+ Start a Discussion
roMancerroMancer 

php sforce nusoap: no HTTPS?!?!

hi there,

we're using php_sforce_nusoap, and have been shocked by this line of code inside the package:

$this->client->forceEndpoint = str_replace("https", "http", $url);

(see php_sforce_nusoap/salesforce.php, function setURL($url))


we've modified the line like this:

 $this->client->forceEndpoint = $url;

and it still works.


sooo... question is:
why would they replace HTTPS by HTTP?
and why does it still work without the replacement?
which protocol does it use, after all?!
how secure is php_sforce_nusoap?!?!


any comments appreciated,
thanks in advance,

regards,
roMan

mbbendermbbender
I'm no expert so with that said I've been working some with the remoteFunction and the AJAX proxy and what I've found out so far is that you can not use mutliple protocols across one transaction. For example if you are logged into salesforce with http you need to access a php script via http. If you access salesforce.com with an https address you will need to call a php script through https. 

In order to workaround the requirement for using the same protocol I think the code you posted is making everything http.
roMancerroMancer
(
in addition to my initial post (above):
we're using an HTTPS URL / endpoint for our requests, which works fine:
https://emea.salesforce.com/services/Soap/u/9.0
)

thanks for your reply -
I can't locate any other occasion where the protocol (HTTP/S) is indicated or used within php_sforce_nusoap, except for the setURL()-function - so I think (hope! ;)) we're using HTTPS all over the place.

A quick grep through the php_sforce_nusoap code - with the modification mentioned above (no https-str_replace()) - looks like it's (now) really using https: I've found lots of if's testing for 'https' as the selected scheme/protocol in nusoap.php.

weird... I still wonder why they would replace https by http...?

regards,
roMan