diff --git a/core/includes/common.inc b/core/includes/common.inc index f4c7e00..9f19e2b 100644 --- a/core/includes/common.inc +++ b/core/includes/common.inc @@ -2062,7 +2062,7 @@ function url($path = NULL, array $options = array()) { if ($options['query']) { $path .= (strpos($path, '?') !== FALSE ? '&' : '?') . drupal_http_build_query($options['query']); } - if (isset($options['https']) && variable_get('https', FALSE)) { + if (isset($options['https']) && config('system.site')->get('https')) { if ($options['https'] === TRUE) { $path = str_replace('http://', 'https://', $path); } @@ -2078,7 +2078,7 @@ function url($path = NULL, array $options = array()) { // The base_url might be rewritten from the language rewrite in domain mode. if (!isset($options['base_url'])) { - if (isset($options['https']) && variable_get('https', FALSE)) { + if (isset($options['https']) && config('system.site')->get('https')) { if ($options['https'] === TRUE) { $options['base_url'] = $base_secure_url; $options['absolute'] = TRUE; diff --git a/core/includes/form.inc b/core/includes/form.inc index 830dc75..6f12d77 100644 --- a/core/includes/form.inc +++ b/core/includes/form.inc @@ -1795,7 +1795,7 @@ function form_builder($form_id, &$element, &$form_state) { // Special handling if we're on the top level form element. if (isset($element['#type']) && $element['#type'] == 'form') { - if (!empty($element['#https']) && variable_get('https', FALSE) && + if (!empty($element['#https']) && config('system.site')->get('https') && !url_is_external($element['#action'])) { global $base_root; diff --git a/core/includes/session.inc b/core/includes/session.inc index 31e67a6..5f0d868 100644 --- a/core/includes/session.inc +++ b/core/includes/session.inc @@ -188,14 +188,14 @@ function _drupal_session_write($sid, $value) { // The "secure pages" setting allows a site to simultaneously use both // secure and insecure session cookies. If enabled and both cookies are // presented then use both keys. - if (variable_get('https', FALSE)) { + if (config('system.site')->get('https')) { $insecure_session_name = substr(session_name(), 1); if (isset($_COOKIE[$insecure_session_name])) { $key['sid'] = $_COOKIE[$insecure_session_name]; } } } - elseif (variable_get('https', FALSE)) { + elseif (config('system.site')->get('https')) { unset($key['ssid']); } @@ -239,7 +239,7 @@ function drupal_session_initialize() { // We use !empty() in the following check to ensure that blank session IDs // are not valid. - if (!empty($_COOKIE[session_name()]) || ($is_https && variable_get('https', FALSE) && !empty($_COOKIE[substr(session_name(), 1)]))) { + if (!empty($_COOKIE[session_name()]) || ($is_https && config('system.site')->get('https') && !empty($_COOKIE[substr(session_name(), 1)]))) { // If a session cookie exists, initialize the session. Otherwise the // session is only started on demand in drupal_session_commit(), making // anonymous users not use a session cookie unless something is stored in @@ -260,7 +260,7 @@ function drupal_session_initialize() { // anonymous users than are generated in drupal_session_regenerate() when // a user becomes authenticated. session_id(drupal_hash_base64(uniqid(mt_rand(), TRUE))); - if ($is_https && variable_get('https', FALSE)) { + if ($is_https && config('system.site')->get('https')) { $insecure_session_name = substr(session_name(), 1); $session_id = drupal_hash_base64(uniqid(mt_rand(), TRUE)); $_COOKIE[$insecure_session_name] = $session_id; @@ -315,7 +315,7 @@ function drupal_session_commit() { // started. if (!drupal_session_started()) { drupal_session_start(); - if ($is_https && variable_get('https', FALSE)) { + if ($is_https && config('system.site')->get('https')) { $insecure_session_name = substr(session_name(), 1); $params = session_get_cookie_params(); $expire = $params['lifetime'] ? REQUEST_TIME + $params['lifetime'] : 0; @@ -351,7 +351,7 @@ function drupal_session_regenerate() { return; } - if ($is_https && variable_get('https', FALSE)) { + if ($is_https && config('system.site')->get('https')) { $insecure_session_name = substr(session_name(), 1); if (!isset($GLOBALS['lazy_session']) && isset($_COOKIE[$insecure_session_name])) { $old_insecure_session_id = $_COOKIE[$insecure_session_name]; @@ -380,7 +380,7 @@ function drupal_session_regenerate() { $fields['ssid'] = session_id(); // If the "secure pages" setting is enabled, use the newly-created // insecure session identifier as the regenerated sid. - if (variable_get('https', FALSE)) { + if (config('system.site')->get('https')) { $fields['sid'] = $session_id; } } @@ -440,7 +440,7 @@ function _drupal_session_destroy($sid) { if ($is_https) { _drupal_session_delete_cookie(substr(session_name(), 1), FALSE); } - elseif (variable_get('https', FALSE)) { + elseif (config('system.site')->get('https')) { _drupal_session_delete_cookie('S' . session_name(), TRUE); } } diff --git a/core/modules/language/language.negotiation.inc b/core/modules/language/language.negotiation.inc index 9521247..1cb828a 100644 --- a/core/modules/language/language.negotiation.inc +++ b/core/modules/language/language.negotiation.inc @@ -484,7 +484,7 @@ function language_url_rewrite_url(&$path, &$options) { $options['base_url'] .= ':' . $port; } - if (isset($options['https']) && variable_get('https', FALSE)) { + if (isset($options['https']) && config('system.site')->get('https')) { if ($options['https'] === TRUE) { $options['base_url'] = str_replace('http://', 'https://', $options['base_url']); } diff --git a/core/modules/language/lib/Drupal/language/Tests/LanguageUILanguageNegotiationTest.php b/core/modules/language/lib/Drupal/language/Tests/LanguageUILanguageNegotiationTest.php index 9200d89..ab03b78 100644 --- a/core/modules/language/lib/Drupal/language/Tests/LanguageUILanguageNegotiationTest.php +++ b/core/modules/language/lib/Drupal/language/Tests/LanguageUILanguageNegotiationTest.php @@ -461,11 +461,11 @@ function testLanguageDomain() { $this->assertTrue($italian_url == $correct_link, format_string('The url() function returns the right URL (@url) in accordance with the chosen language', array('@url' => $italian_url))); // Test HTTPS via options. - variable_set('https', TRUE); + config('system.site')->set('https', '1')->save(); $italian_url = url('admin', array('https' => TRUE, 'language' => $languages['it'], 'script' => '')); $correct_link = 'https://' . $link; $this->assertTrue($italian_url == $correct_link, format_string('The url() function returns the right HTTPS URL (via options) (@url) in accordance with the chosen language', array('@url' => $italian_url))); - variable_set('https', FALSE); + config('system.site')->set('https', '0')->save(); // Test HTTPS via current URL scheme. $temp_https = $is_https; diff --git a/core/modules/system/config/system.site.yml b/core/modules/system/config/system.site.yml index b642dc8..da448a0 100644 --- a/core/modules/system/config/system.site.yml +++ b/core/modules/system/config/system.site.yml @@ -7,3 +7,4 @@ page: front: user admin_compact_mode: '0' weight_select_max: '100' +https: '0' diff --git a/core/modules/system/lib/Drupal/system/Tests/Session/SessionHttpsTest.php b/core/modules/system/lib/Drupal/system/Tests/Session/SessionHttpsTest.php index 0ab45a9..dbaaf25 100644 --- a/core/modules/system/lib/Drupal/system/Tests/Session/SessionHttpsTest.php +++ b/core/modules/system/lib/Drupal/system/Tests/Session/SessionHttpsTest.php @@ -113,7 +113,7 @@ protected function testHttpsSession() { } // Enable secure pages. - variable_set('https', TRUE); + config('system.site')->set('https', '1')->save(); $this->curlClose(); // Start an anonymous session on the insecure site. diff --git a/core/modules/system/system.install b/core/modules/system/system.install index 7b9effa..647fa07 100644 --- a/core/modules/system/system.install +++ b/core/modules/system/system.install @@ -1638,6 +1638,7 @@ function system_update_8012() { 'site_403' => 'page.403', 'site_404' => 'page.404', 'drupal_weight_select_max' => 'weight_select_max', + 'https' => 'https', )); }