Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-30613

$FULLME should not be used for https detection

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.2, 2.3
    • Fix Version/s: 2.2.1
    • Component/s: General
    • Labels:
    • Testing Instructions:
      Hide

      1/ make sure standard sites with adn without ssl work as before (test especially login with and without automatic guest login)
      2/ try sites with loginhttps
      3/ in head try LTI and gravatar on ssl sites

      Show
      1/ make sure standard sites with adn without ssl work as before (test especially login with and without automatic guest login) 2/ try sites with loginhttps 3/ in head try LTI and gravatar on ssl sites
    • Affected Branches:
      MOODLE_22_STABLE, MOODLE_23_STABLE
    • Fixed Branches:
      MOODLE_22_STABLE
    • Pull from Repository:
    • Pull Master Branch:
      w51_MDL-30613_m23_FULLME

      Description

      $FULLME ca not be used for https detection because it breaks ssl proxies, instead we must use $CFG->httpswwwroot.

      I am going to comment in the pagelib because it seems ppl copy pasted it from there - it is a special case and it is intentionally not compatible with ssl proxies...

        Gliffy Diagrams

          Issue Links

            Activity

            Hide
            skodak Petr Skoda added a comment - - edited

            oh! $FULLME is abused in so many places, since the introduction of $PAGE the only correct way to get current page url is $PAGE->url.

            Show
            skodak Petr Skoda added a comment - - edited oh! $FULLME is abused in so many places, since the introduction of $PAGE the only correct way to get current page url is $PAGE->url.
            Hide
            skodak Petr Skoda added a comment -

            To integrators: please note the patch for master contains changes for qualified_me() which may not be fully backwards compatible and may cause problems in scripts that do not set PAGE->url properly. I do not think it is necessary to backport anything to STABLE.

            Show
            skodak Petr Skoda added a comment - To integrators: please note the patch for master contains changes for qualified_me() which may not be fully backwards compatible and may cause problems in scripts that do not set PAGE->url properly. I do not think it is necessary to backport anything to STABLE.
            Hide
            nebgor Aparup Banerjee added a comment - - edited

            Holding this until "on-sync" weeks end.
            (also not sure what the bc issue is here, also at the time you commented, Petr, 2.2 was stable ?) (edit: anyway 2.2 is stable now)

            Show
            nebgor Aparup Banerjee added a comment - - edited Holding this until "on-sync" weeks end. (also not sure what the bc issue is here, also at the time you commented, Petr, 2.2 was stable ?) (edit: anyway 2.2 is stable now)
            Hide
            stronk7 Eloy Lafuente (stronk7) added a comment -

            The main moodle.git repository has just been updated with latest weekly modifications. You may wish to rebase your PULL branches to simplify history and avoid any possible merge conflicts. This would also make integrator's life easier next week.

            TIA and ciao

            Show
            stronk7 Eloy Lafuente (stronk7) added a comment - The main moodle.git repository has just been updated with latest weekly modifications. You may wish to rebase your PULL branches to simplify history and avoid any possible merge conflicts. This would also make integrator's life easier next week. TIA and ciao
            Hide
            skodak Petr Skoda added a comment -

            rebased, I have removed the extra changes from master and I will file a separate issue for more $FULLME cleanup in dev

            Show
            skodak Petr Skoda added a comment - rebased, I have removed the extra changes from master and I will file a separate issue for more $FULLME cleanup in dev
            Hide
            nebgor Aparup Banerjee added a comment -

            Thanks for that Petr, i've integrated your changes into master and synced into 2.2.x.

            Show
            nebgor Aparup Banerjee added a comment - Thanks for that Petr, i've integrated your changes into master and synced into 2.2.x.
            Hide
            nebgor Aparup Banerjee added a comment -

            added docs_required label

            Show
            nebgor Aparup Banerjee added a comment - added docs_required label
            Hide
            rajeshtaneja Rajesh Taneja added a comment -

            Thanks for fixing this, Petr
            Have tested this with gravatar and loginhttps.

            Show
            rajeshtaneja Rajesh Taneja added a comment - Thanks for fixing this, Petr Have tested this with gravatar and loginhttps.
            Hide
            stronk7 Eloy Lafuente (stronk7) added a comment -

            Whoever decided one week was worth 14 days had really one bad idea. Anyway, the nightmare is over, so thanks for your, once again, amazing contributions. Many, many thanks!

            Now... disconnect, relax and enjoy the next days, yay!

            Closing...ciao

            Show
            stronk7 Eloy Lafuente (stronk7) added a comment - Whoever decided one week was worth 14 days had really one bad idea. Anyway, the nightmare is over, so thanks for your, once again, amazing contributions. Many, many thanks! Now... disconnect, relax and enjoy the next days, yay! Closing...ciao
            Hide
            tsala Helen Foster added a comment -

            Please could anyone give a simple explanation of this issue so I can mention it in Moodle Docs.

            Show
            tsala Helen Foster added a comment - Please could anyone give a simple explanation of this issue so I can mention it in Moodle Docs.
            Hide
            rajeshtaneja Rajesh Taneja added a comment -

            Hello Helen,

            While decrypting site, IE show error if information is being loaded from HTTPS and HTTP site.
            Like in case of recaptcha, moodle use google recaptcha, so if moodle is served from HTTPS server, then it should use https://www.google.com/recaptcha/admin/create and not http://www.google.com/recaptcha/admin/create to show recaptcha.

            Correct way to figure out how moodle installation is hosted is to check $CFG->httpswwwroot, but in some places we were using $CFG->FULLME.
            Hope this helps.

            Show
            rajeshtaneja Rajesh Taneja added a comment - Hello Helen, While decrypting site, IE show error if information is being loaded from HTTPS and HTTP site. Like in case of recaptcha, moodle use google recaptcha, so if moodle is served from HTTPS server, then it should use https://www.google.com/recaptcha/admin/create and not http://www.google.com/recaptcha/admin/create to show recaptcha. Correct way to figure out how moodle installation is hosted is to check $CFG->httpswwwroot, but in some places we were using $CFG->FULLME. Hope this helps.
            Hide
            tsala Helen Foster added a comment -

            Thanks Raj, just changing the label to dev_docs_required!

            Show
            tsala Helen Foster added a comment - Thanks Raj, just changing the label to dev_docs_required!

              People

              • Votes:
                1 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Fix Release Date:
                  9/Jan/12