_URL_PATH, PHP_URL_SCHEME);
+
+			if ($_SERVER['HTTPS'] && $self_scheme == 'http') {
+				array_push($errors, "You are accessing tt-rss over SSL but SELF_URL_PATH in config.php refers to a http:// URL.");
+			}
 		}
 
 		if (count($errors) > 0 && $_SERVER['REQUEST_URI']) { ?>
-- 
cgit v1.2.3