Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-13665

HTML editor is loaded as non-secure on the secure "Add new user" form

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Minor Minor
    • 1.9
    • 1.9
    • Text editor TinyMCE
    • None
    • Using SSL
    • MOODLE_19_STABLE
    • MOODLE_19_STABLE

      There is a bug in /lib/weblib.php that causes the HTML editor script (/lib/editor/htmlarea/htmlarea.php) to be loaded using http: even when the page it is loaded into is using https:

      An example is the "Add new user" form: /user/editadvanced.php

      When SSL is turned on, this page gives a warning in IE6: "This page contains both secure and nonsecure items." If the user chooses not to load the non-secure items, as they might well be advised to, the HTML editor does not load.

      The reason is that htmlarea.php is not getting the "httpsrequired" parameter it needs to know that SSL is being used. This in turn is caused by the use of "&t;" instead of "&" in the query string sent to htmlarea.php.

      The bug therefore is on line 4836 of /lib/weblib.php.

      $httpsrequired = empty($HTTPSPAGEREQUIRED) ? '' : '&t;httpsrequired=1';

      should read

      $httpsrequired = empty($HTTPSPAGEREQUIRED) ? '' : '&httpsrequired=1';

            skodak Petr Skoda
            daveyboond Steve Bond
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved:

                Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.