Index: branches/5.1.x/core/kernel/utility/http_query.php
===================================================================
diff -u -N -r13750 -r13874
--- branches/5.1.x/core/kernel/utility/http_query.php	(.../http_query.php)	(revision 13750)
+++ branches/5.1.x/core/kernel/utility/http_query.php	(.../http_query.php)	(revision 13874)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: http_query.php 13750 2010-06-09 20:01:41Z alex $
+* @version	$Id: http_query.php 13874 2010-08-28 20:39:56Z alex $
 * @package	In-Portal
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license      GNU/GPL
@@ -249,11 +249,8 @@
 				$this->processRewriteURL();
 			}
 
-			if (!defined('GW_NOTIFY') && !$rewrite_url && preg_match('/[\/]{0,1}index.php[\/]{0,1}/', $_SERVER['PHP_SELF']) && ($this->Get('t') != 'index')) {
-				// not in payment gateway notification script AND
-				// rewrite url is missing AND not a script from tools folder AND
-				// "index.php" was visited
-				// not on index page
+			if ( !$rewrite_url && $this->rewriteRedirectRequired() ) {
+				// rewrite url is missing (e.g. not a script from tools folder)
 				$url_params = $this->getRedirectParams();
 
 				// no idea about how to check, that given template require category to be passed with it, so pass anyway
@@ -269,6 +266,73 @@
 		}
 	}
 
+	/**
+	 * Checks, that non-rewrite url was visited and it's automatic rewrite is required
+	 *
+	 * @return bool
+	 */
+	function rewriteRedirectRequired()
+	{
+		$redirect_conditions = Array (
+			!$this->Application->Session->IsHTTPSRedirect(), // not https <-> http redirect
+			!$this->refererIsOurSite(), // referer doesn't match ssl path or non-ssl domain (same for site domains)
+			!defined('GW_NOTIFY'), // not in payment gateway notification script
+			preg_match('/[\/]{0,1}index.php[\/]{0,1}/', $_SERVER['PHP_SELF']), // "index.php" was visited
+			$this->Get('t') != 'index', // not on index page
+		);
+
+		$perform_redirect = true;
+
+		foreach ($redirect_conditions as $redirect_condition) {
+			$perform_redirect = $perform_redirect && $redirect_condition;
+
+			if (!$perform_redirect) {
+				return false;
+			}
+		}
+
+		return true;
+	}
+
+	/**
+	 * Checks, that referer is out site
+	 *
+	 * @return bool
+	 */
+	function refererIsOurSite()
+	{
+		if ( !array_key_exists('HTTP_REFERER', $_SERVER) ) {
+			// no referer -> don't care what happens
+			return false;
+		}
+
+		$site_helper =& $this->Application->recallObject('SiteHelper');
+		/* @var $site_helper SiteHelper */
+
+		$found = false;
+		$http_referer = $_SERVER['HTTP_REFERER'];
+		preg_match('/^(.*?):\/\/(.*?)(\/|$)/', $http_referer, $regs); // 1 - protocol, 2 - domain
+
+		if ($regs[1] == 'https') {
+			$found = $site_helper->getDomainByName('SSLUrl', $http_referer) > 0;
+
+			if (!$found) {
+				// check if referer starts with our ssl url
+				$ssl_url = $this->Application->ConfigValue('SSL_URL');
+				$found = $ssl_url && preg_match('/^' . preg_quote($ssl_url, '/') . '/', $http_referer);
+			}
+		}
+		else {
+			$found = $site_helper->getDomainByName('DomainName', $regs[2]) > 0;
+
+			if (!$found) {
+				$found = $regs[2] == DOMAIN;
+			}
+		}
+
+		return $found;
+	}
+
 	function convertFiles()
 	{
 		if (!$_FILES)
Index: branches/5.1.x/core/kernel/application.php
===================================================================
diff -u -N -r13782 -r13874
--- branches/5.1.x/core/kernel/application.php	(.../application.php)	(revision 13782)
+++ branches/5.1.x/core/kernel/application.php	(.../application.php)	(revision 13874)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: application.php 13782 2010-06-15 20:41:16Z alex $
+* @version	$Id: application.php 13874 2010-08-28 20:39:56Z alex $
 * @package	In-Portal
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license      GNU/GPL
@@ -2152,7 +2152,13 @@
 
 		if ($this->isDebugMode() && (constOn('DBG_REDIRECT') || (constOn('DBG_RAISE_ON_WARNINGS') && $this->Application->Debugger->WarningCount))) {
 			$this->Debugger->appendTrace();
-			echo "<b>Debug output above!!!</b> Proceed to redirect: <a href=\"$location\">$location</a><br>";
+			echo '<strong>Debug output above !!!</strong><br/>' . "\n";
+
+			if ( array_key_exists('HTTP_REFERER', $_SERVER) ) {
+				echo 'Referer: <strong>' . $_SERVER['HTTP_REFERER'] . '</strong><br/>' . "\n";
+			}
+
+			echo "Proceed to redirect: <a href=\"{$location}\">{$location}</a><br/>\n";
 		}
 		else {
 			if ($js_redirect) {
Index: branches/5.1.x/core/units/helpers/site_helper.php
===================================================================
diff -u -N -r13559 -r13874
--- branches/5.1.x/core/units/helpers/site_helper.php	(.../site_helper.php)	(revision 13559)
+++ branches/5.1.x/core/units/helpers/site_helper.php	(.../site_helper.php)	(revision 13874)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: site_helper.php 13559 2010-05-12 09:36:46Z alex $
+* @version	$Id: site_helper.php 13874 2010-08-28 20:39:56Z alex $
 * @package	In-Portal
 * @copyright	Copyright (C) 1997 - 2010 Intechnic. All rights reserved.
 * @license      GNU/GPL
@@ -55,4 +55,91 @@
 
 			return $cache[$iso_code];
 		}
+
+		/**
+		 * Gets site domains from cache
+		 *
+		 * @return Array
+		 */
+		function getSiteDomains()
+		{
+			static $cache = null;
+
+			if (!isset($cache)) {
+				if ($this->Application->isCachingType(CACHING_TYPE_MEMORY)) {
+					$cache = $this->Application->getCache('master:domains_parsed', false);
+				}
+				else {
+					$cache = $this->Application->getDBCache('domains_parsed');
+				}
+
+				if ($cache) {
+					$cache = unserialize($cache);
+				}
+				else {
+					$sql = 'SELECT *
+							FROM ' . TABLE_PREFIX . 'SiteDomains
+							ORDER BY Priority DESC';
+					$cache = $this->Conn->Query($sql, 'DomainId');
+
+					if ($this->Application->isCachingType(CACHING_TYPE_MEMORY)) {
+						$this->Application->setCache('master:domains_parsed', serialize($cache));
+					}
+					else {
+						$this->Application->setDBCache('domains_parsed', serialize($cache));
+					}
+				}
+			}
+
+			return $cache;
+		}
+
+		/**
+		 * Try to match visited domain to any of existing
+		 *
+		 * @param string $field
+		 * @param string $value
+		 * @return int
+		 */
+		function getDomainByName($field, $value)
+		{
+			$site_domains = $this->getSiteDomains();
+			$name_fields = Array ('DomainName', 'SSLUrl');
+
+			foreach ($site_domains as $id => $site_domain) {
+				if ( in_array($field, $name_fields) ) {
+					if (!$site_domain[$field . 'UsesRegExp']) {
+						// not regular expression -> escape manually
+						$site_domain[$field] = preg_quote($site_domain[$field], '/');
+					}
+
+					if (preg_match('/^' . $site_domain[$field] . ($field == 'DomainName' ? '$' : '') . '/', $value)) {
+						return $id;
+					}
+				}
+				elseif ($site_domain[$field] == $value) {
+					return $id;
+				}
+			}
+
+			return false;
+		}
+
+		/**
+		 * Try to match domain settings based on visitor's IP address
+		 *
+		 * @return int
+		 */
+		function getDomainByIP()
+		{
+			$site_domains = $this->getSiteDomains();
+
+			foreach ($site_domains as $id => $site_domain) {
+				if (ipMatch($site_domain['DomainIPRange'], "\n")) {
+					return $id;
+				}
+			}
+
+			return false;
+		}
 	}
Index: branches/5.1.x/core/units/site_domains/site_domain_eh.php
===================================================================
diff -u -N -r13559 -r13874
--- branches/5.1.x/core/units/site_domains/site_domain_eh.php	(.../site_domain_eh.php)	(revision 13559)
+++ branches/5.1.x/core/units/site_domains/site_domain_eh.php	(.../site_domain_eh.php)	(revision 13874)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: site_domain_eh.php 13559 2010-05-12 09:36:46Z alex $
+* @version	$Id: site_domain_eh.php 13874 2010-08-28 20:39:56Z alex $
 * @package	In-Portal
 * @copyright	Copyright (C) 1997 - 2010 Intechnic. All rights reserved.
 * @license      GNU/GPL
@@ -56,10 +56,12 @@
 
 		function querySiteDomain($field, $value)
 		{
-			$site_domains = $this->getSiteDomains();
+			$site_helper =& $this->Application->recallObject('SiteHelper');
+			/* @var $site_helper SiteHelper */
 
-			$domain_by_name = $this->getDomainByName($field, $value);
-			$domain_by_ip = $this->getDomainByIP();
+			$site_domains = $site_helper->getSiteDomains();
+			$domain_by_name = $site_helper->getDomainByName($field, $value);
+			$domain_by_ip = $site_helper->getDomainByIP();
 
 			if ($domain_by_ip) {
 				$site_domain = $site_domains[$domain_by_ip];
@@ -95,50 +97,6 @@
 		}
 
 		/**
-		 * Try to match visited domain to any of existing
-		 *
-		 * @param string $field
-		 * @param string $value
-		 * @return int
-		 */
-		function getDomainByName($field, $value)
-		{
-			$site_domains = $this->getSiteDomains();
-			$name_fields = Array ('DomainName', 'SSLUrl');
-
-			foreach ($site_domains as $id => $site_domain) {
-				if (in_array($field, $name_fields) && $site_domain[$field . 'UsesRegExp']) {
-					if (preg_match('/^' . $site_domain[$field] . '$/', $value)) {
-						return $id;
-					}
-				}
-				elseif ($site_domain[$field] == $value) {
-					return $id;
-				}
-			}
-
-			return false;
-		}
-
-		/**
-		 * Try to match domain settings based on visitor's IP address
-		 *
-		 * @return int
-		 */
-		function getDomainByIP()
-		{
-			$site_domains = $this->getSiteDomains();
-
-			foreach ($site_domains as $id => $site_domain) {
-				if (ipMatch($site_domain['DomainIPRange'], "\n")) {
-					return $id;
-				}
-			}
-
-			return false;
-		}
-
-		/**
 		 * Load item if id is available
 		 *
 		 * @param kEvent $event
@@ -162,7 +120,10 @@
 				return ;
 			}
 
-			$site_domains = $this->getSiteDomains();
+			$site_helper =& $this->Application->recallObject('SiteHelper');
+			/* @var $site_helper SiteHelper */
+
+			$site_domains = $site_helper->getSiteDomains();
 			$domain_data = array_key_exists($id, $site_domains) ? $site_domains[$id] : false;
 
 			if ($object->LoadFromHash($domain_data)) {
@@ -174,42 +135,6 @@
 			}
 		}
 
-		function getSiteDomains()
-		{
-			static $cache = null;
-
-			if (!isset($cache)) {
-				if ($this->Application->isCachingType(CACHING_TYPE_MEMORY)) {
-					$cache = $this->Application->getCache('master:domains_parsed', false);
-				}
-				else {
-					$cache = $this->Application->getDBCache('domains_parsed');
-				}
-
-				if ($cache) {
-					$cache = unserialize($cache);
-				}
-				else {
-					$id_field = $this->Application->getUnitOption($this->Prefix, 'IDField');
-					$table_name = $this->Application->getUnitOption($this->Prefix, 'TableName');
-
-					$sql = 'SELECT *
-							FROM ' . $table_name . '
-							ORDER BY Priority DESC';
-					$cache = $this->Conn->Query($sql, $id_field);
-
-					if ($this->Application->isCachingType(CACHING_TYPE_MEMORY)) {
-						$this->Application->setCache('master:domains_parsed', serialize($cache));
-					}
-					else {
-						$this->Application->setDBCache('domains_parsed', serialize($cache));
-					}
-				}
-			}
-
-			return $cache;
-		}
-
 		/**
 		 * Removes In-Commerce related fields, when it's not installed
 		 *