let avatars be served over SSL

3 files changed, 17 insertions, 3 deletions

diff --git a/README b/README
index 2b021b36c..9843ab89b 100644
--- a/README
+++ b/README
@@ -1192,6 +1192,8 @@ server: If set, defines another server where avatars are stored in the
 	typically only make 2 connections to a single server at a
 	time <http://ur1.ca/6ih>, so this can parallelize the job.
 	Defaults to null.
+ssl:    Whether to access avatars using HTTPS. Defaults to null, meaning
+        to guess based on site-wide SSL settings.
 
 public
 ------
diff --git a/classes/Avatar.php b/classes/Avatar.php
index 91bde0f04..dbe2cd813 100644
--- a/classes/Avatar.php
+++ b/classes/Avatar.php
@@ -82,9 +82,20 @@ class Avatar extends Memcached_DataObject
             $server = common_config('site', 'server');
         }
 
-        // XXX: protocol
+        $ssl = common_config('avatar', 'ssl');
+
+        if (is_null($ssl)) { // null -> guess
+            if (common_config('site', 'ssl') == 'always' &&
+                !common_config('avatar', 'server')) {
+                $ssl = true;
+            } else {
+                $ssl = false;
+            }
+        }
+
+        $protocol = ($ssl) ? 'https' : 'http';
 
-        return 'http://'.$server.$path.$filename;
+        return $protocol.'://'.$server.$path.$filename;
     }
 
     function displayUrl()
diff --git a/lib/default.php b/lib/default.php
index fd6831fa9..d19e04036 100644
--- a/lib/default.php
+++ b/lib/default.php
@@ -111,7 +111,8 @@ $default =
         'avatar' =>
         array('server' => null,
               'dir' => INSTALLDIR . '/avatar/',
-              'path' => $_path . '/avatar/'),
+              'path' => $_path . '/avatar/',
+              'ssl' => null),
         'background' =>
         array('server' => null,
               'dir' => INSTALLDIR . '/background/',