[gentoo-commits] proj/bouncer:master commit in: php/

[Robin H. Johnson]

commit:     bc71b364401e993934cbd167714eec8337ca156a
Author:     Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>
AuthorDate: Mon Dec 10 06:56:54 2018 +0000
Commit:     Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>
CommitDate: Mon Dec 10 06:56:54 2018 +0000
URL:        https://gitweb.gentoo.org/proj/bouncer.git/commit/?id=bc71b364

index: do not downgrade to HTTP

Signed-off-by: Robin H. Johnson <robbat2 <AT> gentoo.org>

 php/index.php | 25 +++++++++++++++++++++++--
 1 file changed, 23 insertions(+), 2 deletions(-)

diff --git a/php/index.php b/php/index.php
index abb9671..357e25d 100644
--- a/php/index.php
+++ b/php/index.php
@@ -25,13 +25,34 @@ if (!empty($_GET['os'])&&!empty($_GET['product'])) {
     $os_id = DB::name_to_id('mirror_os','os_id','os_name',$os_name);
     $product_id = 
DB::name_to_id('mirror_products','product_id','product_name',$product_name);
 
+    // From pure HTTP request, you might get upgraded
+    // From HTTPS request, you should NOT be downgraded.
+    $baseurl_prefix = $_SERVER['HTTPS'] === 'on' ? 'https%' : 'http%';
+
     // do we have a valid os and product?
     if (!empty($os_id)&&!empty($product_id)) {
-        $location = DB::get_one("SELECT location_id,location_path FROM 
mirror_locations WHERE product_id=? AND os_id=?", PDO::FETCH_ASSOC, 
[$product_id, $os_id]);
+        $location = DB::get_one("SELECT location_id, location_path FROM 
mirror_locations WHERE product_id=:product_id AND os_id=:os_id",
+                                PDO::FETCH_ASSOC,
+                                array(':product_id' => $product_id, ':os_id' 
=> $os_id));
 
         // did we get a valid location?
         if (!empty($location)) {
-            $mirror = DB::get_one("SELECT 
mirror_mirrors.mirror_id,mirror_baseurl FROM mirror_mirrors JOIN 
mirror_location_mirror_map ON mirror_mirrors.mirror_id = 
mirror_location_mirror_map.mirror_id WHERE 
mirror_location_mirror_map.location_id = ? AND mirror_active='1' AND 
location_active ='1' ORDER BY rand()*(1/mirror_rating)", PDO::FETCH_ASSOC, 
[$location['location_id']]);
+                       $mirror = DB::get_one("SELECT
+                               mirror_mirrors.mirror_id, mirror_baseurl
+                FROM mirror_mirrors
+                JOIN mirror_location_mirror_map ON mirror_mirrors.mirror_id = 
mirror_location_mirror_map.mirror_id
+                WHERE
+                    mirror_location_mirror_map.location_id = :location_id
+                    AND mirror_active='1'
+                    AND location_active ='1'
+                    AND mirror_baseurl LIKE :baseurl_prefix
+                ORDER BY
+                    rand()*(1.0/mirror_rating)",
+                PDO::FETCH_ASSOC,
+                array(
+                    ':location_id' => $location['location_id'],
+                    ':baseurl_prefix' => $baseurl_prefix,
+                ));
 
             // did we get a valid mirror?
             if (!empty($mirror)) {