[geeklog-users] Avoid hardcoding http protocol in {site_url}

Drago Goricanec drago-l-gl at goricanec.com
Mon Feb 16 19:34:25 EST 2004


I modified geeklog code to detect whether http or https was used to connect, and
then write all URLs using the resulting protocol. The reason is that I didn't
want to leave either my password, or my weblog information on a computer or
network that I didn't trust (when administering the site), but I didn't want
all users to be forced to use https.

Current code uses $_CONF['site_url'] for all URL references. If 'http:' is
hardcoded here, then even if the connection is over 'https', all references to
images and links within the site remain 'http'.

I changed all URL references to my geeklog site to be relative to {site_url}
(i.e., {site_url} doesn't appear in any of the templates). I changed the layout
header to emit <base href="{site_url}/">. {site_url} still exists, but it is
dynamically created based on the protocol used to connect (http or https) with
a path to the weblog. Trailing '/' is omitted. All other URLs, such as
{site_admin_url} are relative to {site_url}. Even images in stories are stored
with a relative URL. 

I also added a secure/normal login link to switch between http and https just
below the login form.

Would others be interested in this change? I can provide a patch against the
latest source. What is the process of submitting such patches?

Drago



More information about the geeklog-users mailing list