Index: branches/5.2.x/core/kernel/utility/http_query.php
===================================================================
diff -u -N -r13840 -r14092
--- branches/5.2.x/core/kernel/utility/http_query.php	(.../http_query.php)	(revision 13840)
+++ branches/5.2.x/core/kernel/utility/http_query.php	(.../http_query.php)	(revision 14092)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: http_query.php 13750 2010-06-09 20:01:41Z alex $
+* @version	$Id: http_query.php 14092 2010-11-26 22:43:15Z alex $
 * @package	In-Portal
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license      GNU/GPL
@@ -249,11 +249,8 @@
 				$this->processRewriteURL();
 			}
 
-			if (!defined('GW_NOTIFY') && !$rewrite_url && preg_match('/[\/]{0,1}index.php[\/]{0,1}/', $_SERVER['PHP_SELF']) && ($this->Get('t') != 'index')) {
-				// not in payment gateway notification script AND
-				// rewrite url is missing AND not a script from tools folder AND
-				// "index.php" was visited
-				// not on index page
+			if ( !$rewrite_url && $this->rewriteRedirectRequired() ) {
+				// rewrite url is missing (e.g. not a script from tools folder)
 				$url_params = $this->getRedirectParams();
 
 				// no idea about how to check, that given template require category to be passed with it, so pass anyway
@@ -269,6 +266,73 @@
 		}
 	}
 
+	/**
+	 * Checks, that non-rewrite url was visited and it's automatic rewrite is required
+	 *
+	 * @return bool
+	 */
+	function rewriteRedirectRequired()
+	{
+		$redirect_conditions = Array (
+			!$this->Application->Session->IsHTTPSRedirect(), // not https <-> http redirect
+			!$this->refererIsOurSite(), // referer doesn't match ssl path or non-ssl domain (same for site domains)
+			!defined('GW_NOTIFY'), // not in payment gateway notification script
+			preg_match('/[\/]{0,1}index.php[\/]{0,1}/', $_SERVER['PHP_SELF']), // "index.php" was visited
+			$this->Get('t') != 'index', // not on index page
+		);
+
+		$perform_redirect = true;
+
+		foreach ($redirect_conditions as $redirect_condition) {
+			$perform_redirect = $perform_redirect && $redirect_condition;
+
+			if (!$perform_redirect) {
+				return false;
+			}
+		}
+
+		return true;
+	}
+
+	/**
+	 * Checks, that referer is out site
+	 *
+	 * @return bool
+	 */
+	function refererIsOurSite()
+	{
+		if ( !array_key_exists('HTTP_REFERER', $_SERVER) ) {
+			// no referer -> don't care what happens
+			return false;
+		}
+
+		$site_helper =& $this->Application->recallObject('SiteHelper');
+		/* @var $site_helper SiteHelper */
+
+		$found = false;
+		$http_referer = $_SERVER['HTTP_REFERER'];
+		preg_match('/^(.*?):\/\/(.*?)(\/|$)/', $http_referer, $regs); // 1 - protocol, 2 - domain
+
+		if ($regs[1] == 'https') {
+			$found = $site_helper->getDomainByName('SSLUrl', $http_referer) > 0;
+
+			if (!$found) {
+				// check if referer starts with our ssl url
+				$ssl_url = $this->Application->ConfigValue('SSL_URL');
+				$found = $ssl_url && preg_match('/^' . preg_quote($ssl_url, '/') . '/', $http_referer);
+			}
+		}
+		else {
+			$found = $site_helper->getDomainByName('DomainName', $regs[2]) > 0;
+
+			if (!$found) {
+				$found = $regs[2] == DOMAIN;
+			}
+		}
+
+		return $found;
+	}
+
 	function convertFiles()
 	{
 		if (!$_FILES)