From cafb91ec62ada50ebdc12e7ac1813c085f37e9a6 Mon Sep 17 00:00:00 2001
From: Tobias Diekershoff <tobias.diekershoff@gmx.net>
Date: Mon, 16 Aug 2021 19:05:27 +0200
Subject: [PATCH] Issue 10514: add TLS check to the installer

This PR adds a check to the installer which tries to determine whether the
request to the installer was made over an HTTPS line or not.

I've only tested it with an Apache2 server, but there it works.

Addresses #10514
---
 src/Core/Installer.php | 36 ++++++++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)

diff --git a/src/Core/Installer.php b/src/Core/Installer.php
index b2b84c618..355513ac7 100644
--- a/src/Core/Installer.php
+++ b/src/Core/Installer.php
@@ -129,6 +129,10 @@ class Installer
 			$returnVal = false;
 		}
 
+		if (!$this->checkTLS()) {
+			$returnVal = false;
+		}
+
 		if (!$this->checkKeys()) {
 			$returnVal = false;
 		}
@@ -580,6 +584,38 @@ class Installer
 		return $status;
 	}
 
+	/**
+	 * TLS Check
+	 *
+	 * Tries to determine wheather the connection to the server is secured
+	 * by TLS or not. If not the user will be warned that it is higly
+	 * encuraged to use TLS.
+	 *
+	 * @return bool (true) as TLS is not mandatory
+	 */
+	public function checkTLS()
+	{
+		$tls = false;
+
+		if (isset($_SERVER['HTTPS'])) {
+			if (($_SERVER['HTTPS'] == 1) || ($_SERVER['HTTPS'] == 'on')) {
+				$tls = true;
+			}
+		}
+		
+		if (!$tls) {
+			$help = DI::l10n()->t('The detection of TLS to secure the communication between the browser and the new Friendica server failed.');
+			$help .= ' ' . DI::l10n()->t('Please ensure that the connection to the server is secure.');
+			$this->addCheck(DI::l10n()->t('No TLS detected'), $tls, false, $help);
+		} else {
+			$this->addCheck(DI::l10n()->t('TLS detected'), $tls, false, '');
+		}
+
+
+		// TLS is not required
+		return true;
+	}
+
 	/**
 	 * Imagick Check
 	 *