Author: bugzillawiki
Description:
So looks like there's a bug if a mediawiki site has https enabled but doesn't want https anywhere other than login. So if the client comes via non-secure and goes to login with a secured wiki, then proceeds to login (and hasn't chosen to force SSL), the site continues to be in SSL.
Expected behavior: If a client logs in from non-ssl and the wiki has SSL enabled, and the client has not set "force ssl", the client should return to the non-secure wiki.
This patch should fix that behavior since the 'fromhttp' parameter wasn't being sent back to the post page properly:
https://gerrit.wikimedia.org/r/#/c/164882/
Version: 1.23.5
Severity: normal