From 31715d0adfa7447276fc6b17c1d604ff13630fb4 Mon Sep 17 00:00:00 2001
From: HB9HIL <fabian.berg@hb9hil.org>
Date: Fri, 10 Oct 2025 21:48:44 +0200
Subject: [PATCH] make sure we also catch uppercase values in http headers for
 https check

---
 application/controllers/User.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/application/controllers/User.php b/application/controllers/User.php
index 9d0d1ee77..aed72819e 100644
--- a/application/controllers/User.php
+++ b/application/controllers/User.php
@@ -1534,13 +1534,13 @@ class User extends CI_Controller {
 	}
 
    	function https_check() {
-		if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on') {
+		if (isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) === 'on') {
 			return true;
 		}
-		if (!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') {
+		if (!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) === 'https') {
 			return true;
 		}
-		if (!empty($_SERVER['HTTP_X_FORWARDED_SSL']) && $_SERVER['HTTP_X_FORWARDED_SSL'] === 'on') {
+		if (!empty($_SERVER['HTTP_X_FORWARDED_SSL']) && strtolower($_SERVER['HTTP_X_FORWARDED_SSL']) === 'on') {
 			return true;
 		}
 		return false;