Loading...

XML

Word

Printable

Affected Branches:
MOODLE_27_STABLE, MOODLE_29_STABLE, MOODLE_30_STABLE, MOODLE_31_STABLE
Fixed Branches:
MOODLE_27_STABLE, MOODLE_29_STABLE, MOODLE_30_STABLE, MOODLE_31_STABLE
Pull from Repository:
https://github.com/snake/moodle.git
Pull Main Branch:
~~MDL-55945~~-master
Pull Main Diff URL:
https://github.com/moodle/moodle/compare/034408220...snake:MDL-55945-master
Testing Instructions:
Hide

Set up https on your local server. If using ubuntu/apache, you can follow the guide here. Confirm that you can access a test file on localhost over https (not your Moodle install, which will probably redirect) before proceeding.

Enable httpslogin in Moodle (Site admin > Security > HTTP security)

Run through the testing instructions in MDL-50803 and confirm that everything works as expected over https.
Show
Set up https on your local server. If using ubuntu/apache, you can follow the guide here . Confirm that you can access a test file on localhost over https (not your Moodle install, which will probably redirect) before proceeding. Enable httpslogin in Moodle (Site admin > Security > HTTP security) Run through the testing instructions in MDL-50803 and confirm that everything works as expected over https.

Reported here. Looks like I missed https support in my patch for MDL-50803.

Suggested patch:
change:

redirect($CFG->wwwroot . '/login/forgot_password.php');

to:

if ($CFG->loginhttps) {

    redirect($CFG->httpswwwroot . '/login/forgot_password.php');

} else {

    redirect($CFG->wwwroot . '/login/forgot_password.php');

has been marked as being related by

MDL-42834 Deprecate loginhttps

is duplicated by

MDL-55949 Incorrect redirect after clicking on forget password reset link from email

Participants:: CiBoT, Dan Poltawski, David Monllaó, Jake Dallimore, Mark Nelson, Martin Millmore