Merge pull request #26 from mschwager/master

REQUEST_SCHEME issues on non-apache webservers

Author: mebjas

libs/csrf/csrfprotector.php

@@ -422,8 +422,19 @@ private static function logCSRFattack()
 		 */
 		private static function getCurrentUrl()
 		{
-			return $_SERVER['REQUEST_SCHEME'] .'://'
-				.$_SERVER['HTTP_HOST'] .$_SERVER['PHP_SELF'];
+			$request_scheme = 'https';
+
+			if (isset($_SERVER['REQUEST_SCHEME'])) {
+				$request_scheme = $_SERVER['REQUEST_SCHEME'];
+			} else {
+				if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on') {
+					$request_scheme = 'https';
+				} else {
+					$request_scheme = 'http';
+				}
+			}
+
+			return $request_scheme . '://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'];
 		}
 
 		/*