Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-30613

$FULLME should not be used for https detection

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.2, 2.3
    • Fix Version/s: 2.2.1
    • Component/s: General
    • Labels:
    • Testing Instructions:
      Hide

      1/ make sure standard sites with adn without ssl work as before (test especially login with and without automatic guest login)
      2/ try sites with loginhttps
      3/ in head try LTI and gravatar on ssl sites

      Show
      1/ make sure standard sites with adn without ssl work as before (test especially login with and without automatic guest login) 2/ try sites with loginhttps 3/ in head try LTI and gravatar on ssl sites
    • Affected Branches:
      MOODLE_22_STABLE, MOODLE_23_STABLE
    • Fixed Branches:
      MOODLE_22_STABLE
    • Pull from Repository:
    • Pull Master Branch:
      w51_MDL-30613_m23_FULLME

      Description

      $FULLME ca not be used for https detection because it breaks ssl proxies, instead we must use $CFG->httpswwwroot.

      I am going to comment in the pagelib because it seems ppl copy pasted it from there - it is a special case and it is intentionally not compatible with ssl proxies...

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

              Hide
              skodak Petr Skoda added a comment - - edited

              oh! $FULLME is abused in so many places, since the introduction of $PAGE the only correct way to get current page url is $PAGE->url.

              Show
              skodak Petr Skoda added a comment - - edited oh! $FULLME is abused in so many places, since the introduction of $PAGE the only correct way to get current page url is $PAGE->url.
              Hide
              skodak Petr Skoda added a comment -

              To integrators: please note the patch for master contains changes for qualified_me() which may not be fully backwards compatible and may cause problems in scripts that do not set PAGE->url properly. I do not think it is necessary to backport anything to STABLE.

              Show
              skodak Petr Skoda added a comment - To integrators: please note the patch for master contains changes for qualified_me() which may not be fully backwards compatible and may cause problems in scripts that do not set PAGE->url properly. I do not think it is necessary to backport anything to STABLE.
              Hide
              nebgor Aparup Banerjee added a comment - - edited

              Holding this until "on-sync" weeks end.
              (also not sure what the bc issue is here, also at the time you commented, Petr, 2.2 was stable ?) (edit: anyway 2.2 is stable now)

              Show
              nebgor Aparup Banerjee added a comment - - edited Holding this until "on-sync" weeks end. (also not sure what the bc issue is here, also at the time you commented, Petr, 2.2 was stable ?) (edit: anyway 2.2 is stable now)
              Hide
              stronk7 Eloy Lafuente (stronk7) added a comment -

              The main moodle.git repository has just been updated with latest weekly modifications. You may wish to rebase your PULL branches to simplify history and avoid any possible merge conflicts. This would also make integrator's life easier next week.

              TIA and ciao

              Show
              stronk7 Eloy Lafuente (stronk7) added a comment - The main moodle.git repository has just been updated with latest weekly modifications. You may wish to rebase your PULL branches to simplify history and avoid any possible merge conflicts. This would also make integrator's life easier next week. TIA and ciao
              Hide
              skodak Petr Skoda added a comment -

              rebased, I have removed the extra changes from master and I will file a separate issue for more $FULLME cleanup in dev

              Show
              skodak Petr Skoda added a comment - rebased, I have removed the extra changes from master and I will file a separate issue for more $FULLME cleanup in dev
              Hide
              nebgor Aparup Banerjee added a comment -

              Thanks for that Petr, i've integrated your changes into master and synced into 2.2.x.

              Show
              nebgor Aparup Banerjee added a comment - Thanks for that Petr, i've integrated your changes into master and synced into 2.2.x.
              Hide
              nebgor Aparup Banerjee added a comment -

              added docs_required label

              Show
              nebgor Aparup Banerjee added a comment - added docs_required label
              Hide
              rajeshtaneja Rajesh Taneja added a comment -

              Thanks for fixing this, Petr
              Have tested this with gravatar and loginhttps.

              Show
              rajeshtaneja Rajesh Taneja added a comment - Thanks for fixing this, Petr Have tested this with gravatar and loginhttps.
              Hide
              stronk7 Eloy Lafuente (stronk7) added a comment -

              Whoever decided one week was worth 14 days had really one bad idea. Anyway, the nightmare is over, so thanks for your, once again, amazing contributions. Many, many thanks!

              Now... disconnect, relax and enjoy the next days, yay!

              Closing...ciao

              Show
              stronk7 Eloy Lafuente (stronk7) added a comment - Whoever decided one week was worth 14 days had really one bad idea. Anyway, the nightmare is over, so thanks for your, once again, amazing contributions. Many, many thanks! Now... disconnect, relax and enjoy the next days, yay! Closing...ciao
              Hide
              tsala Helen Foster added a comment -

              Please could anyone give a simple explanation of this issue so I can mention it in Moodle Docs.

              Show
              tsala Helen Foster added a comment - Please could anyone give a simple explanation of this issue so I can mention it in Moodle Docs.
              Hide
              rajeshtaneja Rajesh Taneja added a comment -

              Hello Helen,

              While decrypting site, IE show error if information is being loaded from HTTPS and HTTP site.
              Like in case of recaptcha, moodle use google recaptcha, so if moodle is served from HTTPS server, then it should use https://www.google.com/recaptcha/admin/create and not http://www.google.com/recaptcha/admin/create to show recaptcha.

              Correct way to figure out how moodle installation is hosted is to check $CFG->httpswwwroot, but in some places we were using $CFG->FULLME.
              Hope this helps.

              Show
              rajeshtaneja Rajesh Taneja added a comment - Hello Helen, While decrypting site, IE show error if information is being loaded from HTTPS and HTTP site. Like in case of recaptcha, moodle use google recaptcha, so if moodle is served from HTTPS server, then it should use https://www.google.com/recaptcha/admin/create and not http://www.google.com/recaptcha/admin/create to show recaptcha. Correct way to figure out how moodle installation is hosted is to check $CFG->httpswwwroot, but in some places we were using $CFG->FULLME. Hope this helps.
              Hide
              tsala Helen Foster added a comment -

              Thanks Raj, just changing the label to dev_docs_required!

              Show
              tsala Helen Foster added a comment - Thanks Raj, just changing the label to dev_docs_required!

                People

                • Votes:
                  1 Vote for this issue
                  Watchers:
                  2 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:
                    Fix Release Date:
                    9/Jan/12