diff options
author | Robin H. Johnson <robbat2@gentoo.org> | 2018-12-09 22:56:54 -0800 |
---|---|---|
committer | Robin H. Johnson <robbat2@gentoo.org> | 2018-12-09 22:56:54 -0800 |
commit | bc71b364401e993934cbd167714eec8337ca156a (patch) | |
tree | 44b808a775b307600387a043f9404df5bb409107 | |
parent | php: fix whitespace. (diff) | |
download | bouncer-bc71b364401e993934cbd167714eec8337ca156a.tar.gz bouncer-bc71b364401e993934cbd167714eec8337ca156a.tar.bz2 bouncer-bc71b364401e993934cbd167714eec8337ca156a.zip |
index: do not downgrade to HTTP
Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
-rw-r--r-- | php/index.php | 25 |
1 files changed, 23 insertions, 2 deletions
diff --git a/php/index.php b/php/index.php index abb9671..357e25d 100644 --- a/php/index.php +++ b/php/index.php @@ -25,13 +25,34 @@ if (!empty($_GET['os'])&&!empty($_GET['product'])) { $os_id = DB::name_to_id('mirror_os','os_id','os_name',$os_name); $product_id = DB::name_to_id('mirror_products','product_id','product_name',$product_name); + // From pure HTTP request, you might get upgraded + // From HTTPS request, you should NOT be downgraded. + $baseurl_prefix = $_SERVER['HTTPS'] === 'on' ? 'https%' : 'http%'; + // do we have a valid os and product? if (!empty($os_id)&&!empty($product_id)) { - $location = DB::get_one("SELECT location_id,location_path FROM mirror_locations WHERE product_id=? AND os_id=?", PDO::FETCH_ASSOC, [$product_id, $os_id]); + $location = DB::get_one("SELECT location_id, location_path FROM mirror_locations WHERE product_id=:product_id AND os_id=:os_id", + PDO::FETCH_ASSOC, + array(':product_id' => $product_id, ':os_id' => $os_id)); // did we get a valid location? if (!empty($location)) { - $mirror = DB::get_one("SELECT mirror_mirrors.mirror_id,mirror_baseurl FROM mirror_mirrors JOIN mirror_location_mirror_map ON mirror_mirrors.mirror_id = mirror_location_mirror_map.mirror_id WHERE mirror_location_mirror_map.location_id = ? AND mirror_active='1' AND location_active ='1' ORDER BY rand()*(1/mirror_rating)", PDO::FETCH_ASSOC, [$location['location_id']]); + $mirror = DB::get_one("SELECT + mirror_mirrors.mirror_id, mirror_baseurl + FROM mirror_mirrors + JOIN mirror_location_mirror_map ON mirror_mirrors.mirror_id = mirror_location_mirror_map.mirror_id + WHERE + mirror_location_mirror_map.location_id = :location_id + AND mirror_active='1' + AND location_active ='1' + AND mirror_baseurl LIKE :baseurl_prefix + ORDER BY + rand()*(1.0/mirror_rating)", + PDO::FETCH_ASSOC, + array( + ':location_id' => $location['location_id'], + ':baseurl_prefix' => $baseurl_prefix, + )); // did we get a valid mirror? if (!empty($mirror)) { |