Moodle
  1. Moodle
  2. MDL-30613

$FULLME should not be used for https detection

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 2.2, 2.3
    • Fix Version/s: 2.2.1
    • Component/s: General
    • Labels:
    • Testing Instructions:
      Hide

      1/ make sure standard sites with adn without ssl work as before (test especially login with and without automatic guest login)
      2/ try sites with loginhttps
      3/ in head try LTI and gravatar on ssl sites

      Show
      1/ make sure standard sites with adn without ssl work as before (test especially login with and without automatic guest login) 2/ try sites with loginhttps 3/ in head try LTI and gravatar on ssl sites
    • Affected Branches:
      MOODLE_22_STABLE, MOODLE_23_STABLE
    • Fixed Branches:
      MOODLE_22_STABLE
    • Pull from Repository:
    • Pull Master Branch:
      w51_MDL-30613_m23_FULLME
    • Rank:
      33417

      Description

      $FULLME ca not be used for https detection because it breaks ssl proxies, instead we must use $CFG->httpswwwroot.

      I am going to comment in the pagelib because it seems ppl copy pasted it from there - it is a special case and it is intentionally not compatible with ssl proxies...

        Issue Links

          Activity

          Hide
          Petr Škoda added a comment - - edited

          oh! $FULLME is abused in so many places, since the introduction of $PAGE the only correct way to get current page url is $PAGE->url.

          Show
          Petr Škoda added a comment - - edited oh! $FULLME is abused in so many places, since the introduction of $PAGE the only correct way to get current page url is $PAGE->url.
          Hide
          Petr Škoda added a comment -

          To integrators: please note the patch for master contains changes for qualified_me() which may not be fully backwards compatible and may cause problems in scripts that do not set PAGE->url properly. I do not think it is necessary to backport anything to STABLE.

          Show
          Petr Škoda added a comment - To integrators: please note the patch for master contains changes for qualified_me() which may not be fully backwards compatible and may cause problems in scripts that do not set PAGE->url properly. I do not think it is necessary to backport anything to STABLE.
          Hide
          Aparup Banerjee added a comment - - edited

          Holding this until "on-sync" weeks end.
          (also not sure what the bc issue is here, also at the time you commented, Petr, 2.2 was stable ?) (edit: anyway 2.2 is stable now)

          Show
          Aparup Banerjee added a comment - - edited Holding this until "on-sync" weeks end. (also not sure what the bc issue is here, also at the time you commented, Petr, 2.2 was stable ?) (edit: anyway 2.2 is stable now)
          Hide
          Eloy Lafuente (stronk7) added a comment -

          The main moodle.git repository has just been updated with latest weekly modifications. You may wish to rebase your PULL branches to simplify history and avoid any possible merge conflicts. This would also make integrator's life easier next week.

          TIA and ciao

          Show
          Eloy Lafuente (stronk7) added a comment - The main moodle.git repository has just been updated with latest weekly modifications. You may wish to rebase your PULL branches to simplify history and avoid any possible merge conflicts. This would also make integrator's life easier next week. TIA and ciao
          Hide
          Petr Škoda added a comment -

          rebased, I have removed the extra changes from master and I will file a separate issue for more $FULLME cleanup in dev

          Show
          Petr Škoda added a comment - rebased, I have removed the extra changes from master and I will file a separate issue for more $FULLME cleanup in dev
          Hide
          Aparup Banerjee added a comment -

          Thanks for that Petr, i've integrated your changes into master and synced into 2.2.x.

          Show
          Aparup Banerjee added a comment - Thanks for that Petr, i've integrated your changes into master and synced into 2.2.x.
          Hide
          Aparup Banerjee added a comment -

          added docs_required label

          Show
          Aparup Banerjee added a comment - added docs_required label
          Hide
          Rajesh Taneja added a comment -

          Thanks for fixing this, Petr
          Have tested this with gravatar and loginhttps.

          Show
          Rajesh Taneja added a comment - Thanks for fixing this, Petr Have tested this with gravatar and loginhttps.
          Hide
          Eloy Lafuente (stronk7) added a comment -

          Whoever decided one week was worth 14 days had really one bad idea. Anyway, the nightmare is over, so thanks for your, once again, amazing contributions. Many, many thanks!

          Now... disconnect, relax and enjoy the next days, yay!

          Closing...ciao

          Show
          Eloy Lafuente (stronk7) added a comment - Whoever decided one week was worth 14 days had really one bad idea. Anyway, the nightmare is over, so thanks for your, once again, amazing contributions. Many, many thanks! Now... disconnect, relax and enjoy the next days, yay! Closing...ciao
          Hide
          Helen Foster added a comment -

          Please could anyone give a simple explanation of this issue so I can mention it in Moodle Docs.

          Show
          Helen Foster added a comment - Please could anyone give a simple explanation of this issue so I can mention it in Moodle Docs.
          Hide
          Rajesh Taneja added a comment -

          Hello Helen,

          While decrypting site, IE show error if information is being loaded from HTTPS and HTTP site.
          Like in case of recaptcha, moodle use google recaptcha, so if moodle is served from HTTPS server, then it should use https://www.google.com/recaptcha/admin/create and not http://www.google.com/recaptcha/admin/create to show recaptcha.

          Correct way to figure out how moodle installation is hosted is to check $CFG->httpswwwroot, but in some places we were using $CFG->FULLME.
          Hope this helps.

          Show
          Rajesh Taneja added a comment - Hello Helen, While decrypting site, IE show error if information is being loaded from HTTPS and HTTP site. Like in case of recaptcha, moodle use google recaptcha, so if moodle is served from HTTPS server, then it should use https://www.google.com/recaptcha/admin/create and not http://www.google.com/recaptcha/admin/create to show recaptcha. Correct way to figure out how moodle installation is hosted is to check $CFG->httpswwwroot, but in some places we were using $CFG->FULLME. Hope this helps.
          Hide
          Helen Foster added a comment -

          Thanks Raj, just changing the label to dev_docs_required!

          Show
          Helen Foster added a comment - Thanks Raj, just changing the label to dev_docs_required!

            People

            • Votes:
              1 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: