Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-60055

Filters converting links to embedded contents (i.e. mediaplugin) must be smarter for https sites

    XMLWordPrintable

Details

    • Improvement
    • Status: Closed
    • Minor
    • Resolution: Won't Do
    • 3.4
    • None
    • Filters, Media
    • MOODLE_34_STABLE

    Description

      This issue is part of the series of issues encouraging sites to migrate to SSL and make their sites secure. Loginhttps does NOT make sites secure and will be removed soon (MDL-42834)

      Using the tool added in MDL-46269 site admins can convert links to embedded content (such <img>, <video>, <audio>, <iframe>, <embed>) from http to https .

      However some filters (including standard plugin filter_mediaplugin) convert links to embedded content on-the-fly. tool_httpsreplace will not pick up these links and convert them.
      Filters have to make sure that they never create embedded content pointing to http:// on https site

      Suggested solution (please edit later if the actual solution is different):

      1. When $CFG->wwwroot has https:// and the URL in question is http://
        • if the URL can be substituted with https substitute it and proceed with normal filter behavior
        • If it can not be substituted - leave it as a link and add a CSS class to the link, something like "non_secure_resource" (please correct) . Add a rule to show red exclamation mark and maybe a help why it is not converted. Otherwise teachers will keep asking why some links are converted and some not.
      2. In other cases proceed with normal filter behavior

      This is where we might need a core API (with caching!) that checks if https://site.com is accessible similar to how tool_httpsreplace does it. We might need to change the code in tool_httpsreplace that calls curl::get_info() to use this API as well.

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              marina Marina Glancy
              David Woloszyn, Huong Nguyen, Jake Dallimore, Meirza, Michael Hawkins, Raquel Ortega, Safat Shahin, Stevani Andolo, David Woloszyn, Huong Nguyen, Jake Dallimore, Meirza, Michael Hawkins, Raquel Ortega, Safat Shahin, Stevani Andolo
              Votes:
              1 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: