Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-13665

HTML editor is loaded as non-secure on the secure "Add new user" form

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 1.9
    • Fix Version/s: 1.9
    • Component/s: HTML Editor (TinyMCE)
    • Labels:
      None
    • Environment:
      Using SSL
    • Affected Branches:
      MOODLE_19_STABLE
    • Fixed Branches:
      MOODLE_19_STABLE

      Description

      There is a bug in /lib/weblib.php that causes the HTML editor script (/lib/editor/htmlarea/htmlarea.php) to be loaded using http: even when the page it is loaded into is using https:

      An example is the "Add new user" form: /user/editadvanced.php

      When SSL is turned on, this page gives a warning in IE6: "This page contains both secure and nonsecure items." If the user chooses not to load the non-secure items, as they might well be advised to, the HTML editor does not load.

      The reason is that htmlarea.php is not getting the "httpsrequired" parameter it needs to know that SSL is being used. This in turn is caused by the use of "&t;" instead of "&" in the query string sent to htmlarea.php.

      The bug therefore is on line 4836 of /lib/weblib.php.

      $httpsrequired = empty($HTTPSPAGEREQUIRED) ? '' : '&t;httpsrequired=1';

      should read

      $httpsrequired = empty($HTTPSPAGEREQUIRED) ? '' : '&httpsrequired=1';

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Fix Release Date:
                  3/Mar/08