Use of secured scheme for external apis in case of https

lib/classes/http/request.class.php

@@ -94,6 +94,13 @@ class http_request
     return false;
   }
   
+  public function is_secure()
+  {
+    return (
+        isset($_SERVER['HTTPS']) && (strtolower($_SERVER['HTTPS']) == 'on' || $_SERVER['HTTPS'] == 1)
+    );
+  }
+
   public function comes_from_flash()
   {
     return (isset($_SERVER['HTTP_USER_AGENT']) && preg_match('/\bflash\b/i', $_SERVER['HTTP_USER_AGENT']) > 0);

templates/mobile/lightbox/index.twig

@@ -70,7 +70,7 @@
     <p>Phraseanet Version {{session.get_version()}}</p>
     <p>
       <a href='http://www.gnu.org/licenses/gpl.html' target='_blank'>
-        <img src='http://www.gnu.org/graphics/gplv3-88x31.png' style='vertical-align:middle;'/>
+        <img src='http{{ request.is_secure() ? 's' : '' }}://www.gnu.org/graphics/gplv3-88x31.png' style='vertical-align:middle;'/>
       </a>
     </p>
     <p>License <a href="http://www.gnu.org/licenses/gpl.html" target="_blank">GNU GPL v3</a></p>

templates/mobile/report/header.twig

@@ -26,7 +26,7 @@
                     dmax : '{{ dashboard_array.dmax_req }}'
                 };
             </script>
-            <script type="text/javascript" src="http://www.google.com/jsapi"></script>
+            <script type="text/javascript" src="http{{ request.is_secure() ? 's' : '' }}://www.google.com/jsapi"></script>
       <script type="text/javascript" src="/include/jslibs/jquery-1.5.2.js"></script>
       <script type="text/javascript" src="/include/jslibs/jquery-ui-1.8.12/js/jquery-ui-1.8.12.custom.min.js"></script>
             <script type="text/javascript" src="/include/minify/g=reportmobile"></script>

templates/web/login/index.twig

@@ -46,8 +46,8 @@
         {% endif %}
         {% if display_chrome_frame and session.get_cookie('gfc_box') == false %}
         <!--[if IE]>
-        <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/chrome-frame/1.0.2/CFInstall.min.js"></script>
-        <link href="http://www.google.com/css/modules/buttons/g-button.css" type="text/css" rel="stylesheet">
+        <script type="text/javascript" src="http{{ request.is_secure() ? 's' : '' }}://ajax.googleapis.com/ajax/libs/chrome-frame/1.0.2/CFInstall.min.js"></script>
+        <link href="http{{ request.is_secure() ? 's' : '' }}://www.google.com/css/modules/buttons/g-button.css" type="text/css" rel="stylesheet">
         <style type="text/css">
             #gfc_prompt{
                 width: 950px;
@@ -59,7 +59,7 @@
                 <div>
                     <span>
                         <span>
-                            <a target="_blank" href="http://www.google.com/chromeframe/eula.html">Get Google Chrome Frame (Beta)</a>
+                            <a target="_blank" href="http{{ request.is_secure() ? 's' : '' }}://www.google.com/chromeframe/eula.html">Get Google Chrome Frame (Beta)</a>
                         </span>
                     </span>
                 </div>

templates/web/login/index_layout_displaycooliris.twig

@@ -51,13 +51,13 @@
       height="360">
         <param name="wmode" value="transparent">
         <param name="movie"
-          value="http://apps.cooliris.com/embed/cooliris.swf" />
+          value="http{{ request.is_secure() ? 's' : '' }}://apps.cooliris.com/embed/cooliris.swf" />
         <param name="allowFullScreen" value="true" />
         <param name="allowScriptAccess" value="always" />
         <param name="flashvars"
           value="feed=/feeds/cooliris/&glowColor=#0077BC&style=dark&backgroundColor=#000000&showChrome=false&showEMbed=false&showSearch=false" />
         <embed wmode="transparent" type="application/x-shockwave-flash"
-          src="http://apps.cooliris.com/embed/cooliris.swf"
+          src="http{{ request.is_secure() ? 's' : '' }}://apps.cooliris.com/embed/cooliris.swf"
           flashvars="feed=/feeds/cooliris/&glowColor=#0077BC&style=dark&backgroundColor=#000000&showChrome=false&showEMbed=false&showSearch=false"
           width="930"
           height="360"

templates/web/prod/index.html

@@ -1254,7 +1254,7 @@ function setCss(color)
 
 {% if GV_bitly_user is not empty and GV_bitly_key is not empty %}
 $(document).ready(function(){
-$("#bitly_loader").attr("src","http://bit.ly/javascript-api.js?version=latest&login={{GV_bitly_user}}&apiKey={{GV_bitly_key}}");
+$("#bitly_loader").attr("src","http{{ request.is_secure() ? 's' : '' }}://bit.ly/javascript-api.js?version=latest&login={{GV_bitly_user}}&apiKey={{GV_bitly_key}}");
 });
 {% endif %}
 </script>

templates/web/report/ajax_data_content.twig

@@ -1,5 +1,5 @@
 {% block ajax_data_content %}
-    <script type="text/javascript" src="http://www.google.com/jsapi"></script>
+    <script type="text/javascript" src="http{{ request.is_secure() ? 's' : '' }}://www.google.com/jsapi"></script>
     <script type="text/javascript">
         $("input[type=button]").button();
 

templates/web/report/all_content.twig

@@ -10,7 +10,6 @@
 {% endblock  icon%}
 
 {% block javascript %}
-    {#<script type="text/javascript"  src="http://getfirebug.com/releases/lite/1.2/firebug-lite-compressed.js"></script>#}
     <script type="text/javascript" >
 
             var usrId = '{{ dashboard.usr.get_id() }}' ;
@@ -38,7 +37,7 @@
             }
 
     </script>
-    <script type="text/javascript" src="http://www.google.com/jsapi"></script>
+    <script type="text/javascript" src="http{{ request.is_secure() ? 's' : '' }}://www.google.com/jsapi"></script>
   <script type="text/javascript" src="/include/jslibs/jquery-1.5.2.js"></script>
   <script type="text/javascript" src="/include/jslibs/jquery-ui-1.8.12/js/jquery-ui-1.8.12.custom.min.js"></script>
     <script type="text/javascript" src="/include/minify/g=report"></script>

www/client/index.php

@@ -738,8 +738,10 @@ if ($cssfile)
 <?php
                         if (trim($registry->get('GV_bitly_user')) !== '' && trim($registry->get('GV_bitly_key')) !== '')
                         {
+                          $request = new http_request();
 ?>                        
-                          <script type="text/javascript" src="http://bit.ly/javascript-api.js?version=latest&login=<?php echo $registry->get('GV_bitly_user') ?>&apiKey=<?php echo $registry->get('GV_bitly_key') ?>"></script>
+                          
+                        <script type="text/javascript" src="http<?php echo $request->is_secure() ? 's' : '' ?>://bit.ly/javascript-api.js?version=latest&login=<?php echo $registry->get('GV_bitly_user') ?>&apiKey=<?php echo $registry->get('GV_bitly_key') ?>"></script>
 <?php
                         }
 ?>