[MDL-53901] redirect on failed login under HTTPS for login goes to HTTP url - Moodle Tracker

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 2.9.5, 3.0
Fix Version/s: 2.9.6, 3.0.4
Component/s: Authentication
Labels:
- ci
- partner
- patch
- triaged

Testing Instructions:

Hide

Setup apache to serve both http and https.

Enable loginhttps config setting.

Break the configuration for the http side (e.g. set documentroot somewhere else)

Go to the https login page and enter a wrong username/password.

Verify you are redirected back to the login page without going through the http site.

Show
Setup apache to serve both http and https. Enable loginhttps config setting. Break the configuration for the http side (e.g. set documentroot somewhere else) Go to the https login page and enter a wrong username/password. Verify you are redirected back to the login page without going through the http site.
Affected Branches:
MOODLE_29_STABLE, MOODLE_30_STABLE
Fixed Branches:
MOODLE_29_STABLE, MOODLE_30_STABLE
Pull from Repository:
git://github.com/damyon/moodle.git
Pull Master Branch:
~~MDL-53901~~-master
Pull Master Diff URL:
https://github.com/damyon/moodle/compare/3219a45...MDL-53901-master

Description

When the site is using HTTPS for logins, if the user passes an incorrrect password or some other error is generated on login the login/index.php file redirects the user to a HTTP URL. The site then, because of the use HTTPS for login, redirects the user again to the HTTPS URL for login.

This is being caused by the redirect in line 355 (in Moodle 2.9) of login/index.php

{quote}} else if ($errormsg or !empty($frm->password)) {
// We must redirect after every password submission.
if ($errormsg)

{ $SESSION->loginerrormsg = $errormsg; }

redirect(new moodle_url('/login/index.php'));
}

If this is changed to:

redirect(new moodle_url($CFG->httpswwwroot . '/login/index.php');

this fixes the double redirect. This is already used in several places in the file.

Attachments

Activity

People

Assignee:

Unassigned

Reporter:

Derick Turner

Peer reviewer:

Damyon Wiese

Integrator:

David Monllaó

Tester:

Adrian Greeve

Participants:

Adrian Greeve, CiBoT, Damyon Wiese, Dan Poltawski, David Monllaó, Derick Turner, Marina Glancy

Component watchers:

Jake Dallimore, Jun Pataleta

Votes:

1 Vote for this issue

Watchers:

4 Start watching this issue

Dates

Created:

22/Apr/16 3:44 AM

Updated:

04/May/16 2:24 PM

Resolved:

04/May/16 2:24 PM

Fix Release Date:

9/May/16