Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-13665

HTML editor is loaded as non-secure on the secure "Add new user" form

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Minor
    • Resolution: Fixed
    • 1.9
    • 1.9
    • HTML Editor (TinyMCE)
    • None
    • Using SSL
    • MOODLE_19_STABLE
    • MOODLE_19_STABLE

    Description

      There is a bug in /lib/weblib.php that causes the HTML editor script (/lib/editor/htmlarea/htmlarea.php) to be loaded using http: even when the page it is loaded into is using https:

      An example is the "Add new user" form: /user/editadvanced.php

      When SSL is turned on, this page gives a warning in IE6: "This page contains both secure and nonsecure items." If the user chooses not to load the non-secure items, as they might well be advised to, the HTML editor does not load.

      The reason is that htmlarea.php is not getting the "httpsrequired" parameter it needs to know that SSL is being used. This in turn is caused by the use of "&t;" instead of "&" in the query string sent to htmlarea.php.

      The bug therefore is on line 4836 of /lib/weblib.php.

      $httpsrequired = empty($HTTPSPAGEREQUIRED) ? '' : '&t;httpsrequired=1';

      should read

      $httpsrequired = empty($HTTPSPAGEREQUIRED) ? '' : '&httpsrequired=1';

      Attachments

        Issue Links

          Activity

            People

              skodak Petr Skoda
              daveyboond Steve Bond
              David Woloszyn, Huong Nguyen, Jake Dallimore, Meirza, Michael Hawkins, Raquel Ortega, Safat Shahin, Stevani Andolo
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:
                3/Mar/08