1 |
commit: bc71b364401e993934cbd167714eec8337ca156a |
2 |
Author: Robin H. Johnson <robbat2 <AT> gentoo <DOT> org> |
3 |
AuthorDate: Mon Dec 10 06:56:54 2018 +0000 |
4 |
Commit: Robin H. Johnson <robbat2 <AT> gentoo <DOT> org> |
5 |
CommitDate: Mon Dec 10 06:56:54 2018 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/bouncer.git/commit/?id=bc71b364 |
7 |
|
8 |
index: do not downgrade to HTTP |
9 |
|
10 |
Signed-off-by: Robin H. Johnson <robbat2 <AT> gentoo.org> |
11 |
|
12 |
php/index.php | 25 +++++++++++++++++++++++-- |
13 |
1 file changed, 23 insertions(+), 2 deletions(-) |
14 |
|
15 |
diff --git a/php/index.php b/php/index.php |
16 |
index abb9671..357e25d 100644 |
17 |
--- a/php/index.php |
18 |
+++ b/php/index.php |
19 |
@@ -25,13 +25,34 @@ if (!empty($_GET['os'])&&!empty($_GET['product'])) { |
20 |
$os_id = DB::name_to_id('mirror_os','os_id','os_name',$os_name); |
21 |
$product_id = DB::name_to_id('mirror_products','product_id','product_name',$product_name); |
22 |
|
23 |
+ // From pure HTTP request, you might get upgraded |
24 |
+ // From HTTPS request, you should NOT be downgraded. |
25 |
+ $baseurl_prefix = $_SERVER['HTTPS'] === 'on' ? 'https%' : 'http%'; |
26 |
+ |
27 |
// do we have a valid os and product? |
28 |
if (!empty($os_id)&&!empty($product_id)) { |
29 |
- $location = DB::get_one("SELECT location_id,location_path FROM mirror_locations WHERE product_id=? AND os_id=?", PDO::FETCH_ASSOC, [$product_id, $os_id]); |
30 |
+ $location = DB::get_one("SELECT location_id, location_path FROM mirror_locations WHERE product_id=:product_id AND os_id=:os_id", |
31 |
+ PDO::FETCH_ASSOC, |
32 |
+ array(':product_id' => $product_id, ':os_id' => $os_id)); |
33 |
|
34 |
// did we get a valid location? |
35 |
if (!empty($location)) { |
36 |
- $mirror = DB::get_one("SELECT mirror_mirrors.mirror_id,mirror_baseurl FROM mirror_mirrors JOIN mirror_location_mirror_map ON mirror_mirrors.mirror_id = mirror_location_mirror_map.mirror_id WHERE mirror_location_mirror_map.location_id = ? AND mirror_active='1' AND location_active ='1' ORDER BY rand()*(1/mirror_rating)", PDO::FETCH_ASSOC, [$location['location_id']]); |
37 |
+ $mirror = DB::get_one("SELECT |
38 |
+ mirror_mirrors.mirror_id, mirror_baseurl |
39 |
+ FROM mirror_mirrors |
40 |
+ JOIN mirror_location_mirror_map ON mirror_mirrors.mirror_id = mirror_location_mirror_map.mirror_id |
41 |
+ WHERE |
42 |
+ mirror_location_mirror_map.location_id = :location_id |
43 |
+ AND mirror_active='1' |
44 |
+ AND location_active ='1' |
45 |
+ AND mirror_baseurl LIKE :baseurl_prefix |
46 |
+ ORDER BY |
47 |
+ rand()*(1.0/mirror_rating)", |
48 |
+ PDO::FETCH_ASSOC, |
49 |
+ array( |
50 |
+ ':location_id' => $location['location_id'], |
51 |
+ ':baseurl_prefix' => $baseurl_prefix, |
52 |
+ )); |
53 |
|
54 |
// did we get a valid mirror? |
55 |
if (!empty($mirror)) { |