Index: includes/authorize.inc =================================================================== RCS file: /Users/wright/drupal/local_repo/drupal/includes/authorize.inc,v retrieving revision 1.2 diff -u -p -r1.2 authorize.inc --- includes/authorize.inc 22 Oct 2009 00:52:03 -0000 1.2 +++ includes/authorize.inc 26 Oct 2009 21:46:40 -0000 @@ -10,10 +10,11 @@ * Build the form for choosing a FileTransfer type and supplying credentials. */ function authorize_filetransfer_form($form_state) { - global $base_url; + global $base_url, $is_https; $form = array(); - $form['#action'] = $base_url . '/authorize.php'; + $form['#action'] = url('authorize.php', array('https' => TRUE)); + // CSS we depend on lives in modules/system/maintenance.css, which is loaded // via the default maintenance theme. $form['#attached']['js'][] = $base_url . '/misc/authorize.js'; @@ -26,6 +27,16 @@ function authorize_filetransfer_form($fo $available_backends = $_SESSION['authorize_filetransfer_backends']; uasort($available_backends, 'drupal_sort_weight'); + if (!$is_https) { + if (isset($available_backends['ssh']) && (variable_get('allow_ssh_authorization_over_http', FALSE) == FALSE)) { + drupal_set_message(t('WARNING: you are not using an encrypted connection via https, so your password will be sent in plain text over the network. The SSH backend was disabled to protect the integrity of your password.'), 'error'); + unset($available_backends['ssh']); + } + else { + drupal_set_message(t('WARNING: you are not using an encrypted connection via https, so your password will be sent in plain text over the network.'), 'error'); + } + } + // Decide on a default backend. if (isset($form_state['values']['connection_settings']['authorize_filetransfer_default'])) { $authorize_filetransfer_default = $form_state['values']['connection_settings']['authorize_filetransfer_default']; Index: modules/system/system.module =================================================================== RCS file: /Users/wright/drupal/local_repo/drupal/modules/system/system.module,v retrieving revision 1.826 diff -u -p -r1.826 system.module --- modules/system/system.module 25 Oct 2009 19:52:47 -0000 1.826 +++ modules/system/system.module 26 Oct 2009 21:40:19 -0000 @@ -1492,7 +1492,7 @@ function system_run_authorized($callback } // Finally, redirect to authorize.php. - drupal_goto($base_url . '/authorize.php'); + drupal_goto(url('authorize.php', array('https' => TRUE))); } /** Index: modules/update/update.authorize.inc =================================================================== RCS file: /Users/wright/drupal/local_repo/drupal/modules/update/update.authorize.inc,v retrieving revision 1.2 diff -u -p -r1.2 update.authorize.inc --- modules/update/update.authorize.inc 22 Oct 2009 00:52:03 -0000 1.2 +++ modules/update/update.authorize.inc 26 Oct 2009 21:40:19 -0000 @@ -49,7 +49,7 @@ function update_authorize_run_update($fi batch_set($batch); // Invoke the batch via authorize.php. - batch_process($base_url . '/authorize.php', $base_url . '/authorize.php?batch=1'); + batch_process(url('authorize.php', array('https' => TRUE)), url('authorize.php', array('https' => TRUE, 'query' => array('batch' => 1)))); } /** @@ -91,8 +91,7 @@ function update_authorize_run_install($f batch_set($batch); // Invoke the batch via authorize.php. - batch_process($base_url . '/authorize.php', $base_url . '/authorize.php?batch=1'); - + batch_process(url('authorize.php', array('https' => TRUE)), url('authorize.php', array('https' => TRUE, 'query' => array('batch' => 1)))); } /**