Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-21992

Custom Scripts doesn't work with HTTPS (SSL)


    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 1.9.8, 2.0, 2.2.1
    • Fix Version/s: 2.2.2, 2.3
    • Component/s: General, Libraries
    • Labels:
    • Environment:
      Moodle with loginhttps turned on


      Here is an illustrative example:

      • The first thing almost any moodle script does is require config.php. This one then requires lib/setup.php, which, almost in the end, calls custom_script_path() (that is defined in lib/moodlelib.php) because you are using custom scripts. Inside custom_script_path() we can see a call to qualifie_me(), that tests if the server has https enabled (testing $_SERVER['HTTPS']) nad returns a URL beginning with "https://" if true and beginning with "http://" otherwise. This url is tested against $CFG->wwwroot, because at this point we don't have $CFG->httpswwwroot , because the function httpsrequired() is called by each script only after requiring the needed libraries. As we are using "https"-beginning URLs, the check fails, the function returns false and the custom script is not imported.

      Looking more carefully at the function custom_script_path(), i think i shouldn't care about the URL. It just need to know which script is being called (that can be acquired with the function me() instead of qualified_me()) , concatenate it after $CFG->customscripts and proceed with the othe checks. This also removes the need for the param $urlpath, also because this function is called on in lib/setup.php . Above is the patch to do this.

      diff --git a/lib/moodlelib.php b/lib/moodlelib.php
      index bc6b22d..4a9f599 100644
      --- a/lib/moodlelib.php
      +++ b/lib/moodlelib.php
      @@ -8318,25 +8318,13 @@ function object_property_exists( $obj, $property ) {
        * Detect a custom script replacement in the data directory that will
        * replace an existing moodle script
      - * @param string $urlpath path to the original script
        * @return string full path name if a custom script exists
        * @return bool false if no custom script exists
      -function custom_script_path($urlpath='') {
      +function custom_script_path() {
           global $CFG;
      -    // set default $urlpath, if necessary
      -    if (empty($urlpath)) {
      -        $urlpath = qualified_me(); // e.g. http://www.this-server.com/moodle/this-script.php
      -    }
      -    // $urlpath is invalid if it is empty or does not start with the Moodle wwwroot
      -    if (empty($urlpath) or (strpos($urlpath, $CFG->wwwroot) === false )) {
      -        return false;
      -    }
      -    // replace wwwroot with the path to the customscripts folder and clean path
      -    $scriptpath = $CFG->customscripts . clean_param(substr($urlpath, strlen($CFG->wwwroot)), PARAM_PATH);
      +    $scriptpath = $CFG->customscripts . clean_param(me(), PARAM_PATH);
           // remove the query string, if any
           if (($strpos = strpos($scriptpath, '?')) !== false) {

        Gliffy Diagrams


          1. login.tgz
            3 kB
          2. mdl21992.diff
            1 kB
          3. mdl-21992.patch
            1 kB
          4. mdl21992.v2.diff
            1 kB
          5. var_dump.png
            201 kB



              • Votes:
                0 Vote for this issue
                4 Start watching this issue


                • Created:
                  Fix Release Date: