[MDL-13665] HTML editor is loaded as non-secure on the secure "Add new user" form - Moodle Tracker

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 1.9
Fix Version/s: 1.9
Component/s: HTML Editor (TinyMCE)
Labels:
None
Environment:
Using SSL

Affected Branches:
MOODLE_19_STABLE
Fixed Branches:
MOODLE_19_STABLE

Description

There is a bug in /lib/weblib.php that causes the HTML editor script (/lib/editor/htmlarea/htmlarea.php) to be loaded using http: even when the page it is loaded into is using https:

An example is the "Add new user" form: /user/editadvanced.php

When SSL is turned on, this page gives a warning in IE6: "This page contains both secure and nonsecure items." If the user chooses not to load the non-secure items, as they might well be advised to, the HTML editor does not load.

The reason is that htmlarea.php is not getting the "httpsrequired" parameter it needs to know that SSL is being used. This in turn is caused by the use of "&t;" instead of "&" in the query string sent to htmlarea.php.

The bug therefore is on line 4836 of /lib/weblib.php.

$httpsrequired = empty($HTTPSPAGEREQUIRED) ? '' : '&t;httpsrequired=1';

should read

$httpsrequired = empty($HTTPSPAGEREQUIRED) ? '' : '&httpsrequired=1';

Attachments

Issue Links

will help resolve

MDL-8592 HTML editor spell checker won't work on edit profile page referenced through https

Closed

Activity

People

Assignee:: Petr Skoda

Reporter:: Steve Bond

Participants:: Anthony Borrow, Chris Fryer, Petr Skoda, Steve Bond

Component watchers:: David Woloszyn, Huong Nguyen, Jake Dallimore, Meirza, Michael Hawkins, Raquel Ortega, Safat Shahin, Stevani Andolo

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 26/Feb/08 11:34 AM

Updated:: 17/Dec/10 9:04 PM

Resolved:: 26/Feb/08 2:40 PM

Fix Release Date:: 3/Mar/08